@thoughtspot/visual-embed-sdk 1.11.0-auth.9 → 1.11.2

package/lib/src/visual-embed-sdk.d.ts

@@ -1,4 +1,6 @@
 // Generated by dts-bundle v0.7.3
+// Dependencies for this module:
+//   ../../eventemitter3
 
 declare module '@thoughtspot/visual-embed-sdk' {
     /**
@@ -11,11 +13,12 @@ declare module '@thoughtspot/visual-embed-sdk' {
       * @author Ayon Ghosh <ayon.ghosh@thoughtspot.com>
       */
     import { AppEmbed, Page, AppViewConfig } from '@thoughtspot/visual-embed-sdk/embed/app';
-    import { init, prefetch } from '@thoughtspot/visual-embed-sdk/embed/base';
+    import { init, prefetch, logout } from '@thoughtspot/visual-embed-sdk/embed/base';
     import { PinboardEmbed, LiveboardViewConfig, LiveboardEmbed } from '@thoughtspot/visual-embed-sdk/embed/liveboard';
     import { SearchEmbed, SearchViewConfig } from '@thoughtspot/visual-embed-sdk/embed/search';
+    import { AuthFailureType, AuthStatus } from '@thoughtspot/visual-embed-sdk/auth';
     import { AuthType, RuntimeFilter, RuntimeFilterOp, EmbedEvent, HostEvent, DataSourceVisualMode, Action, EmbedConfig } from '@thoughtspot/visual-embed-sdk/types';
-    export { init, prefetch, SearchEmbed, PinboardEmbed, LiveboardEmbed, AppEmbed, Page, AuthType, RuntimeFilter, RuntimeFilterOp, EmbedEvent, HostEvent, DataSourceVisualMode, Action, EmbedConfig, SearchViewConfig, LiveboardViewConfig, AppViewConfig, };
+    export { init, logout, prefetch, SearchEmbed, PinboardEmbed, LiveboardEmbed, AppEmbed, AuthFailureType, AuthStatus, Page, AuthType, RuntimeFilter, RuntimeFilterOp, EmbedEvent, HostEvent, DataSourceVisualMode, Action, EmbedConfig, SearchViewConfig, LiveboardViewConfig, AppViewConfig, };
 }
 
 declare module '@thoughtspot/visual-embed-sdk/embed/app' {
@@ -134,14 +137,27 @@ declare module '@thoughtspot/visual-embed-sdk/embed/app' {
 }
 
 declare module '@thoughtspot/visual-embed-sdk/embed/base' {
+    /**
+        * Copyright (c) 2022
+        *
+        * Base classes
+        *
+        * @summary Base classes
+        * @author Ayon Ghosh <ayon.ghosh@thoughtspot.com>
+        */
+    import EventEmitter from 'eventemitter3';
     import { EmbedConfig } from '@thoughtspot/visual-embed-sdk/types';
+    import { AuthFailureType } from '@thoughtspot/visual-embed-sdk/auth';
     export let authPromise: Promise<boolean>;
+    export const getEmbedConfig: () => EmbedConfig;
+    export const getAuthPromise: () => Promise<boolean>;
+    export function notifyAuthSuccess(): void;
+    export function notifyAuthFailure(failureType: AuthFailureType): void;
+    export function notifyLogout(): void;
     /**
         * Perform authentication on the ThoughtSpot app as applicable.
         */
     export const handleAuth: () => Promise<boolean>;
-    export const getEmbedConfig: () => EmbedConfig;
-    export const getAuthPromise: () => Promise<boolean>;
     /**
         * Prefetches static resources from the specified URL. Web browsers can then cache the prefetched resources and serve them from the user's local disk to provide faster access to your app.
         * @param url The URL provided for prefetch
@@ -153,14 +169,31 @@ declare module '@thoughtspot/visual-embed-sdk/embed/base' {
         * @param embedConfig The configuration object containing ThoughtSpot host,
         * authentication mechanism and so on.
         *
-        * @returns authPromise Promise which resolves when authentication is complete.
+        * eg: authStatus = init(config);
+        * authStatus.on(AuthStatus.FAILURE, (reason) => { // do something here });
+        *
+        * @returns event emitter which emits events on authentication success, failure and logout. {@link AuthStatus}
         */
-    export const init: (embedConfig: EmbedConfig) => Promise<boolean>;
+    export const init: (embedConfig: EmbedConfig) => EventEmitter;
+    export function disableAutoLogin(): void;
+    /**
+        * Logout from ThoughtSpot. This also sets the autoLogin flag to false, to prevent
+        * the SDK from automatically logging in again.
+        *
+        * You can call the `init` method again to re login, if autoLogin is set to true in this
+        * second call it will be honored.
+        *
+        * @param doNotDisableAutoLogin This flag when passed will not disable autoLogin
+        * @returns Promise which resolves when logout completes.
+        * @version SDK: 1.10.1 | ThoughtSpot: *
+        */
+    export const logout: (doNotDisableAutoLogin?: boolean) => Promise<boolean>;
     /**
         * Renders functions in a queue, resolves to next function only after the callback next is called
         * @param fn The function being registered
         */
     export const renderInQueue: (fn: (next?: (val?: any) => void) => void) => void;
+    export function reset(): void;
 }
 
