Arulraj V created GUACAMOLE-2296:
------------------------------------

             Summary: Broadcast AngularJS event when POST /api/tokens returns 
an unchanged authentication token
                 Key: GUACAMOLE-2296
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-2296
             Project: Guacamole
          Issue Type: Improvement
          Components: guacamole-client, guacamole-common-js
    Affects Versions: 1.6.0
            Reporter: Arulraj V


h2. Problem

When POST /api/tokens is called with valid credentials and the server returns 
the 
*same* token that is already stored in the client's localStorage (i.e. the 
session 
is refreshed/extended rather than newly created), the Angular frontend takes 
the 
following path in authenticationService.js:
{code:javascript}
// Update cached authentication result, even if the token remains the same
else
    setAuthenticationResult(new AuthenticationResult(data));
{code}
This silently updates the cached result without emitting any $rootScope 
broadcast 
event. By contrast, the "new token" path correctly broadcasts:
{code:javascript}
$rootScope.$broadcast('guacLogin', data.authToken);
{code}
h2. Impact

Applications that *embed* Guacamole or *extend* it with Angular components have 
no 
observable signal for this scenario. This makes it impossible to:
 * Detect that an existing session has been re-authenticated
 * Refresh downstream state that depends on the authentication lifecycle
 * Distinguish a "login" from a "session renewal" event

h2. Proposed Change

Add a broadcast in the else branch so listeners can react to token renewal:
{code:javascript}
// Update cached authentication result, even if the token remains the same
else {
    setAuthenticationResult(new AuthenticationResult(data));
    $rootScope.$broadcast('guacLoginUpdated', data.authToken);
}
{code}
The event name 'guacLoginUpdated' is chosen to parallel the existing 
'guacLogin' 
event while clearly distinguishing the token-unchanged renewal case from a new 
login.
h2. Affected File

guacamole/src/main/frontend/src/app/auth/service/authenticationService.js
h2. Backward Compatibility

This is purely additive. No existing listeners are affected. Components that do 
not 
listen for 'guacLoginUpdated' are unaffected.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to