From a9239997effa2a07c6c41270aecfbc305be63576 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@znuny.com>
Date: Mon, 25 Jun 2018 15:59:07 +0200
Subject: [PATCH] Fixed race condition: Running AJAX requests after logout was
 performed cause side effects.

---
 .../javascripts/app/lib/app_post/auth.coffee  | 47 ++++++++++++-------
 .../app/models/_application_model.coffee      |  8 ++--
 .../agent_ticket_time_accounting_test.rb      |  5 ++
 3 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/app/assets/javascripts/app/lib/app_post/auth.coffee b/app/assets/javascripts/app/lib/app_post/auth.coffee
index c15c6b2e7..b77dda363 100644
--- a/app/assets/javascripts/app/lib/app_post/auth.coffee
+++ b/app/assets/javascripts/app/lib/app_post/auth.coffee
@@ -45,18 +45,33 @@ class App.Auth
 
   @logout: ->
     App.Log.debug 'Auth', 'logout'
-    App.Ajax.request(
-      id:   'logout'
-      type: 'DELETE'
-      url:  App.Config.get('api_path') + '/signout'
-      success: =>
 
-        # set logout (config, session, ...)
-        @_logout()
+    # abort all AJAX requests
+    # performed from the App context
+    App.Ajax.abortAll()
 
-      error: (xhr, statusText, error) =>
-        @_loginError()
-    )
+    # add task to Spine.AJAX queue
+    # which will finish all queued requests
+    # and perform the logout afterwards
+    performLogut = =>
+
+      # clear all following AJAX
+      # tasks left in the queue
+      Spine.Ajax.clearQueue()
+
+      App.Ajax.request(
+        id:   'logout'
+        type: 'DELETE'
+        url:  App.Config.get('api_path') + '/signout'
+        success: =>
+
+          # set logout (config, session, ...)
+          @_logout()
+
+        error: (xhr, statusText, error) =>
+          @_loginError()
+      )
+    Spine.Ajax.queue(performLogut)
 
   @_login: (data, type) ->
     App.Log.debug 'Auth', '_login:success', data
@@ -137,9 +152,14 @@ class App.Auth
   @_logout: (rerender = true) ->
     App.Log.debug 'Auth', '_logout'
 
-    App.Ajax.abortAll()
     App.TaskManager.reset()
     App.Session.init()
+    App.Ajax.abortAll()
+
+    # clear all in-memory data of all App.Model's
+    for model_key, model_object of App
+      if _.isFunction(model_object.clearInMemory)
+        model_object.clearInMemory()
 
     App.Event.trigger('auth')
     App.Event.trigger('auth:logout')
@@ -148,11 +168,6 @@ class App.Auth
       App.Event.trigger('ui:rerender')
     App.Event.trigger('clearStore')
 
-    # clear all in-memory data of all App.Model's
-    for model_key, model_object of App
-      if _.isFunction(model_object.clearInMemory)
-        model_object.clearInMemory()
-
   @_loginError: ->
     App.Log.debug 'Auth', '_loginError:error'
 
diff --git a/app/assets/javascripts/app/models/_application_model.coffee b/app/assets/javascripts/app/models/_application_model.coffee
index 8a0830c05..50724313b 100644
--- a/app/assets/javascripts/app/models/_application_model.coffee
+++ b/app/assets/javascripts/app/models/_application_model.coffee
@@ -393,7 +393,7 @@ set new attributes of model (remove already available attributes)
               ->
               clear: true
             )
-          App.Delay.set(callback, 200, "full-#{@className}")
+          App.Delay.set(callback, 200, "fullcollection-#{@className}", "model-#{@className}")
 
         "Collection::Subscribe::#{@className}"
       )
@@ -506,7 +506,7 @@ set new attributes of model (remove already available attributes)
             if !genericObject || new Date(item.updated_at) > new Date(genericObject.updated_at)
               App.Log.debug('Model', "request #{@className}.find(#{item.id}) from server")
               @full(item.id, false, true)
-          App.Delay.set(callback, 600, item.id, "full-#{@className}-#{item.id}")
+          App.Delay.set(callback, 600, "full-#{item.id}", "model-#{@className}")
         "Item::Subscribe::#{@className}"
       )
 
@@ -520,7 +520,7 @@ set new attributes of model (remove already available attributes)
           App.Log.debug('Model', "server delete on #{@className}.find(#{item.id}) #{item.updated_at}")
           callback = ->
             genericObject.trigger('destroy', genericObject)
-          App.Delay.set(callback, 500, item.id, "delete-#{@className}-#{item.id}")
+          App.Delay.set(callback, 500, "delete-#{item.id}", "model-#{@className}")
         "Item::SubscribeDelete::#{@className}"
       )
 
@@ -833,6 +833,8 @@ set new attributes of model (remove already available attributes)
     )
 
   @clearInMemory: ->
+    App.Delay.clearLevel("model-#{@className}")
+
     # reset callbacks to session based functions
     @resetCallbacks()
 
diff --git a/test/browser/agent_ticket_time_accounting_test.rb b/test/browser/agent_ticket_time_accounting_test.rb
index fcfc2ef84..acb8300aa 100644
--- a/test/browser/agent_ticket_time_accounting_test.rb
+++ b/test/browser/agent_ticket_time_accounting_test.rb
@@ -152,5 +152,10 @@ class AgentTicketTimeAccountingTest < TestCase
       css: '.content.active .js-timeAccountingSetting',
       type: 'off',
     )
+
+    # make sure "off" AJAX request gets completed
+    # otherwise following tests might fail because
+    # off still active timeaccounting
+    logout()
   end
 end