Added test for missing authentication token (#5450)

<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md)
guide. -->

<!-- Provide a general summary of your changes in the Title above -->

### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Related #5331 
Added test, changed fix because of temporary solutions in #5344 
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->

### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [ ] I submit my changes into the `develop` branch
- [ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md)
file
- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation)
accordingly
- [ ] I have added tests to cover my changes
- [ ] I have linked related issues ([read github docs](

https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))
- [ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning),

[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning)
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning))

### License

- [ ] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the
project.
  Feel free to contact the maintainers if that's a concern.

---------
Co-authored-by: NMaya <maya17grd@gmail.com>

cvat-core/src/server-proxy.ts

@@ -42,11 +42,6 @@ function configureStorage(storage: Storage, useDefaultLocation = false): Partial
     };
 }
 
-function removeToken() {
-    Axios.defaults.headers.common.Authorization = '';
-    store.remove('token');
-}
-
 function waitFor(frequencyHz, predicate) {
     return new Promise<void>((resolve, reject) => {
         if (typeof predicate !== 'function') {
@@ -236,6 +231,27 @@ if (token) {
     Axios.defaults.headers.common.Authorization = `Token ${token}`;
 }
 
+function setAuthData(response) {
+    if (response.headers['set-cookie']) {
+        // Browser itself setup cookie and header is none
+        // In NodeJS we need do it manually
+        const cookies = response.headers['set-cookie'].join(';');
+        Axios.defaults.headers.common.Cookie = cookies;
+    }
+
+    if (response.data.key) {
+        token = response.data.key;
+        store.set('token', token);
+        Axios.defaults.headers.common.Authorization = `Token ${token}`;
+    }
+}
+
+function removeAuthData() {
+    Axios.defaults.headers.common.Authorization = '';
+    store.remove('token');
+    token = null;
+}
+
 async function about() {
     const { backendAPI } = config;
 
@@ -334,6 +350,7 @@ async function register(username, firstName, lastName, email, password, confirma
                 'Content-Type': 'application/json',
             },
         });
+        setAuthData(response);
     } catch (errorData) {
         throw generateError(errorData);
     }
@@ -349,7 +366,7 @@ async function login(credential, password) {
         .join('&')
         .replace(/%20/g, '+');
 
-    removeToken();
+    removeAuthData();
     let authenticationResponse = null;
     try {
         authenticationResponse = await Axios.post(`${config.backendAPI}/auth/login`, authenticationData, {
@@ -359,16 +376,7 @@ async function login(credential, password) {
         throw generateError(errorData);
     }
 
-    if (authenticationResponse.headers['set-cookie']) {
-        // Browser itself setup cookie and header is none
-        // In NodeJS we need do it manually
-        const cookies = authenticationResponse.headers['set-cookie'].join(';');
-        Axios.defaults.headers.common.Cookie = cookies;
-    }
-
-    token = authenticationResponse.data.key;
-    store.set('token', token);
-    Axios.defaults.headers.common.Authorization = `Token ${token}`;
+    setAuthData(authenticationResponse);
 }
 
 async function loginWithSocialAccount(
@@ -378,7 +386,7 @@ async function loginWithSocialAccount(
     process?: string,
     scope?: string,
 ) {
-    removeToken();
+    removeAuthData();
     const data = {
         code,
         ...(process ? { process } : {}),
@@ -395,9 +403,7 @@ async function loginWithSocialAccount(
         throw generateError(errorData);
     }
 
-    token = authenticationResponse.data.key;
-    store.set('token', token);
-    Axios.defaults.headers.common.Authorization = `Token ${token}`;
+    setAuthData(authenticationResponse);
 }
 
 async function logout() {
@@ -405,7 +411,7 @@ async function logout() {
         await Axios.post(`${config.backendAPI}/auth/logout`, {
             proxy: config.proxy,
         });
-        removeToken();
+        removeAuthData();
     } catch (errorData) {
         throw generateError(errorData);
     }
@@ -481,13 +487,16 @@ async function getSelf() {
 
