New: [AEA-6292] - Authentication redirect & blocking render improvements#1865
Merged
connoravo-nhs merged 105 commits intomainfrom Mar 31, 2026
Merged
New: [AEA-6292] - Authentication redirect & blocking render improvements#1865connoravo-nhs merged 105 commits intomainfrom
connoravo-nhs merged 105 commits intomainfrom
Conversation
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
…en blocking conditions Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
… concurrent on primary session on select role page Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
…on, as blocked rn Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
…-tracker-ui into AEA-6292
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
…s have a test Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
connoravo-nhs
commented
Mar 5, 2026
| tokenMapping.cis2IdToken !== undefined && | ||
| tokenMapping.cis2ExpiresIn !== undefined && | ||
| tokenMapping.lastActivityTime !== undefined && | ||
| tokenMapping.lastActivityTime > Date.now() - fifteenMinutes |
Contributor
Author
There was a problem hiding this comment.
A strange case where a token wasn't fully "cleaned" from the database, it existed as a user entry but no further information. This was presenting as a concurrent session to users who weren't logged in elsewhere.
connoravo-nhs
commented
Mar 5, 2026
| function checkIfValidTokenMapping(tokenMapping: TokenMappingItem | undefined): boolean { | ||
| const fifteenMinutes = 15 * 60 * 1000 | ||
|
|
||
| return tokenMapping !== undefined && |
Contributor
Author
There was a problem hiding this comment.
A strange case where a token wasn't fully "cleaned" from the database, it existed as a user entry but no further information. This was presenting as a concurrent session to users who weren't logged in elsewhere.
connoravo-nhs
commented
Mar 5, 2026
| return ( | ||
| <AccessContext.Provider value={{}}> | ||
| {children} | ||
| {shouldBlockChildren() ? <Layout><LoadingPage /></Layout> : children} |
Contributor
Author
There was a problem hiding this comment.
Children shown should always satisfy shouldBlockChildren within the Access Provider. Having it seperately could lead to potential race conditions.
connoravo-nhs
commented
Mar 26, 2026
| const isAmplifyHostRequest = config.url?.includes("/api/cis2-signout") ?? false | ||
| if (idToken === undefined && !isAmplifyHostRequest) { | ||
| controller.abort() | ||
| throw new Error("Could not get a cognito token") |
Contributor
Author
There was a problem hiding this comment.
To discuss impact on AEA-5838
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
| }, [auth.rolesWithAccess, auth.rolesWithoutAccess]) | ||
|
|
||
| // Handle auto-redirect for single role | ||
| useEffect(() => { |
Contributor
Author
There was a problem hiding this comment.
Shifted to AccessProvider
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
connoravo-nhs
commented
Mar 27, 2026
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
…ion. Resolve rum log sent state Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
|
|
||
| if (remainingSeconds !== undefined) { | ||
| const twoMinutes = 2 * 60 // Minutes into seconds | ||
|
|
Contributor
There was a problem hiding this comment.
the timeout modal is appearing on the /select-your-role page which causes an error when you choose 'stay logged in' as handlestayloggedin works by re-selecting your role.
const currentPath = normalizePath(location.pathname)
if (currentPath === FRONTEND_PATHS.SELECT_YOUR_ROLE) {
return
}
there might be a more elegant solution but just adding the code above worked for me
Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>
|
jonathanwelch1-nhs
approved these changes
Mar 31, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Details
Aims to resolve the bugs identified in:
Changes made:
The ensureRoleSelected function has been somewhat re-written to ensure hierarchical order is correct & that if statements are "looser" fitting to negative scenarios. Public paths shouldn't be affected by redirections apart from root and login.
The shouldBlockChildren function has also had additional conditions added, that will ensure a render block occurs, so that on-page useEffects don't run.
The shouldBlockChildren now dictates within AccessContext.Provider return, whether the children or loading page should be shown. This is believed to resolve an issue where re-rendering wasn't occurring in the event of a state change if a user was on the loading page in an auth transition state.
Token lambdas now check for a 'complete' token information in the DynamoDb table, to prevent the cause of eventual consistency of a session logout, where a dynamoDb row remains with skeleton information and no actual credentials.