jcreel
commented
1 year ago Fixed with https://github.com/TAMULib/Weaver-UI-Core/pull/218. Thanks, Kevin.
Closed kaladay closed 1 year ago
jcreel
commented
1 year ago Fixed with https://github.com/TAMULib/Weaver-UI-Core/pull/218. Thanks, Kevin.
Describe the bug A bug where the token is created while user is anonymous was exposed and observed while resolving https://github.com/TAMULib/Weaver-UI-Core/issues/217.
A valid token gets generated. Something went wrong with the process and the authentication fails. An error gets stuck on the screen no matter how many page refreshes so long as the token cookie exists and the user is anonymous (has
ROLE_ANONYMOUS).The immediately implemented solution has been to delete the token on login problems.
This is either a bug such that the error message is being displayed and should not when a token is created. In this case the functionality for keeping the token for anonymous users should be removed.
Or this is an incomplete feature that needs to be completed. If this is an incomplete feature, then the solution linked above would also need to be removed. The feature should assure that an error message does not appear when an user with
ROLE_ANONYMOUShas a token. Additional work is necessary in regards to when authentication doesn't fully complete but a token exists. In this case a token is probably invalid. This needs consideration.Treating this as a bug and not maintaining the token might be the simplest and shortest route to resolution of this issue.
This might need to be solved in or require changes in weaver-webservice-core.
To Reproduce Steps to reproduce the behavior:
AUTH_SERVICE_URL=https://labs.library.tamu.edu/authfixon a project, such as SAGE.Expected behavior No error appears and:
Additional context see: https://github.com/TAMULib/SAGE/blob/main/src/main/java/edu/tamu/sage/auth/service/AppUserCredentialsService.java#L17