From 39198558665d9a6bfb1b0fb0be27b977a4f39288 Mon Sep 17 00:00:00 2001 From: Chris Hale Date: Tue, 24 Oct 2017 10:19:18 -0600 Subject: [PATCH 1/3] Set login screen to clear password on failed login attempt --- client/app/core/authentication-api.factory.js | 33 ++++++++++--------- client/app/states/login/login.state.js | 7 ++-- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/client/app/core/authentication-api.factory.js b/client/app/core/authentication-api.factory.js index be9fa7ab3..f43326ca6 100644 --- a/client/app/core/authentication-api.factory.js +++ b/client/app/core/authentication-api.factory.js @@ -7,23 +7,24 @@ export function AuthenticationApiFactory ($http, $base64, API_BASE, Session, Not return service function login (userLogin, password) { - return $http.get(API_BASE + '/api/auth?requester_type=ui', { - headers: { - 'Authorization': 'Basic ' + $base64.encode([userLogin, password].join(':')), - 'X-Auth-Token': undefined, - 'X-Miq-Group': undefined - } - }).then(loginSuccess, loginFailure) - - function loginSuccess (response) { - Session.setAuthToken(response.data.auth_token) - } + return new Promise((resolve, reject) => { + $http.get(API_BASE + '/api/auth?requester_type=ui', { + headers: { + 'Authorization': 'Basic ' + $base64.encode([userLogin, password].join(':')), + 'X-Auth-Token': undefined, + 'X-Miq-Group': undefined + } + }).then(loginSuccess, loginFailure) - function loginFailure (response) { - Session.destroy() - Notifications.message('danger', '', __('Incorrect username or password.'), false) + function loginSuccess (response) { + Session.setAuthToken(response.data.auth_token) + resolve(response) + } - return response - } + function loginFailure (response) { + Session.destroy() + reject(response) + } + }) } } diff --git a/client/app/states/login/login.state.js b/client/app/states/login/login.state.js index dac8fffad..612db053a 100644 --- a/client/app/states/login/login.state.js +++ b/client/app/states/login/login.state.js @@ -74,8 +74,11 @@ function StateController (exception, $state, Text, RBAC, API_LOGIN, API_PASSWORD Session.destroy() } }) - .catch(() => { - exception.catch('Login failed, possibly invalid credentials.') + .catch((response) => { + if (response.status === 401) { + vm.credentials.password = '' + Notifications.message('danger', '', __('Incorrect username or password.'), false) + } Session.destroy() }) } From e961b94953ba49021db84e39c4237d68ee5eb196 Mon Sep 17 00:00:00 2001 From: Chris Hale Date: Tue, 24 Oct 2017 10:26:26 -0600 Subject: [PATCH 2/3] Fixed failing authentication test --- client/app/core/authentication-api.factory.spec.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/app/core/authentication-api.factory.spec.js b/client/app/core/authentication-api.factory.spec.js index b52c40723..4ff8e97f4 100644 --- a/client/app/core/authentication-api.factory.spec.js +++ b/client/app/core/authentication-api.factory.spec.js @@ -38,12 +38,12 @@ describe('Authentication API', () => { let mockDir = 'tests/mock/authentication-api/' const errorResponse = readJSON(mockDir + 'failure.json') - it('should fail Login', (done) => { + it('should fail Login', () => { Session.destroy() sinon.stub($http, 'get').returns(Promise.reject(errorResponse)) - AuthenticationApi.login('test', 'test').then(function (data) { - done() - + return AuthenticationApi.login('test', 'test').then(function (data) { + expect(Session.active()).to.eq(false) + }).catch((err) => { expect(Session.active()).to.eq(false) }) }) From f12dd5a69cc8a780c4ea63dfbad50b75464fee3c Mon Sep 17 00:00:00 2001 From: Chris Hale Date: Tue, 24 Oct 2017 11:53:30 -0600 Subject: [PATCH 3/3] Updated messaging when an error occurs --- client/app/core/authentication-api.factory.spec.js | 6 ++++-- client/app/states/login/login.state.js | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/client/app/core/authentication-api.factory.spec.js b/client/app/core/authentication-api.factory.spec.js index 4ff8e97f4..3d9811a9a 100644 --- a/client/app/core/authentication-api.factory.spec.js +++ b/client/app/core/authentication-api.factory.spec.js @@ -43,8 +43,10 @@ describe('Authentication API', () => { sinon.stub($http, 'get').returns(Promise.reject(errorResponse)) return AuthenticationApi.login('test', 'test').then(function (data) { expect(Session.active()).to.eq(false) - }).catch((err) => { - expect(Session.active()).to.eq(false) + }).catch((err) => { + if (err) { + expect(Session.active()).to.eq(false) + } }) }) }) diff --git a/client/app/states/login/login.state.js b/client/app/states/login/login.state.js index 612db053a..1baf390cf 100644 --- a/client/app/states/login/login.state.js +++ b/client/app/states/login/login.state.js @@ -77,7 +77,8 @@ function StateController (exception, $state, Text, RBAC, API_LOGIN, API_PASSWORD .catch((response) => { if (response.status === 401) { vm.credentials.password = '' - Notifications.message('danger', '', __('Incorrect username or password.'), false) + const message = response.data.error.message + Notifications.message('danger', '', __('Login failed, possibly invalid credentials. ') + `(${message})`, false) } Session.destroy() })