Merge pull request #417 from MuckRock/fix/getMe-too-many-calls

Prevent calls to `getMe` from embed

.storybook/main.ts

@@ -14,6 +14,7 @@ const config: StorybookConfig = {
     "@storybook/addon-essentials",
     "@storybook/addon-interactions",
     "@storybook/addon-svelte-csf",
+    "storybook-addon-cookie",
   ],
   framework: {
     name: "@storybook/svelte-webpack5",

.storybook/preview.ts

@@ -20,6 +20,10 @@ const preview: Preview = {
         date: /Date$/,
       },
     },
+    cookie: {
+      csrftoken: "mockToken",
+    },
+    cookiePreserve: true,
   },
 };
 

package.json

@@ -80,6 +80,7 @@
     "react-dom": "^18.2.0",
     "serve": "^14.2.0",
     "storybook": "7.6.10",
+    "storybook-addon-cookie": "^3.2.0",
     "storybook-mock-date-decorator": "^1.0.1",
     "svelte-jester": "^3.0.0",
     "tape": "^5.7.2",

src/api/orgAndUser.js

@@ -1,10 +1,13 @@
-import session from "./session.js";
+import session, { cookiesEnabled, getCsrfToken } from "./session.js";
 import { USER_EXPAND, ORG_EXPAND, DEFAULT_EXPAND } from "./common.js";
 import { queryBuilder } from "@/util/url.js";
 import { grabAllPages } from "@/util/paginate.js";
 import { apiUrl } from "./base.js";
 
 export async function getMe(expand = DEFAULT_EXPAND) {
+  // Check that the user is logged in via cookies
+  if (cookiesEnabled && !getCsrfToken()) return null;
+  // Check that the user is logged in via network request
   const { status, data } = await session.get(
     queryBuilder(apiUrl(`users/me/`), { expand }),
   );

src/common/dialog/stories/RevisionsDialog.stories.svelte

@@ -143,3 +143,14 @@
     msw: { handlers: [revisionControl.loading, mockGetMe.loading] },
   }}
 />
+<Story
+  name="Without CSRF Token"
+  {args}
+  parameters={{
+    msw: { handlers: [revisionControl.success, mockGetMe.data] },
+    cookie: {
+      csrftoken: "",
+    },
+    cookiePreserve: false,
+  }}
+/>