edx / frontend-auth

100%

LAST BUILD ON BRANCH master

branch: master

CHANGE BRANCH

x

Reset

• master
• abutterworth/403-do-not-logout
• abutterworth/add-token-logging
• abutterworth/add-token-refresh-failure-callback
• abutterworth/anonymous-access-refactor
• abutterworth/csrf
• abutterworth/fix-arch-687
• abutterworth/frontend-build
• abutterworth/refactor-access-token
• abutterworth/refactor-queuing
• abutterworth/upgrade-build
• abutterworth/upgrade-node
• ammar/export-logging-utils
• ddumesnil/admin-in-auth
• djoy/export_more_actions
• djoy/factor_out_saving_actions
• djoy/loaded_flag
• djoy/promise-ify-ensure-methods
• djoy/transpile_es6_node_modules
• djoy/update_readme_with_example
• djoy/webpack_mode
• douglashall/ARCH-653
• douglashall/ARCH-711
• douglashall/ARCH-840
• douglashall/ARCH-873
• douglashall/add_user_profile_fields
• douglashall/csrf
• douglashall/explicit_jwt_cookie_auth
• douglashall/fix_auth_interceptor
• douglashall/fix_private_route
• douglashall/fix_redirect_loop
• douglashall/npm_publish
• douglashall/peer_dependencies
• douglashall/user_profile
• douglashall/verify_access_token_expiration
• iahmad/ENT-1805-Authentication-for-frontend-learner-app
• mikix/redirect-path
• mushtaq/403-do-not-logout
• renovate/axios-0.x
• renovate/axios-mock-adapter-1.x
• renovate/camelcase-keys-6.x
• renovate/commitlint-monorepo
• renovate/configure
• renovate/coveralls-3.x
• renovate/edx-frontend-logging-3.x
• renovate/enzyme-3.x
• renovate/enzyme-adapter-react-16-1.x
• renovate/eslint-6.x
• renovate/husky-3.x
• renovate/major-commitlint-monorepo
• renovate/major-reactrouter-monorepo
• renovate/npm-axios-vulnerability
• renovate/pin-dependencies
• renovate/prop-types-15.x
• renovate/react-monorepo
• renovate/redux-4.x
• renovate/semantic-release-monorepo
• renovate/uglifyjs-webpack-plugin-2.x
• renovate/webpack-4.x
• renovate/webpack-cli-3.x
• robrap/ARCH-379-get-user-id
• robrap/ARCH-687-update-logging
• robrap/ARCH-948-alternate-read-cookies
• robrap/ARCH-948-clean-up
• robrap/ARCH-948-fix-ensure-authentication
• robrap/ARCH-948-more-refresh-token-changes
• robrap/add-comment-1
• robrap/add-comment-2
• robrap/update-tests
• robrap/v1.3.2-es-check
• tuchfarber/make_ssr_friendly
• tuchfarber/update_ssr_friendly_logging
• v1.0.0
• v1.0.1
• v1.0.2
• v1.0.3
• v1.1.0
• v1.2.0
• v1.2.1
• v1.3.0
• v1.3.1
• v1.3.2
• v2.0.0
• v3.0.0
• v3.0.2
• v3.0.3
• v3.1.0
• v3.2.0
• v4.0.0
• v5.0.0
• v5.1.0
• v5.1.1
• v5.1.2
• v5.1.3
• v5.2.0
• v5.3.0
• v5.3.1
• v5.3.2
• v5.3.3
• v5.3.4
• v5.3.5
• v6.0.0
• v6.0.1
• v6.0.2
• v7.0.0
• v7.0.1
• v8.0.0
• v9.0.0

Build # 671

Build Type

push

travis-ci

Committed by web-flow

Commit Message

feat: anonymous access (#82)

This PR allows unauthenticated requests to be made though the apiClient. There are breaking behavior changes. There are also breaking API changes as well as new functionality contained in this refactor.

**New functionality:**

- `getAuthenticatedUser`: a function that gets the jwt token and returns user information. It will return null if the user is not authenticated. It will not perform a redirect, unlike `ensureAuthenticatedUser`.
- `isPublic` and `isCsrfExempt` options have been added to request configuration for axios requests (get, post, patch, etc). Setting these to true will prevent frontend-auth from attempting to refresh the jwt access token or a csrf token respectively.

BREAKING CHANGE: (Behavior Change) Frontend-auth intercepts outbound requests and attempts to refresh the jwt token if it does not exist or is expired. In the case of a 401 response indicating that the user is logged out, frontend auth will not redirect the user to login, and will allow the outbound request to proceed. Prior behavior: Upon receiving a 401 response, frontend-auth would block the request and redirect the user to login.

`ensureAuthenticatedUser` continues to redirect if the user is logged out.

**API Changes**

- `getAuthenticatedAPIClient` has been renamed to `getAuthenticatedApiClient`. Note the capitalization changes: API  > Api.
- `redirectToLogout` (formerly `apiClient.logout`)
- `redirectToLogin` (formerly `apiClient.login`)
- `ensureAuthenticatedUser` (formerly `apiClient.ensureAuthenticatedUser`)

See the updated README for more details.

Run Details

58 of 58 branches covered (100.0%)

Branch coverage included in aggregate %.

142 of 142 new or added lines in 6 files covered. (100.0%)

203 of 203 relevant lines covered (100.0%)

21.53 hits per line