search

whole-tale / dashboard

Whole Tale Dashboard
http://wholetale.org
MIT License
7 stars 2 forks source link

Allow user to configure DataONE account from User Settings view #575

Closed bodom0015 closed 4 years ago

bodom0015 commented 4 years ago

Problem

Following #563, DataONE accounts are not properly authorized from the dashboard. The ORCID login leaves the DataONE in a preauthorized state, and never finishes the authorization process by POSTing the DataONE JWT back to the server.

Fixes #573

Approach

Fetch and POST the DataONE JWT back to the server when a DataONe provider is detected in a preauthorized state.

How to Test

  1. Checkout and run this branch locally, rebuild the dashboard
  2. Login to the WholeTale Dashboard
  3. Navigate to the Settings view
  4. Disconnect any DataONE account(s) present
  5. Beside DataONE, click "Connect Account" to login via ORCID
    • preauthorized - you should be taken to the ORCID login page, then back to the settings view
  6. After 1-2 seconds, the view should update without refreshing
    • authorized - you should still be on the settings view
bodom0015 commented 4 years ago

In your test case, you include an explicit page refresh after disconnect.

That is correct, there is still a slight bug where the "Connect Account" button for DataONE does not properly re-enable after clicking "Disconnect".

What are your thoughts on this? Should this be addressed in a separate issue?

It's not ideal, but I wasn't bothered by it since this is an edge case of an edge case. I suspect it would be rare for anyone to Disconnect any account at all (with the exception of debugging), and DataONE is a case where revoking doesn't actually do much anyways. If you think that this should be fixed, we can file a separate issue to update it to perform the refresh automatically.

bodom0015 commented 4 years ago

@craig-willis I noticed a bug in the display of API key authorizations, so I went ahead and made some additional changes to prevent the user from needing to manually refresh. Seems that I was just trying to refresh the user tokens, when I should have also been refreshing the providers themselves.

I should have been calling refreshProviders (which then calls refreshUserTokens), instead of callingrefreshUserTokens directly.