fix: remove token when log out

6a7631ff · Eduardo Sanz García · 2e59603c · 6a7631ff · 6a7631ff
Commit 6a7631ff authored Feb 15, 2018 by Eduardo Sanz García
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 5 deletions

CHANGELOG.md CHANGELOG.md +8 -2

src/app/modules/auth/auth.service.ts src/app/modules/auth/auth.service.ts +3 -3

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+<a name="1.0.0-alpha.5"></a>
+# [1.0.0-alpha.5](https://gitlab.ebi.ac.uk/tools-glue/angular-aap-auth/compare/1.0.0-alpha.4...1.0.0-alpha.5) (2018-02-15)
+
+### Features
+
+* **auth:** remove expired JWT token (when users leave before the token is removed and then come back) ([#1](https://gitlab.ebi.ac.uk/tools-glue/angular-aap-auth/issues/1) ([2e59603](https://gitlab.ebi.ac.uk/tools-glue/angular-aap-auth/commit/2e59603))
+
+
 <a name="1.0.0-alpha.4"></a>
 # [1.0.0-alpha.4](https://gitlab.ebi.ac.uk/tools-glue/angular-aap-auth/compare/1.0.0-alpha.3...1.0.0-alpha.4) (2018-02-15)

 ### Features

 * **auth:** added Credential interface for easy access to user data ([60b33f7e](https://gitlab.ebi.ac.uk/tools-glue/angular-aap-auth/commit/60b33f7e))
-
-[//]: # * **auth:** mark @NgModules in provider lists for identification at runtime ([#22005](https://github.com/angular/angular/issues/22005)) ([b35abed](https://gitlab.ebi.ac.uk/tools-glue/angular-aap-auth/commit/b35abed))
--- a/src/app/modules/auth/auth.service.ts
+++ b/src/app/modules/auth/auth.service.ts
@@ -67,7 +67,7 @@ export class AuthService {
        @Inject(AAP_CONFIG) private config: AuthConfig
    ) {
        this.domain = encodeURIComponent(window.location.origin);
-        this.aapURL = config.aapURL;
+        this.aapURL = config.aapURL.replace(/\/$/, '');
        this.storageRemover = config.tokenRemover;
        this.storageUpdater = config.tokenUpdater;

@@ -222,6 +222,7 @@ export class AuthService {
     * to 'this' when used in setTimeout call.
     */
    public logOut = () => {
+        this.storageRemover();
        this._updateCredentials();
        this._logoutCallbacks.map(callback => callback && callback());
        if (this._timeoutID) {
@@ -301,8 +302,7 @@ export class AuthService {
     * the SSO URL, otherwise it's iffy and shouldn't trust it.
     */
    private messageIsAcceptable(event: MessageEvent): boolean {
-        const expectedURL: string = this.aapURL.replace(/\/$/, '');
-        return event.origin === expectedURL;
+        return event.origin === this.aapURL;
    }

    private _updateCredentials() {