CE-2281: Frontend Ping integration login/logout
To test:
If testing locally: Change proxy in package.json to whatever environment BE Ping is deployed to. Also change BE_BASE in public/config.js to the same url.
Use simonrose as user with two roles and karlvestin for a user with one role.
See under suggested follow-ups for not implemented/not working features.
Suggested follow-ups:
Error handling - There is currently nothing that visually tells the user if any kind of error during login/logout processes.
- Error during login -> user is simply not logged in
- Error during logout -> visually looks like user is logged out, but might not be?
User without application access - A user logs in successfully, but is not granted access to application. Could this happen? How to handle?
Renew token - not implemented (old way is removed). Needs to be enabled by Ping. How this is going to work needs to be discussed. There might be a better solution to current implementation.
Handle restricted endpoints 401 response from BE - this is related to above Renew token. I haven't tested this yet, but as it is now a snackbar with error is displayed. User is not logged out, which might be an improvement to make.
Logout - Visually the user is logged out, the cookie is deleted, But when user clicks login, they're logged in without having to enter credentials. This is an unexpected behaviour and a security risk. Note: This is not supported in our current version of Ping, so it will have to wait until next release.
Redirect to where user began the login/logout process - In this implementation user is redirected to root after successful login/logout, not considering the actual path where user started process. This could perhaps be done better, but needs some investigation.
Double hard coded proxy endpoint - When developing locally, the BE server we want to proxy needs to be hardcoded in two places. Switching environment means changing in two places. This is a nuance and could be handled differently, by for example overriding the create react app dev server setup.