 declare module '@thoughtspot/visual-embed-sdk/embed/liveboard' {
@@ -306,6 +339,10 @@ declare module '@thoughtspot/visual-embed-sdk/embed/search' {
                 * using raw answer data.
                 */
             hideResults?: boolean;
+            /**
+                * If set to true, expands all the data sources panel.
+                */
+            expandAllDataSource?: boolean;
             /**
                 * If set to true, the Search Assist feature is enabled.
                 */
@@ -353,6 +390,65 @@ declare module '@thoughtspot/visual-embed-sdk/embed/search' {
     export {};
 }
 
+declare module '@thoughtspot/visual-embed-sdk/auth' {
+    import { EmbedConfig } from '@thoughtspot/visual-embed-sdk/types';
+    export let loggedInStatus: boolean;
+    export let samlAuthWindow: Window;
+    export let samlCompletionPromise: Promise<void>;
+    export let sessionInfo: any;
+    export const SSO_REDIRECTION_MARKER_GUID = "5e16222e-ef02-43e9-9fbd-24226bf3ce5b";
+    export const EndPoints: {
+            AUTH_VERIFICATION: string;
+            SAML_LOGIN_TEMPLATE: (targetUrl: string) => string;
+            OIDC_LOGIN_TEMPLATE: (targetUrl: string) => string;
+            TOKEN_LOGIN: string;
+            BASIC_LOGIN: string;
+            LOGOUT: string;
+    };
+    export enum AuthFailureType {
+            SDK = "SDK",
+            NO_COOKIE_ACCESS = "NO_COOKIE_ACCESS",
+            EXPIRY = "EXPIRY",
+            OTHER = "OTHER"
+    }
+    export enum AuthStatus {
+            FAILURE = "FAILURE",
+            SUCCESS = "SUCCESS",
+            LOGOUT = "LOGOUT"
+    }
+    /**
+        * Return sessionInfo if available else make a loggedIn check to fetch the sessionInfo
+        */
+    export function getSessionInfo(): any;
+    export function initSession(sessionDetails: any): void;
+    /**
+        * Perform token based authentication
+        * @param embedConfig The embed configuration
+        */
+    export const doTokenAuth: (embedConfig: EmbedConfig) => Promise<boolean>;
+    /**
+        * Perform basic authentication to the ThoughtSpot cluster using the cluster
+        * credentials.
+        *
+        * Warning: This feature is primarily intended for developer testing. It is
+        * strongly advised not to use this authentication method in production.
+        * @param embedConfig The embed configuration
+        */
+    export const doBasicAuth: (embedConfig: EmbedConfig) => Promise<boolean>;
+    export const doSamlAuth: (embedConfig: EmbedConfig) => Promise<boolean>;
+    export const doOIDCAuth: (embedConfig: EmbedConfig) => Promise<boolean>;
+    export const logout: (embedConfig: EmbedConfig) => Promise<boolean>;
+    /**
+        * Perform authentication on the ThoughtSpot cluster
+        * @param embedConfig The embed configuration
+        */
+    export const authenticate: (embedConfig: EmbedConfig) => Promise<boolean>;
+    /**
+        * Check if we are authenticated to the ThoughtSpot cluster
+        */
+    export const isAuthenticated: () => boolean;
+}
+
 declare module '@thoughtspot/visual-embed-sdk/types' {
     /**
         * The authentication mechanism for allowing access to the
@@ -438,6 +534,15 @@ declare module '@thoughtspot/visual-embed-sdk/types' {
                 * @default false
                 */
             noRedirect?: boolean;
+            /**
+                * [SSO] For SSO Authentication, one can supply an optional path param,
+                * this will be the path on the host origin where the SAML flow will be
+                * terminated.
+                *
+                * Eg: "/dashboard", "#/foo" [Do not include the host]
+                * @version SDK: 1.10.2 | ThoughtSpot: *
+                */
+            redirectPath?: string;
             /** @internal */
             basepath?: string;
             /**
@@ -492,6 +597,14 @@ declare module '@thoughtspot/visual-embed-sdk/types' {
                 * @default ''
                 */
             customCssUrl?: string;
+            /**
+                * [AuthServer|Basic] Detect if 3rd party cookies are enabled by doing an additional call. This is slower
+                * and should be avoided. Listen to the NO_COOKIE_ACCESS event to handle the situation.
+                *
+                * This is slightly slower than letting the browser handle the cookie check, as it involves an extra network call.
+                * @version SDK: 1.10.4 | ThoughtSpot: *
+                */
+            detectCookieAccessSlow?: boolean;
     }
     /**
         * MessagePayload: Embed event payload: message type, data and status (start/end)
@@ -685,6 +798,16 @@ declare module '@thoughtspot/visual-embed-sdk/types' {
                 * The ThoughtSpot auth session has expired.
                 */
             AuthExpire = "ThoughtspotAuthExpired",
+            /**
+                * ThoughtSpot failed to validate the auth session.
+                * @hidden
+                */
+            AuthFailure = "ThoughtspotAuthFailure",
+            /**
+                * ThoughtSpot failed to validate the auth session.
+                * @hidden
+                */
+            AuthLogout = "ThoughtspotAuthLogout",
             /**
                 * The height of the embedded Liveboard or visualization has been computed.
                 * @return data - The height of the embedded Liveboard or visualization
@@ -1085,7 +1208,11 @@ declare module '@thoughtspot/visual-embed-sdk/types' {
             /**
                 * @version SDK: 1.11.0 | ThoughtSpot: 8.3.0.cl
                 */
-            CreateMonitor = "createMonitor"
+            CreateMonitor = "createMonitor",
+            /**
+                * @version SDK: 1.11.1 | ThoughtSpot: 8.3.0.cl
+                */
+            ReportError = "reportError"
     }
     export interface SessionInterface {
             sessionId: string;
@@ -1136,7 +1263,7 @@ declare module '@thoughtspot/visual-embed-sdk/embed/ts-embed' {
                 * This parameters will be passed on the iframe
                 * as is.
                 */
-            [key: string]: string | number | boolean;
+            [key: string]: string | number | boolean | undefined;
     }
     /**
         * The configuration object for an embedded view.

