Impossible to logout properly.

[ronycohen]

Hello,

When I try to logout the server answers :

I have a session in the localStorage. {"issued":1449071790342,"expires":1449762990342,"provider":"local","ip":"::ffff:127.0.0.1","token":"_","password":"__","userid":"******","roles":["roles","admin"],"userDBs":{"appglobal":"https://***:***@***_**.cloudant.com/GLOBALNAME","_":"https://*****:*****@****.cloudant.com/DBNAME"},"serverTimeDiff":-1673}

Did I missed something ?

            logOut : function(){
                console.log("superlogin logOut");
                var deferred = $q.defer();
       superlogin.logout("Bye !")
                        .then(function(res){
                            console.log("logout",res);
                        })
                        .catch(function(e){
                            console.error(e);
                        });

app-1 POST /auth/login 200 4185.147 ms - 659 app-1 OPTIONS /auth/logout 200 0.836 ms - 4 app-1 { error: 'unauthorized', status: 401 }

[ronycohen]

{"error":"unauthorized","status":401}

[ronycohen]

logout: function(msg) {
              return $http.post(superloginSession.getConfig().baseUrl + 'logout', {})   <=== HERE 
                  .then(function(res) {
                    console.log("logout Superlogin", res);
                    superloginSession.deleteSession();
                    $rootScope.$broadcast('sl:logout', msg || 'Logged out');
                    return $q.when(res.data);
                  }, function(err) {
                    console.error("logout Superlogin err", err);
                    superloginSession.deleteSession();
                    $rootScope.$broadcast('sl:logout', msg || 'Logged out');
                    return $q.reject(err.data);
                  });
            },

Do we need to add the session ID there ? (<====).

[colinskow]

The $http interceptor should automatically insert the session id into the request, so there is no need to do it manually. Are you getting this same error with SuperLogin Demo?

[ronycohen]

Long time no use the Demo. I can retry with it.

[colinskow]

It works perfectly for me. If SuperLogin is throwing an unauthorized error, it is because the session has already been logged out somehow. Are you using the latest version of SuperLogin on your server?

[ronycohen]

I have the "version": "0.5.0". I maybe have something which impact http interceptions in my ionic app.

[ronycohen]

Is there a way to force the session id ?

[ronycohen]

I think it's probably Ionic which block interceptor. The session hasn't been logged out because I still have an existing access on Remote DBs.

[ronycohen]

SomeHow It doesn't get the session :

The session is null.

from superloginInterceptor :

service.request = function(request) {
                    var session = superloginSession.getSession();
                    if(session && session.token) {
                        superloginSession.checkRefresh();
                    }
                    if(checkEndpoint(request.url, endpoints)) {

//HERE !!!!!!!!!!!!!!!!!
 console.log("Call superloginInterceptor checkEndpoint", request.url, endpoints, session);

                        if(session && session.token) {
                            request.headers.Authorization = 'Bearer ' + session.token + ':' + session.password;
                        }
                    }
                    return request;
                };

[ronycohen]

I can see that The Superlogin interceptor checkEndpoint is called on each internal ionic view call.

[colinskow]

Is your endpoint properly configured in ng-superlogin?

[ronycohen]

I guess Yes : endpoints: ['api.*****.net/superlogin'], // Set this to true if you do not want the URL bar host automatically added to the list noDefaultEndpoint: false,

[ronycohen]

I'm able to sign-in and sign-up properly.

[ronycohen]

Do you know a way to debug it ? I mean I know I don't give enough details...

[colinskow]

logout: function(msg) {
          return $http.post(superloginSession.getConfig().baseUrl + 'logout', {})
            .then(function(res) {
              superloginSession.deleteSession();
              $rootScope.$broadcast('sl:logout', msg || 'Logged out');
              return $q.when(res.data);
            }, function(err) {
              // Log the headers and make sure 'Authorization' is there.
              console.log(err.headers('Authorization'));
              superloginSession.deleteSession();
              $rootScope.$broadcast('sl:logout', msg || 'Logged out');
              return $q.reject(err.data);
            });

[ronycohen]

Thank you Colin ! I try with this function

[colinskow]

You may need to use err.config.headers('Authorization')

[ronycohen]

Hi,

// Log the headers and make sure 'Authorization' is there. console.log(err.headers('Authorization'));

render a null value.

and err.config.headers is not a function.

[ronycohen]

Alright, then if it's working properly for the Signin and the Signup. But not for the logout and the refresh. This means that I lost this value somewhere and the http interceptions can't get anything.

Here is my client config :

        var superLoginConfig = {
            baseUrl: 'https://api.myapp.net/superlogin/auth/',
            endpoints: ['api.myapp.net/superlogin'],
            // Set this to true if you do not want the URL bar host automatically added to the list
            noDefaultEndpoint: true,
            storage: 'local',
            providers: ['facebook','google'],
            checkExpired: 'startup',
            refreshThreshold: 0.5
        };
        superloginProvider.configure(superLoginConfig);
    }]);

Do you how I can track this 'Authorization' value within SuperLogin after the Login in order to identify how I loose it ?

[ronycohen]

When I define noDefaultEndpoint to true, I don't have superloginInterceptor logs.

[ronycohen]

Please, I just need a way to force the an endpoint...

[colinskow]

Try this to debug:

    service.request = function(request) {
      var session = superloginSession.getSession();
      if(session && session.token) {
        superloginSession.checkRefresh();
      }
      if(checkEndpoint(request.url, endpoints)) {
        if(session && session.token) {
          // DEBUG AUTH HEADER
          console.log('Setting authorization header');
          request.headers.Authorization = 'Bearer ' + session.token + ':' + session.password;
        }
      }
      return request;
    };

[ronycohen]

ok I test now

[ronycohen]

The checkEndpoint(request.url, endpoints) always return a false for me.

On logout : parser.host = api.myapp.net endpoints[i] = api.myapp.net/superlogin

function checkEndpoint(url, endpoints) {
                    parser.href = url;
                    console.debug("checkEndpoint", parser, endpoints);

                    for(var i=0; i<endpoints.length; i++) {
                        console.debug("parser.host",parser.host); // ==>  api.myapp.net
                        console.debug("endpoints[i]",endpoints[i]); // ==> api.myapp.net/superlogin

                        if(parser.host === endpoints[i]) {
                            return true;
                        }
                    }
                    return false;
                }

So I changed the if.

==>> if(endpoints[i].indexOf(parser.host) > -1) { And now it's working !! :)

Thank you so much Colin,

It a mistake I made but defining : endpoints: ['api.myapp.net/superlogin'], instead of endpoints: ['api.myapp.net],

[colinskow]

Your endpoint needs to be simply api.myapp.net. You need to lose the path.

[ronycohen]

thank you ! Yes I changed it.