From 48684560f6f05a92e2f29ee56086a1da390307ab Mon Sep 17 00:00:00 2001 From: Zak Burke Date: Mon, 2 Dec 2024 13:42:12 -0500 Subject: [PATCH] STCOR-912 spread session, _self data when resuming session (#1568) Spread together existing session data with the response data from the `_self` endpoint. The latter may contain updated information such as new permissions, but it may also be sparsely populated, e.g. if the user has not selected a default service point but the active service point has been saved to the session. We take the union of the data, with the `_self` data overwriting matching values. Think of it like a bitwise-or. Refs [STCOR-912](https://folio-org.atlassian.net/browse/STCOR-912) --- CHANGELOG.md | 1 + src/loginServices.js | 5 ++++- src/loginServices.test.js | 8 ++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c8de23b9..6032c8b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ * Use the `users-keycloak/_self` endpoint conditionally when the `users-keycloak` interface is present; otherwise, use `bl-users/_self` within `useUserTenantPermissions`. Refs STCOR-905. * Don't override initial discovery and okapi data in test mocks. Refs STCOR-913. * `` must consume `QueryClient` in order to supply it to `loginServices::logout()`. Refs STCOR-907. +* On resuming session, spread session and `_self` together to preserve session values. Refs STCOR-912. ## [10.2.0](https://github.com/folio-org/stripes-core/tree/v10.2.0) (2024-10-11) [Full Changelog](https://github.com/folio-org/stripes-core/compare/v10.1.1...v10.2.0) diff --git a/src/loginServices.js b/src/loginServices.js index 132c3f8a..5a38dc46 100644 --- a/src/loginServices.js +++ b/src/loginServices.js @@ -809,7 +809,10 @@ export function validateUser(okapiUrl, store, tenant, session) { // data isn't provided by _self. store.dispatch(setSessionData({ isAuthenticated: true, - user, + // spread data from the previous session (which may include session-specific + // values such as the current service point), and the restructured user object + // (which includes permissions in a lookup-friendly way) + user: { ...session.user, ...user }, perms, tenant: sessionTenant, token, diff --git a/src/loginServices.test.js b/src/loginServices.test.js index e05342b5..da048d85 100644 --- a/src/loginServices.test.js +++ b/src/loginServices.test.js @@ -350,7 +350,11 @@ describe('validateUser', () => { }; const session = { - user: { id: 'id', username: 'username' }, + user: { + id: 'id', + username: 'username', + storageOnlyValue: 'is still persisted', + }, perms: { foo: true }, tenant: sessionTenant, token: 'token', @@ -361,7 +365,7 @@ describe('validateUser', () => { await validateUser('url', store, tenant, session); const updatedSession = { - user: data.user, + user: { ...session.user, ...data.user }, isAuthenticated: true, perms: { ask: true, tell: true }, tenant: session.tenant,