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@thoughtspot/visual-embed-sdk",
-    "version": "1.11.0-auth.9",
+    "version": "1.11.2",
     "description": "ThoughtSpot Embed SDK",
     "module": "lib/src/index.js",
     "main": "dist/tsembed.js",
@@ -44,7 +44,8 @@
     "dependencies": {
         "algoliasearch": "^4.10.5",
         "classnames": "^2.3.1",
-        "mixpanel-browser": "^2.41.0"
+        "eventemitter3": "^4.0.7",
+        "mixpanel-browser": "^2.45.0"
     },
     "devDependencies": {
         "@mdx-js/mdx": "^1.6.22",

package/src/auth.spec.ts

@@ -1,6 +1,6 @@
 import * as authInstance from './auth';
 import * as authService from './utils/authService';
-import { AuthType } from './types';
+import { AuthType, EmbedConfig } from './types';
 import { executeAfterWait } from './test/test-utils';
 
 const thoughtSpotHost = 'http://localhost:3000';
@@ -13,8 +13,15 @@ const embedConfig: any = {
         thoughtSpotHost,
         username,
         authEndpoint: 'auth',
+        authType: AuthType.AuthServer,
         getAuthToken: jest.fn(() => Promise.resolve(token)),
     }),
+    doTokenAuthWithCookieDetect: {
+        thoughtSpotHost,
+        username,
+        authEndpoint: 'auth',
+        detectCookieAccessSlow: true,
+    },
     doTokenAuthFailureWithoutAuthEndPoint: {
         thoughtSpotHost,
         username,
@@ -35,9 +42,15 @@ const embedConfig: any = {
     doSamlAuth: {
         thoughtSpotHost,
     },
+    doOidcAuth: {
+        thoughtSpotHost,
+    },
     SSOAuth: {
         authType: AuthType.SSO,
     },
+    OIDCAuth: {
+        authType: AuthType.OIDC,
+    },
     authServerFailure: {
         thoughtSpotHost,
         username,
@@ -168,6 +181,61 @@ describe('Unit test for auth', () => {
         });
     });
 
