fix(login): ensure $locationChange respects login

This commit fixes a critical bug introduced throughout the `ui-router` upgrade that allows users to access any page without logging in to the application. This has been patched so that $locationChange does not even begin if the user session does not exist. Finally, informative messages have been added to tell the user exactly what is going on and what to do next when the session exists, doesn't exist, or otherwise.
IMA-WorldHealth · May 5, 2016 · 2a40636 · 2a40636
1 parent f360025
commit 2a40636
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 6 deletions.
diff --git a/client/src/i18n/en.json b/client/src/i18n/en.json
@@ -35,7 +35,9 @@
     "LOGIN_PLACEHOLDER_USERNAME" : "Enter your username",
     "TOO_MANY_TRYS"              : "Forgot your username or password? Please ask the system administrator to reset it.",
     "WELCOME"                    : "Welcome to bhima!",
-    "GOODBYE"                    : "Thank you for using bhima.  Come back soon!"
+    "GOODBYE"                    : "Thank you for using bhima.  Come back soon!",
+    "UNAUTHENTICATED"            : "You have been logged off.  Please sign back in to resume using the application.",
+    "CANNOT_RETURN_TO_LOGIN"     : "You are currently logged in.  To return to the login page, please log out using the settings page."
   },
   "BILLING_SERVICES": {
     "BTN": {

diff --git a/client/src/js/app.js b/client/src/js/app.js
@@ -937,11 +937,32 @@ function localeConfig(tmhDynamicLocaleProvider) {
 }
 
 // redirect to login if not signed in.
-function startupConfig($rootScope, $location, SessionService, amMoment) {
-  $rootScope.$on('$stateChangeStart', function (event, next) {
-    if (!SessionService.user) {
-      $location.url('/login');
+function startupConfig($rootScope, $state, SessionService, amMoment, Notify) {
+
+  // make sure the user is logged in and allowed to access states when
+  // navigating by URL.  This is pure an authentication issue.
+  $rootScope.$on('$locationChangeStart', function (event, next) {
+
+    var isLoggedIn = !!SessionService.user;
+    var isLoginState = next.indexOf('#/login') !== -1;
+
+    // if the user is logged in and trying to access the login state, deny the
+    // attempt with a message "Cannot return to login.  Please log out from the
+    // Settings Page."
+    if (isLoggedIn && isLoginState) {
+      event.preventDefault();
+      Notify.warn('AUTH.CANNOT_RETURN_TO_LOGIN');
+
+    // if the user is not logged in and trying to access any other state, deny
+    // the attempt with a message that their session expired and redirect them
+    // to the login page.
+    } else if (!isLoggedIn && !isLoginState) {
+      event.preventDefault();
+      Notify.warn('AUTH.UNAUTHENTICATED');
+      $state.go('login', {}, { notify : false });
     }
+
+    // else, the user is free to continue as they wish
   });
 
   // make sure $stateChangeErrors are emitted to the console.
@@ -994,4 +1015,4 @@ bhima.config(['$httpProvider', httpConfig]);
 bhima.config(['$animateProvider', animateConfig]);
 
 // run the application
-bhima.run(['$rootScope', '$location', 'SessionService', 'amMoment', startupConfig]);
+bhima.run(['$rootScope', '$state', 'SessionService', 'amMoment', 'NotifyService', startupConfig]);