Merge pull request #218 from TAMULib/2022_dec-217-authfix

Issue 217: Weaver authentication is making unsafe assumptions on the data and failing out incorrectly.

app/services/userService.js

@@ -10,10 +10,24 @@ core.service("UserService", function ($q, StorageService, User, WsApi) {
 
     UserService.fetchUser = function () {
         userEvents.notify('FETCH');
+
         return WsApi.fetch(currentUser.getMapping().instantiate).then(function (res) {
-            delete sessionStorage.role;
-            var credentials = angular.fromJson(res.body).payload.Credentials;
-            currentUser.anonymous = credentials.role === appConfig.anonymousRole ? true : false;
+            var body = !!res && !!res.body ? angular.fromJson(res.body) : {};
+            var credentials = { role: !!currentUser.role ? currentUser.role : appConfig.anonymousRole };
+
+            // Only change credentials when packet structure is valid.
+            if (!!body && !!body.payload && !!body.payload.Credentials) {
+              delete sessionStorage.role;
+              credentials = angular.fromJson(res.body).payload.Credentials;
+            }
+
+            currentUser.anonymous = !credentials.role || credentials.role === appConfig.anonymousRole;
+
+            // Cannot have a token for the anonymous role.
+            if (currentUser.anonymous) {
+              StorageService.delete("token");
+            }
+
             angular.extend(currentUser, credentials);
             StorageService.set("role", currentUser.role);
             userEvents.notify('RECEIVED');