improvement: clear auth information from memory when logging out (#5316)

* clears authentications when logout is clicked

* tests the headers sent in the network request

* adds test for multiple api keys

* refactors tests to extract common uses

* correct test message description

Co-authored-by: kyle shockey <kyleshockey@gmail.com>

src/core/components/auth/auths.jsx

@@ -38,6 +38,11 @@ export default class Auths extends React.Component {
       return key
     }).toArray()
 
+    this.setState(auths.reduce((prev, auth) => {
+      prev[auth] = ""
+      return prev
+    }, {}))
+
     authActions.logout(auths)
   }
 

test/e2e-cypress/static/documents/bugs/4641.yaml

@@ -0,0 +1,47 @@
+openapi: 3.0.0
+info:
+  title: Demo API
+  description: First test
+  termsOfService: 'http://demo.io/terms-of-service/'
+  contact:
+    name: Demo Support
+    email: support@demo.io
+  version: 1.0.0
+
+paths:
+  /4641_1:
+    get:
+      summary: Returns a 200
+      security:
+        - api_key_1: []
+      responses:
+        '200':
+          description: A 200
+          content:
+            application/text:
+              schema:
+                type: string
+  /4641_2:
+    get:
+      summary: Returns a 200
+      security:
+        - api_key_1: []
+        - api_key_2: []
+      responses:
+        '200':
+          description: A 200
+          content:
+            application/text:
+              schema:
+                type: string
+
+components:
+  securitySchemes:
+    api_key_1:
+      type: apiKey
+      name: api_key_1
+      in: header
+    api_key_2:
+      type: apiKey
+      name: api_key_2
+      in: header

test/e2e-cypress/tests/bugs/4641.js

@@ -0,0 +1,98 @@
+const clickTryItOutAndExecute = () => {
+  return cy
+    .get(".opblock-summary")
+    .click()
+    .get(".try-out > .btn") // expand "try it out"
+    .click()
+    .get(".execute-wrapper > .btn") // excecute request
+    .click()
+}
+
+const fillInApiKeyAndAuthorise = apiKey => () => {
+  return cy
+    .get("section>input") // type api key into input
+    .type(apiKey)
+    .get(".auth-btn-wrapper > .authorize") // authorise button
+    .click()
+}
+
+const clickLogoutAndReauthorise = () => {
+  return cy
+    .get(".auth-btn-wrapper button:nth-child(1)") // logout button
+    .click()
+    .get(".auth-btn-wrapper > .authorize") // authorise button
+    .click()
+}
+
+describe("#4641: The Logout button in Authorize popup not clearing API Key", () => {
+  beforeEach(() => {
+    cy.server()
+    cy
+      .route({
+        url: "/4641*",
+        response: "OK",
+      })
+      .as("request")
+  })
+
+  it("should include the given api key in requests", () => {
+    cy
+      .visit("/?url=/documents/bugs/4641.yaml")
+      .get("button.btn.authorize") // open authorize popup
+      .click()
+      .get(".modal-ux-content > :nth-child(1)") // only deal with api_key_1 for this test
+      .within(fillInApiKeyAndAuthorise("my_api_key"))
+      .get(".close-modal") // close authorise popup button
+      .click()
+      .get("#operations-default-get_4641_1") // expand the route details
+      .within(clickTryItOutAndExecute)
+      .get("@request")
+      .its("request")
+      .should(request => {
+        expect(request.headers).to.have.property("api_key_1", "my_api_key")
+      })
+  })
+
+  it("should not remember the previous auth value when you logout and reauthorise", () => {
+    cy
+      .visit("/?url=/documents/bugs/4641.yaml")
+      .get("button.btn.authorize") // open authorize popup
+      .click()
+      .get(".modal-ux-content > :nth-child(1)") // only deal with api_key_1 for this test
+      .within(fillInApiKeyAndAuthorise("my_api_key"))
+      .get(".modal-ux-content > :nth-child(1)") // only deal with api_key_1 for this test
+      .within(clickLogoutAndReauthorise)
+      .get(".close-modal") // close authorise popup button
+      .click()
+      .get("#operations-default-get_4641_1") // expand the route details
+      .within(clickTryItOutAndExecute)
+      .get("@request")
+      .its("request")
+      .should(request => {
+        expect(request.headers).not.to.have.property("api_key_1")
+      })
+  })
+
+  it("should only forget the value of the auth the user logged out from", () => {
+    cy
+      .visit("/?url=/documents/bugs/4641.yaml")
+      .get("button.btn.authorize") // open authorize popup
+      .click()
+      .get(".modal-ux-content > :nth-child(1)") // deal with api_key_1
+      .within(fillInApiKeyAndAuthorise("my_api_key"))
+      .get(".modal-ux-content > :nth-child(2)") // deal with api_key_2
+      .within(fillInApiKeyAndAuthorise("my_second_api_key"))
+      .get(".modal-ux-content > :nth-child(1)") // deal with api_key_1 again
+      .within(clickLogoutAndReauthorise)
+      .get(".close-modal") // close authorise popup button
+      .click()
+      .get("#operations-default-get_4641_2") // expand the route details
+      .within(clickTryItOutAndExecute)
+      .get("@request")
+      .its("request")
+      .should(request => {
+        expect(request.headers).not.to.have.property("api_key_1")
+        expect(request.headers).to.have.property("api_key_2", "my_second_api_key")
+      })
+  })
+})