FE tweaks for session changes, no longer require setting cookie in JS

frontend/src/metabase/auth/auth.js

@@ -6,7 +6,6 @@ import {
 
 import { push } from "react-router-redux";
 
-import MetabaseCookies from "metabase/lib/cookies";
 import MetabaseUtils from "metabase/lib/utils";
 import MetabaseAnalytics from "metabase/lib/analytics";
 import MetabaseSettings from "metabase/lib/settings";
@@ -36,10 +35,8 @@ export const login = createThunkAction(LOGIN, function(
     }
 
     try {
-      let newSession = await SessionApi.create(credentials);
-
-      // since we succeeded, lets set the session cookie
-      MetabaseCookies.setSessionCookie(newSession.id);
+      // NOTE: this request will return a Set-Cookie header for the session
+      await SessionApi.create(credentials);
 
       MetabaseAnalytics.trackEvent("Auth", "Login");
       // TODO: redirect after login (carry user to intended destination)
@@ -59,13 +56,11 @@ export const loginGoogle = createThunkAction(LOGIN_GOOGLE, function(
 ) {
   return async function(dispatch, getState) {
     try {
-      let newSession = await SessionApi.createWithGoogleAuth({
+      // NOTE: this request will return a Set-Cookie header for the session
+      await SessionApi.createWithGoogleAuth({
         token: googleUser.getAuthResponse().id_token,
       });
 
-      // since we succeeded, lets set the session cookie
-      MetabaseCookies.setSessionCookie(newSession.id);
-
       MetabaseAnalytics.trackEvent("Auth", "Google Auth Login");
 
       // TODO: redirect after login (carry user to intended destination)
@@ -87,13 +82,12 @@ export const loginGoogle = createThunkAction(LOGIN_GOOGLE, function(
 export const LOGOUT = "metabase/auth/LOGOUT";
 export const logout = createThunkAction(LOGOUT, function() {
   return function(dispatch, getState) {
-    // TODO: as part of a logout we want to clear out any saved state that we have about anything
+    // actively delete the session and remove the cookie
+    SessionApi.delete();
+
+    // clear Google auth credentials if any are present
+    clearGoogleAuthCredentials();
 
-    let sessionId = MetabaseCookies.setSessionCookie();
-    if (sessionId) {
-      // actively delete the session
-      SessionApi.delete({ session_id: sessionId });
-    }
     MetabaseAnalytics.trackEvent("Auth", "Logout");
 
     dispatch(push("/auth/login"));
@@ -118,16 +112,12 @@ export const passwordReset = createThunkAction(PASSWORD_RESET, function(
     }
 
     try {
-      let result = await SessionApi.reset_password({
+      // NOTE: this request will return a Set-Cookie header for the session
+      await SessionApi.reset_password({
         token: token,
         password: credentials.password,
       });
 
-      if (result.session_id) {
-        // we should have a valid session that we can use immediately!
-        MetabaseCookies.setSessionCookie(result.session_id);
-      }
-
       MetabaseAnalytics.trackEvent("Auth", "Password Reset");
 
       return {

frontend/src/metabase/setup/actions.js

-//import _ from "underscore";
 import { createAction } from "redux-actions";
 import { createThunkAction } from "metabase/lib/redux";
 
 import MetabaseAnalytics from "metabase/lib/analytics";
-import MetabaseCookies from "metabase/lib/cookies";
 import MetabaseSettings from "metabase/lib/settings";
 
 import { SetupApi, UtilApi } from "metabase/services";
@@ -50,6 +48,7 @@ export const submitSetup = createThunkAction(SUBMIT_SETUP, function() {
     let { setup: { allowTracking, databaseDetails, userDetails } } = getState();
 
     try {
+      // NOTE: this request will return a Set-Cookie header for the session
       let response = await SetupApi.create({
         token: MetabaseSettings.get("setup_token"),
         prefs: {
@@ -75,9 +74,6 @@ export const submitSetup = createThunkAction(SUBMIT_SETUP, function() {
 export const completeSetup = createAction(COMPLETE_SETUP, function(
   apiResponse,
 ) {
-  // setup user session
-  MetabaseCookies.setSessionCookie(apiResponse.id);
-
   // clear setup token from settings
   MetabaseSettings.setAll({ setup_token: null });