[blerner-assisted] cleanup() cleanups

- Reorder removing a key with setting a handler to avoid a spurious event
- Make sure cleanup clears localStorage and nulls out the channel
- Add some useful debugging info we can look for in console.logs

I tested this by commenting out cleanup and checking that all 3 modes triggered.

Then I added

+++ b/src/server.js
@@ -45,6 +45,11 @@ function start(config, onServerReady) {
   app = express();
   app.use(bodyParser.urlencoded({ extended: false }))
   app.use(bodyParser.json())
+  app.use(function(req, res, next) {
+    res.setHeader("Cross-Origin-Opener-Policy", "noopener-allow-popups");
+    next();
+  });
+

And verified that the postMessage failed, but the other two mechanisms succeed

Author: jpolitz

src/web/close.html

@@ -18,7 +18,7 @@
 // This is the fallback for environments like GoGuardian that inject COOP headers
 if (typeof BroadcastChannel !== 'undefined') {
   try {
-    var channel = new BroadcastChannel('pyret_auth');
+    let channel = new BroadcastChannel('pyret_auth');
     channel.postMessage({ type: 'auth_complete' });
     channel.close();
   } catch (e) {

src/web/js/google-apis/api-wrapper.js

@@ -54,29 +54,38 @@ function reauth(immediate, useFullScopes) {
 
     // Track whether we've already resolved to avoid double-resolution
     var resolved = false;
-    function resolveOnce() {
+    function resolveOnce(method) {
       if (!resolved) {
+        console.log("INFO: Popup login resolved by: ", method);
         resolved = true;
+        // NOTE(joe): A useful thing to do for testing is to comment out this
+        // cleanup(), and check which of the 3 methods are returning success
+        // here. cleanup() will stop others from triggering.
         cleanup();
         d.resolve(reauth(true, useFullScopes));
       }
+      else {
+        console.log("INFO: Popup login resolved again (ignored): ", method);
+      }
     }
 
     // Cleanup function to remove all listeners
     var channel = null;
     function cleanup() {
       window.removeEventListener('message', messageHandler);
       window.removeEventListener('storage', storageHandler);
+      try { localStorage.removeItem('pyret_auth_complete'); } catch (err) {}
       if (channel) {
-        try { channel.close(); } catch (e) {}
+        try { channel.close(); }
+        finally { channel = null; }
       }
     }
 
     // Method 1: Traditional postMessage (works when COOP allows window.opener)
     function messageHandler(e) {
       // e.domain appears to not be defined in Firefox
       if ((e.domain || e.origin) === document.location.origin) {
-        resolveOnce();
+        resolveOnce("postMessage");
       }
     }
     window.addEventListener('message', messageHandler);
@@ -88,7 +97,7 @@ function reauth(immediate, useFullScopes) {
         channel = new BroadcastChannel('pyret_auth');
         channel.onmessage = function(e) {
           if (e.data && e.data.type === 'auth_complete') {
-            resolveOnce();
+            resolveOnce("Broadcast");
           }
         };
       } catch (e) {
@@ -99,14 +108,14 @@ function reauth(immediate, useFullScopes) {
     // Method 3: localStorage fallback for very old browsers without BroadcastChannel
     function storageHandler(e) {
       if (e.key === 'pyret_auth_complete') {
-        resolveOnce();
+        resolveOnce("localStorage");
         // Clean up the flag
         try { localStorage.removeItem('pyret_auth_complete'); } catch (err) {}
       }
     }
-    window.addEventListener('storage', storageHandler);
     // Clear any stale auth flag before opening popup
     try { localStorage.removeItem('pyret_auth_complete'); } catch (e) {}
+    window.addEventListener('storage', storageHandler);
 
     // Need to do a login to get a cookie for this user; do it in a popup
     window.open(path);