Abdul/id token fix

[iamazzeez]

🔩 Description: What code changed, and why?

⛓️ Related Resources

Description

• Expected behaviour of automate is to call /refresh endpoint every minute once user logs in
• But due to id_token error in console which occurs intermittently after login, it stops /refresh call to session-service
• But after login manual refresh of automate ui page /refresh call starts working it calls every minute

What is fixed

• id_token error in console after login is removed
• /refresh call is being called every minute after login without manual page refresh
• Logged in multiple times /refresh call is getting called every minute.

👟 How to Build and Test the Change

• pull changes from abdul/id_token_fix
• rebuild components/automate-ui
• check for /refresh call being called every minute in networks tab, after login via, Local user or SAML or LDAP

✅ Checklist

All PRs must tick these:

• I have read the CONTRIBUTING document.
• All commits signed-off for the Developer Certification of Origin.

With occasional exceptions, all PRs from Progress employees must tick these:

• Is the code clear? (complicated code or lots of comments--subdivide and use well-named methods, meaningful variable names, etc.)
• Consistency checked? (user notifications, user prompts, visual patterns, code patterns, variable names)
• Repeated code blocks eliminated? (adapt and reuse existing components, blocks, functions, etc.)
• Spelling, grammar, typos checked? (at a minimum use make spell in any component directory)
• Code well-formatted? (indents, line breaks, etc. improve rather than hinder readability)

All PRs from Progress employees should tick these if appropriate:

• Tests added/updated? (all new code needs new tests)
• Docs added/updated? (all customer-facing changes)

Please add a note next to any checkbox above if you are NOT ticking it.

📷 Screenshots, if applicable

[netlify]

✔️ Deploy Preview for chef-automate ready!

🔨 Explore the source changes: 0ecb940

🔍 Inspect the deploy log: https://app.netlify.com/sites/chef-automate/deploys/610a6636065b7b00079b9ce8

😎 Browse the preview: https://deploy-preview-5395--chef-automate.netlify.app

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

No Coverage information
0.0% Duplication

[kalroy]

Tested the changes in Local environment using:

1. Local Login
2. SAML login

Also used Chrome throttling to test in slow network:

1. Fast 3G
2. Slow 3G

Worked fine.

[iamazzeez]

Tested the changes in EC2 environment using:

LDAP login
Also used Chrome throttling to test in slow network:

Fast 3G
Slow 3G
Worked fine.

[iamazzeez]

Found an issue in acceptance once after upgrade for the first time,
Refresh call threw error 401 (Unauthorised) and Automate UI says no permission.
This is for Local user login
Used Admin user Credentials to login
This isn’t getting reproduced

Below are the screenshots,

[trickyearlobe]

Hi @kalroy, @Abdul-AZ
This blog post says that this bug #5395 is now fixed, but I just updated to 20210813114337 and now I'm getting logged out after exactly 2 mins on SAML sessions with

/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.Z5NyInQc2Cw.O/am=B8jRwghKPCABAEAeAAAAAAAAAOBoEVAGmKMbPg/d=1/excm=glif_initial_css/rs=ABkqax2Xztl8kgxpRWDDf23OZNeAUqzIiA/m=glifb,identifier_view,unknownerror_view:0 XHR finished loading: GET "https://**REDACTED**.local/apis/iam/v2/projects".

For a local login, I don't get logged out. The API call looks successful

polyfills-es2019.4e0adb070b509b4d648d.js:1 XHR finished loading: GET "https://**REDACTED**.local/apis/iam/v2/projects".

[iamazzeez]

Hi @trickyearlobe , As of now SAML users token expiry time is 24hrs user should be logged in for 24hrs, Even after 24hrs session refresh call, which happens every minute will refresh the token, thus user will be logged in indefinitely.

Speaking about your issue, is this happening repeatedly?
Also could you help me with error in console at the time of logout if any?
As i am not able to reproduce this at my end.

[trickyearlobe]

Yes, it's repeatable.
I'll ping you for a screen share.