chore (cleanup): cleanup session management

Author: mickael-kerjean

public/assets/boot/ctrl_boot_frontoffice.js

@@ -15,7 +15,6 @@ export default async function main() {
             setup_blue_death_screen(),
             setup_history(),
             setup_polyfill(),
-            setup_iframe(),
         ]);
 
         await Promise.all([ // procedure with dependency on config
@@ -107,22 +106,3 @@ async function setup_polyfill() {
         await loadJS(import.meta.url, "../lib/polyfill.js");
     }
 }
-
-// In safari and duck duck go browser, cross domain iframe cannot inject cookies,
-// see https://support.apple.com/en-au/guide/safari/sfri40732/mac
-// hopefully one day, they provide support for partitioned cookie and we can remove this code
-// but until that happens we had to find a way to inject authorisation within ../lib/ajax.js
-async function setup_iframe() {
-    if (window.self === window.top) return;
-
-    window.addEventListener("pagechange", async() => {
-        if (location.hash === "") return; // happy path
-
-        const token = new URLSearchParams(location.hash.replace(new RegExp("^#"), "?")).get("bearer");
-        if (token) window.BEARER_TOKEN = token;
-
-        if (location.pathname === toHref("/logout")) {
-            delete window.BEARER_TOKEN;
-        }
-    });
-}

public/assets/model/session.js

@@ -2,15 +2,6 @@ import rxjs from "../lib/rx.js";
 import ajax from "../lib/ajax.js";
 import { forwardURLParams } from "../lib/path.js";
 
-export function createSession(authenticationRequest) {
-    return ajax({
-        method: "POST",
-        url: withShare("./api/session"),
-        body: authenticationRequest,
-        responseType: "json",
-    });
-}
-
 export function getSession() {
     return ajax({
         url: withShare("api/session"),
@@ -21,11 +12,30 @@ export function getSession() {
     );
 }
 
+export function createSession(authenticationRequest) {
+    return ajax({
+        method: "POST",
+        url: withShare("api/session"),
+        body: authenticationRequest,
+        responseType: "json",
+    }).pipe(rxjs.tap(({ responseHeaders }) => {
+        if (responseHeaders.bearer) window.BEARER_TOKEN = responseHeaders.bearer; // see ctrl_boot_frontoffice.js -> setup_iframe
+    }));
+}
+
 export function deleteSession() {
     return ajax({
         url: withShare("api/session"),
         method: "DELETE"
-    });
+    }).pipe(rxjs.tap(() => {
+        delete window.BEARER_TOKEN;
+    }));
 }
 
+window.addEventListener("pagechange", async() => {
+    if (location.hash === "") return; // happy path
+    const token = new URLSearchParams(location.hash.replace(new RegExp("^#"), "?")).get("bearer");
+    if (token) window.BEARER_TOKEN = token;
+});
+
 const withShare = (url) => forwardURLParams(url, ["share"]);

public/assets/pages/connectpage/ctrl_form.js

@@ -199,7 +199,6 @@ export default async function(render) {
                 rxjs.tap(() => toggleLoader(true)),
                 rxjs.mergeMap(() => createSession(formData)),
                 rxjs.tap(({ responseJSON, responseHeaders }) => {
-                    if (responseHeaders.bearer) window.BEARER_TOKEN = responseHeaders.bearer; // see ctrl_boot_frontoffice.js -> setup_iframe
                     let redirectURL = toHref("/files/");
                     const GET = getURLParams();
                     if (GET["next"]) redirectURL = GET["next"];