+    test('doTokenAuth: Should raise error when duplicate token is used', async () => {
+        jest.spyOn(authService, 'fetchSessionInfoService').mockResolvedValue({
+            status: 401,
+        });
+        jest.spyOn(window, 'alert').mockClear();
+        jest.spyOn(window, 'alert').mockReturnValue(undefined);
+        jest.spyOn(authService, 'fetchAuthService').mockReset();
+        jest.spyOn(authService, 'fetchAuthService').mockImplementation(() =>
+            Promise.resolve({
+                status: 200,
+                ok: true,
+            }),
+        );
+        await authInstance.doTokenAuth(
+            embedConfig.doTokenAuthSuccess('authToken3'),
+        );
+
+        try {
+            await authInstance.doTokenAuth(
+                embedConfig.doTokenAuthSuccess('authToken3'),
+            );
+            expect(false).toBe(true);
+        } catch (e) {
+            expect(e.message).toContain('Duplicate token');
+        }
+        await executeAfterWait(() => {
+            expect(authInstance.loggedInStatus).toBe(false);
+            expect(window.alert).toBeCalled();
+            expect(authService.fetchAuthService).toHaveBeenCalledTimes(1);
+        });
+    });
+
+    test('doTokenAuth: Should set loggedInStatus if detectThirdPartyCookieAccess is true and the second info call fails', async () => {
+        jest.spyOn(authService, 'fetchSessionInfoService')
+            .mockResolvedValue({
+                status: 401,
+            })
+            .mockClear();
+        jest.spyOn(
+            authService,
+            'fetchAuthTokenService',
+        ).mockImplementation(() => ({ text: () => Promise.resolve('abc') }));
+        jest.spyOn(authService, 'fetchAuthService').mockImplementation(() =>
+            Promise.resolve({
+                status: 200,
+                ok: true,
+            }),
+        );
+        const isLoggedIn = await authInstance.doTokenAuth(
+            embedConfig.doTokenAuthWithCookieDetect,
+        );
+        expect(authService.fetchSessionInfoService).toHaveBeenCalledTimes(2);
+        expect(isLoggedIn).toBe(false);
+    });
+
     describe('doBasicAuth', () => {
         beforeEach(() => {
             global.fetch = window.fetch;
@@ -266,6 +334,7 @@ describe('Unit test for auth', () => {
                 },
             });
             spyOn(authInstance, 'samlCompletionPromise');
+            global.window.open = jest.fn();
             jest.spyOn(
                 authService,
                 'fetchSessionInfoService',
@@ -276,11 +345,31 @@ describe('Unit test for auth', () => {
                     ...embedConfig.doSamlAuth,
                     noRedirect: true,
                 }),
-            ).toBe(false);
+            ).toBe(true);
             expect(authService.fetchSessionInfoService).toBeCalled();
         });
     });
 
+    describe('doOIDCAuth', () => {
+        afterEach(() => {
+            delete global.window;
+            global.window = Object.create(originalWindow);
+            global.window.open = jest.fn();
+            global.fetch = window.fetch;
+        });
+
+        it('when user is not loggedIn & isAtSSORedirectUrl is true', async () => {
+            jest.spyOn(
+                authService,
+                'fetchSessionInfoService',
+            ).mockImplementation(() => Promise.reject());
+            await authInstance.doOIDCAuth(embedConfig.doOidcAuth);
+            expect(authService.fetchSessionInfoService).toBeCalled();
+            expect(window.location.hash).toBe('');
+            expect(authInstance.loggedInStatus).toBe(false);
+        });
+    });
+
     it('authenticate: when authType is SSO', async () => {
         jest.spyOn(authInstance, 'doSamlAuth');
         await authInstance.authenticate(embedConfig.SSOAuth);
@@ -288,6 +377,13 @@ describe('Unit test for auth', () => {
         expect(authInstance.doSamlAuth).toBeCalled();
     });
 
