Merge branch 'master' into EAR-2317-homepage-context

ONSdigital · Sep 2, 2024 · 1e426be · 1e426be
2 parents 79b5fd3 + 51b775e
commit 1e426be
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/eq-author/src/App/MeContext.js b/eq-author/src/App/MeContext.js
@@ -90,9 +90,34 @@ const ContextProvider = ({ history, client, children }) => {
   useEffect(() => {
     // be aware that the return from auth.onAuthStateChanged will change on firebase ver 4.0
     // https://firebase.google.com/docs/reference/js/v8/firebase.auth.Auth#onauthstatechanged
+    // This useEffect hook is responsible for handling the authentication state changes in Firebase.
+    // It listens for changes in the authentication state using the onAuthStateChanged method.
+    // When the authentication state changes, it updates the firebaseUser state and sets awaitingFirebase to false.
     auth.onAuthStateChanged((user) => {
       setFirebaseUser(user);
       setAwaitingFirebase(false);
+      // It also sets up a session timeout for the user if they are authenticated.
+      // If the user is not authenticated, the session timeout is cleared using clearTimeout.
+      let sessionTimeout = null;
+      if (user === null || user === undefined) {
+        sessionTimeout && clearTimeout(sessionTimeout);
+        sessionTimeout = null;
+      } else {
+        // If the user is authenticated, it retrieves the ID token result and calculates the session duration.
+        user.getIdTokenResult().then((idTokenResult) => {
+          const authTime = idTokenResult.claims.auth_time * 1000;
+          // The session duration is set to 7 days.
+          // The format of the session duration calculation is in milliseconds/seconds/minutes/hours/days.
+          const sessionDuration = 1000 * 60 * 60 * 24 * 7; // 604,800,000 milliseconds
+          const millisecondsUntilExpiration =
+            sessionDuration - (Date.now() - authTime);
+          // It then sets up a session timeout using setTimeout, which will automatically sign out the user after the session duration expires.
+          sessionTimeout = setTimeout(
+            () => auth.signOut(),
+            millisecondsUntilExpiration
+          );
+        });
+      }
     });
   }, []);