Arulraj V created GUACAMOLE-2296:
------------------------------------
Summary: Broadcast AngularJS event when POST /api/tokens returns
an unchanged authentication token
Key: GUACAMOLE-2296
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2296
Project: Guacamole
Issue Type: Improvement
Components: guacamole-client, guacamole-common-js
Affects Versions: 1.6.0
Reporter: Arulraj V
h2. Problem
When POST /api/tokens is called with valid credentials and the server returns
the
*same* token that is already stored in the client's localStorage (i.e. the
session
is refreshed/extended rather than newly created), the Angular frontend takes
the
following path in authenticationService.js:
{code:javascript}
// Update cached authentication result, even if the token remains the same
else
setAuthenticationResult(new AuthenticationResult(data));
{code}
This silently updates the cached result without emitting any $rootScope
broadcast
event. By contrast, the "new token" path correctly broadcasts:
{code:javascript}
$rootScope.$broadcast('guacLogin', data.authToken);
{code}
h2. Impact
Applications that *embed* Guacamole or *extend* it with Angular components have
no
observable signal for this scenario. This makes it impossible to:
* Detect that an existing session has been re-authenticated
* Refresh downstream state that depends on the authentication lifecycle
* Distinguish a "login" from a "session renewal" event
h2. Proposed Change
Add a broadcast in the else branch so listeners can react to token renewal:
{code:javascript}
// Update cached authentication result, even if the token remains the same
else {
setAuthenticationResult(new AuthenticationResult(data));
$rootScope.$broadcast('guacLoginUpdated', data.authToken);
}
{code}
The event name 'guacLoginUpdated' is chosen to parallel the existing
'guacLogin'
event while clearly distinguishing the token-unchanged renewal case from a new
login.
h2. Affected File
guacamole/src/main/frontend/src/app/auth/service/authenticationService.js
h2. Backward Compatibility
This is purely additive. No existing listeners are affected. Components that do
not
listen for 'guacLoginUpdated' are unaffected.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)