 async function authorized() {
     try {
+        // In CVAT app we use two types of authentication
+        // At first we check if authentication token is present
+        // Request in getSelf will provide correct authentication cookies
+        if (!store.get('token')) {
+            removeAuthData();
+            return false;
+        }
         await getSelf();
     } catch (serverError) {
         if (serverError.code === 401) {
-            // In CVAT app we use two types of authentication,
-            // So here we are forcing user have both credential types
-            // First request will fail if session is expired, then we check
-            // for precense of token
             await logout();
             return false;
         }

tests/cypress/e2e/actions_objects2/case_15_group_features.js

 // Copyright (C) 2020-2022 Intel Corporation
-// Copyright (C) 2022 CVAT.ai Corporation
+// Copyright (C) 2022-2023 CVAT.ai Corporation
 //
 // SPDX-License-Identifier: MIT
 
@@ -61,18 +61,9 @@ context('Group features', () => {
     const trackSidebarItemArray = ['#cvat-objects-sidebar-state-item-3', '#cvat-objects-sidebar-state-item-4'];
 
     before(() => {
-        cy.clearLocalStorageSnapshot();
         cy.openTaskJob(taskName);
     });
 
-    beforeEach(() => {
-        cy.restoreLocalStorage();
-    });
-
-    afterEach(() => {
-        cy.saveLocalStorage();
-    });
-
     function testGroupObjects(objectsArray, cancelGrouping) {
         cy.get('.cvat-group-control').click();
         for (const shapeToGroup of objectsArray) {

tests/cypress/e2e/actions_organizations/case_113_new_organization_pipeline.js

 // Copyright (C) 2022 Intel Corporation
+// Copyright (C) 2023 CVAT.ai Corporation
 //
 // SPDX-License-Identifier: MIT
 
@@ -114,6 +115,10 @@ context('New organization pipeline.', () => {
         }
     });
 
+    beforeEach(() => {
+        cy.clearLocalStorage('currentOrganization');
+    });
+
     after(() => {
         cy.logout(thirdUserName);
         cy.getAuthKey().then((authKey) => {

tests/cypress/e2e/actions_users/issue_1810_login_logout.js

 // Copyright (C) 2020-2022 Intel Corporation
-// Copyright (C) 2022 CVAT.ai Corporation
+// Copyright (C) 2022-2023 CVAT.ai Corporation
 //
 // SPDX-License-Identifier: MIT
 
@@ -18,7 +18,6 @@ context('When clicking on the Logout button, get the user session closed.', () =
     }
 
     before(() => {
-        // TMP fix for login tests, need to change login logic with sessions
         cy.clearAllCookies();
         cy.clearAllLocalStorage();
         cy.visit('auth/login');

tests/cypress/e2e/issues_prs/pr_5331_missing_authentication_data.js

+// Copyright (C) 2023 CVAT.ai Corporation
+//
+// SPDX-License-Identifier: MIT
+
+/// <reference types="cypress" />
+
+context('Check behavior in case of missing authentification data', () => {
+    const prId = '5331';
+
+    before(() => {
+        cy.visit('auth/login');
+    });
+
+    describe(`Testing pr "${prId}"`, () => {
+        it('Auto logout if authentication token is missing', () => {
+            cy.login();
+            cy.clearLocalStorage('token');
+            cy.reload();
+            cy.get('.cvat-login-form-wrapper').should('exist');
+        });
+
+        it('Cookies are set correctly if only token is present', () => {
+            cy.login();
+            cy.get('.cvat-tasks-page').should('exist');
+            cy.clearCookies();
+            cy.getCookies()
+                .should('have.length', 0)
+                .then(() => {
+                    cy.reload();
+                    cy.get('.cvat-tasks-page').should('exist');
+                });
+        });
+    });
+});

tests/cypress/support/commands.js

@@ -41,9 +41,6 @@ Cypress.Commands.add('logout', (username = Cypress.env('user')) => {
     cy.visit('/auth/login');
     cy.url().should('not.include', '?next=');
     cy.contains('Sign in').should('exist');
-    // TMP fix for multi-user tests, need to change login logic with sessions
-    cy.clearAllCookies();
-    cy.clearAllLocalStorage();
 });
 
 Cypress.Commands.add('userRegistration', (firstName, lastName, userName, emailAddr, password) => {