+    it('authenticate: when authType is OIDC', async () => {
+        jest.spyOn(authInstance, 'doOIDCAuth');
+        await authInstance.authenticate(embedConfig.OIDCAuth);
+        expect(window.location.hash).toBe('');
+        expect(authInstance.doOIDCAuth).toBeCalled();
+    });
+
     it('authenticate: when authType is AuthServer', async () => {
         spyOn(authInstance, 'doTokenAuth');
         await authInstance.authenticate(embedConfig.authServerFailure);

package/src/auth.ts

@@ -1,12 +1,13 @@
 import { initMixpanel } from './mixpanel-service';
 import { AuthType, EmbedConfig, EmbedEvent } from './types';
-import { appendToUrlHash } from './utils';
+import { getRedirectUrl } from './utils';
 // eslint-disable-next-line import/no-cycle
 import {
     fetchSessionInfoService,
     fetchAuthTokenService,
     fetchAuthService,
     fetchBasicAuthService,
+    fetchLogoutService,
 } from './utils/authService';
 
 // eslint-disable-next-line import/no-mutable-exports
@@ -29,8 +30,22 @@ export const EndPoints = {
         `/callosum/v1/oidc/login?targetURLPath=${targetUrl}`,
     TOKEN_LOGIN: '/callosum/v1/session/login/token',
     BASIC_LOGIN: '/callosum/v1/session/login',
+    LOGOUT: '/callosum/v1/session/logout',
 };
 
+export enum AuthFailureType {
+    SDK = 'SDK',
+    NO_COOKIE_ACCESS = 'NO_COOKIE_ACCESS',
+    EXPIRY = 'EXPIRY',
+    OTHER = 'OTHER',
+}
+
+export enum AuthStatus {
+    FAILURE = 'FAILURE',
+    SUCCESS = 'SUCCESS',
+    LOGOUT = 'LOGOUT',
+}
+
 /**
  * Check if we are logged into the ThoughtSpot cluster
  * @param thoughtSpotHost The ThoughtSpot cluster hostname or IP
@@ -110,8 +125,8 @@ export const doTokenAuth = async (
             'Either auth endpoint or getAuthToken function must be provided',
         );
     }
-    const loggedIn = await isLoggedIn(thoughtSpotHost);
-    if (!loggedIn) {
+    loggedInStatus = await isLoggedIn(thoughtSpotHost);
+    if (!loggedInStatus) {
         let authToken = null;
         if (getAuthToken) {
             authToken = await getAuthToken();
@@ -127,8 +142,11 @@ export const doTokenAuth = async (
         );
         // token login issues a 302 when successful
         loggedInStatus = resp.ok || resp.type === 'opaqueredirect';
-    } else {
-        loggedInStatus = true;
+        if (loggedInStatus && embedConfig.detectCookieAccessSlow) {
+            // When 3rd party cookie access is blocked, this will fail because cookies will
+            // not be sent with the call.
+            loggedInStatus = await isLoggedIn(thoughtSpotHost);
+        }
     }
     return loggedInStatus;
 };
@@ -153,6 +171,9 @@ export const doBasicAuth = async (
             password,
         );
         loggedInStatus = response.ok;
+        if (embedConfig.detectCookieAccessSlow) {
+            loggedInStatus = await isLoggedIn(thoughtSpotHost);
+        }
     } else {
         loggedInStatus = true;
     }
@@ -223,6 +244,7 @@ const doSSOAuth = async (
     const ssoURL = `${thoughtSpotHost}${ssoEndPoint}`;
     if (embedConfig.noRedirect) {
         await samlPopupFlow(ssoURL);
+        loggedInStatus = true;
         return;
     }
 
@@ -235,7 +257,11 @@ export const doSamlAuth = async (embedConfig: EmbedConfig) => {
     // again and the same JS will execute again.
     const ssoRedirectUrl = embedConfig.noRedirect
         ? `${thoughtSpotHost}/v2/#/embed/saml-complete`
-        : appendToUrlHash(window.location.href, SSO_REDIRECTION_MARKER_GUID);
+        : getRedirectUrl(
+              window.location.href,
+              SSO_REDIRECTION_MARKER_GUID,
+              embedConfig.redirectPath,
+          );
 
     // bring back the page to the same URL
     const ssoEndPoint = `${EndPoints.SAML_LOGIN_TEMPLATE(
@@ -252,7 +278,11 @@ export const doOIDCAuth = async (embedConfig: EmbedConfig) => {
     // again and the same JS will execute again.
     const ssoRedirectUrl = embedConfig.noRedirect
         ? `${thoughtSpotHost}/v2/#/embed/saml-complete`
-        : appendToUrlHash(window.location.href, SSO_REDIRECTION_MARKER_GUID);
+        : getRedirectUrl(
+              window.location.href,
+              SSO_REDIRECTION_MARKER_GUID,
+              embedConfig.redirectPath,
+          );
 
