From 8705e2366c252572a84b85d4d427e193039ab495 Mon Sep 17 00:00:00 2001
From: Kirill Lakhov <kirill.lakhov@cvat.ai>
Date: Wed, 23 Nov 2022 20:24:01 +0300
Subject: [PATCH] Added force logout on CVAT app start if token is missing
 (#5331)

---
 CHANGELOG.md                                  |  1 +
 cvat-core/package.json                        |  2 +-
 cvat-core/src/server-proxy.ts                 |  6 +++++-
 cvat-ui/src/components/cvat-app.tsx           |  2 +-
 .../login-with-token/login-with-token.tsx     | 19 +++++++------------
 .../actions_users/issue_1810_login_logout.js  |  6 ++----
 6 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8f15e04b..991929e3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -78,6 +78,7 @@ non-ascii paths while adding files from "Connected file share" (issue #4428)
   (<https://github.com/opencv/cvat/issues/4839>)
 - Fixed job exporting (<https://github.com/opencv/cvat/pull/5282>)
 - Visibility and ignored information fail to be loaded (MOT dataset format) (<https://github.com/opencv/cvat/pull/5270>)
+- Added force logout on CVAT app start if token is missing (<https://github.com/opencv/cvat/pull/5331>)
 - Missed token with using social account authentication (<https://github.com/opencv/cvat/pull/5344>)
 
 ### Security
diff --git a/cvat-core/package.json b/cvat-core/package.json
index 182edf8b..1b9b08d0 100644
--- a/cvat-core/package.json
+++ b/cvat-core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cvat-core",
-  "version": "7.2.0",
+  "version": "7.2.1",
   "description": "Part of Computer Vision Tool which presents an interface for client-side integration",
   "main": "src/api.ts",
   "scripts": {
diff --git a/cvat-core/src/server-proxy.ts b/cvat-core/src/server-proxy.ts
index 44fd1e29..4cafdb8e 100644
--- a/cvat-core/src/server-proxy.ts
+++ b/cvat-core/src/server-proxy.ts
@@ -456,7 +456,11 @@ class ServerProxy {
                 }
             } catch (serverError) {
                 if (serverError.code === 401) {
-                    removeToken();
+                    // In CVAT app we use two types of authentication,
+                    // So here we are forcing user have both credential types
+                    // First request will fail if session is expired, then we check
+                    // for precense of token
+                    await logout();
                     return false;
                 }
 
diff --git a/cvat-ui/src/components/cvat-app.tsx b/cvat-ui/src/components/cvat-app.tsx
index 7bc6663e..fb2e3ed0 100644
--- a/cvat-ui/src/components/cvat-app.tsx
+++ b/cvat-ui/src/components/cvat-app.tsx
@@ -436,7 +436,7 @@ class CVATApplication extends React.PureComponent<CVATAppProps & RouteComponentP
                         <Route exact path='/auth/login' component={LoginPageContainer} />
                         <Route
                             exact
-                            path='/auth/login-with-token/:sessionId/:token'
+                            path='/auth/login-with-token/:token'
                             component={LoginWithTokenComponent}
                         />
                         <Route exact path='/auth/password/reset' component={ResetPasswordPageComponent} />
diff --git a/cvat-ui/src/components/login-with-token/login-with-token.tsx b/cvat-ui/src/components/login-with-token/login-with-token.tsx
index f063fc85..5568ecb3 100644
--- a/cvat-ui/src/components/login-with-token/login-with-token.tsx
+++ b/cvat-ui/src/components/login-with-token/login-with-token.tsx
@@ -1,31 +1,26 @@
 // Copyright (C) 2020-2022 Intel Corporation
+// Copyright (C) 2022 CVAT.ai Corporation
 //
 // SPDX-License-Identifier: MIT
 
 import React, { useEffect } from 'react';
 import { Redirect, useParams, useLocation } from 'react-router';
-import { useCookies } from 'react-cookie';
 
 export default function LoginWithTokenComponent(): JSX.Element {
     const location = useLocation();
-    const { sessionId, token } = useParams<{ sessionId: string; token: string }>();
-    const [cookies, setCookie] = useCookies(['sessionid', 'csrftoken']);
+    const { token } = useParams<{ token: string }>();
 
-    const expires1y = new Date(new Date().setFullYear(new Date().getFullYear() + 1));
-    const expires2w = new Date(new Date().setDate(new Date().getDate() + 13));
     const search = new URLSearchParams(location.search);
 
-    setCookie('sessionid', sessionId, { path: '/', expires: expires2w });
-    setCookie('csrftoken', token, { path: '/', expires: expires1y });
-
     useEffect(
-        () => () => {
-            window.location.reload();
+        () => {
+            localStorage.setItem('token', token);
+            return () => window.location.reload();
         },
-        [cookies.sessionid, cookies.csrftoken],
+        [token],
     );
 
-    if (cookies.sessionid && cookies.csrftoken) {
+    if (token) {
         return <Redirect to={search.get('next') || '/tasks'} />;
     }
     return <></>;
diff --git a/tests/cypress/integration/actions_users/issue_1810_login_logout.js b/tests/cypress/integration/actions_users/issue_1810_login_logout.js
index 994fa6f4..bf9b4d46 100644
--- a/tests/cypress/integration/actions_users/issue_1810_login_logout.js
+++ b/tests/cypress/integration/actions_users/issue_1810_login_logout.js
@@ -66,10 +66,8 @@ context('When clicking on the Logout button, get the user session closed.', () =
                     password: Cypress.env('password'),
                 },
             }).then(async (response) => {
-                const cookies = await response.headers['set-cookie'];
-                const csrfToken = cookies[0].match(/csrftoken=\w+/)[0].replace('csrftoken=', '');
-                const sessionId = cookies[1].match(/sessionid=\w+/)[0].replace('sessionid=', '');
-                cy.visit(`/login-with-token/${sessionId}/${csrfToken}?next=/tasks/${taskId}`);
+                const token = response.body.key;
+                cy.visit(`/auth/login-with-token/${token}?next=/tasks/${taskId}`);
                 cy.contains('.cvat-task-details-task-name', `${taskName}`).should('be.visible');
             });
         });