ahgittin commented on a change in pull request #120: tidy logout and other misc
minor changes for new server security model
URL: https://github.com/apache/brooklyn-ui/pull/120#discussion_r252288899
##########
File path: ui-modules/logout/app/views/main/main.controller.js
##########
@@ -28,51 +28,123 @@ angular.module(MODULE_NAME, [uiRouter])
export default MODULE_NAME;
export const mainState = {
- name: 'main',
- url: '/',
+ name: 'mainRoot',
+ url: '/?debug&keepCreds&useGet&salt',
+ // experimental/test options:
+ // * useGet means to make a GET request instead of POST
+ // * keepCreds means not to request a 200 on successful logout instead of
a 401;
+ // this will prevent the browser from clearing cache
template: require('ejs-html!./main.template.html'),
- controller: ['$scope', mainStateController],
+ controller: ['$scope', '$http', '$state', '$stateParams', '$log',
'$timeout', mainStateController],
+ controllerAs: 'vm'
+};
+export const promptState = {
+ name: 'prompt',
+ url: '/prompt?debug',
+ params: { prompt: true },
+ template: require('ejs-html!./main.template.html'),
+ controller: ['$scope', '$http', '$state', '$stateParams',
mainStateController],
controllerAs: 'vm'
};
export function mainStateConfig($stateProvider) {
- $stateProvider.state(mainState);
+ $stateProvider.state(promptState).state(mainState);
}
-export function mainStateController($scope) {
+export function mainStateController($scope, $http, $state, $stateParams, $log,
$timeout) {
+ if (!$scope.state) $scope.state = {};
+ if ($stateParams.prompt) $scope.state.status = "prompt";
+ if (!$scope.state.status) $scope.state.status = "do-logout";
+
+ /* There is a lot of complexity in here to support debug pathways with
confirmation,
+ * use of http GET instead of POST, and use of API which returns 200
instead of 401.
+ * This is because logging out nicely is quite tricky.
+ * Currently we think we have a good pathway without any of that
complexity,
+ * so if you haven't set "?debug=true" or other special option in the URL
it is
+ * mostly disabled and follows the happy path where it just logs out and
prompts
+ * you to log back in. But the debug stuff is left in, in case we
encounter edge cases.
+ */
+
+ $scope.debug = $stateParams.debug;
Review comment:
downstream projects may set this, and we might want to configure info
logging in production. take your point but don't think it's worth changing.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