     // bring back the page to the same URL
     const ssoEndPoint = `${EndPoints.OIDC_LOGIN_TEMPLATE(
@@ -263,6 +293,13 @@ export const doOIDCAuth = async (embedConfig: EmbedConfig) => {
     return loggedInStatus;
 };
 
+export const logout = async (embedConfig: EmbedConfig): Promise<boolean> => {
+    const { thoughtSpotHost } = embedConfig;
+    const response = await fetchLogoutService(thoughtSpotHost);
+    loggedInStatus = false;
+    return loggedInStatus;
+};
+
 /**
  * Perform authentication on the ThoughtSpot cluster
  * @param embedConfig The embed configuration

package/src/embed/app.spec.ts

@@ -18,8 +18,9 @@ const defaultViewConfig = {
     },
 };
 const thoughtSpotHost = 'tshost';
-const defaultParams = `&hostAppUrl=local-host&viewPortHeight=768&viewPortWidth=1024&sdkVersion=${version}`;
-const defaultParamsForPinboardEmbed = `hostAppUrl=local-host&viewPortHeight=768&viewPortWidth=1024&sdkVersion=${version}`;
+const defaultParamsWithoutHiddenActions = `&hostAppUrl=local-host&viewPortHeight=768&viewPortWidth=1024&sdkVersion=${version}`;
+const defaultParams = `${defaultParamsWithoutHiddenActions}&hideAction=[%22${Action.ReportError}%22]`;
+const defaultParamsForPinboardEmbed = `hostAppUrl=local-host&viewPortHeight=768&viewPortWidth=1024&sdkVersion=${version}&hideAction=[%22${Action.ReportError}%22]`;
 const defaultParamsPost = '&isPinboardV2Enabled=false';
 
 beforeAll(() => {
@@ -154,7 +155,7 @@ describe('App embed tests', () => {
         appEmbed.render();
         await executeAfterWait(() => {
             expect(getIFrameSrc()).toBe(
-                `http://${thoughtSpotHost}/?embedApp=true&primaryNavHidden=false&profileAndHelpInNavBarHidden=false${defaultParams}&disableAction=[%22save%22,%22update%22]&disableHint=Access%20denied&hideAction=[%22download%22]${defaultParamsPost}#/home`,
+                `http://${thoughtSpotHost}/?embedApp=true&primaryNavHidden=false&profileAndHelpInNavBarHidden=false${defaultParamsWithoutHiddenActions}&disableAction=[%22save%22,%22update%22]&disableHint=Access%20denied&hideAction=[%22${Action.ReportError}%22,%22download%22]${defaultParamsPost}#/home`,
             );
         });
     });

package/src/embed/base.spec.ts

@@ -1,4 +1,7 @@
+import EventEmitter from 'eventemitter3';
+import * as auth from '../auth';
 import * as index from '../index';
+import * as base from './base';
 import {
     executeAfterWait,
     getAllIframeEl,
@@ -9,10 +12,11 @@ import {
 } from '../test/test-utils';
 
 const thoughtSpotHost = 'tshost';
+let authEE: EventEmitter;
 
 describe('Base TS Embed', () => {
     beforeAll(() => {
-        index.init({
+        authEE = index.init({
             thoughtSpotHost,
             authType: index.AuthType.None,
         });
@@ -38,8 +42,10 @@ describe('Base TS Embed', () => {
             },
             '*',
         );
-
-        jest.spyOn(window, 'alert').mockImplementation(() => {
+        jest.spyOn(window, 'alert').mockReset();
+        jest.spyOn(window, 'alert').mockImplementation(() => undefined);
+        authEE.on(auth.AuthStatus.FAILURE, (reason) => {
+            expect(reason).toEqual(auth.AuthFailureType.NO_COOKIE_ACCESS);
             expect(window.alert).toBeCalledWith(
                 'Third party cookie access is blocked on this browser, please allow third party cookies for this to work properly. \nYou can use `suppressNoCookieAccessAlert` to suppress this message.',
             );
@@ -92,4 +98,52 @@ describe('Base TS Embed', () => {
             expect(getIFrameSrc()).toContain('disableLoginRedirect=true');
         });
     });
+
+    test('handleAuth notifies for SDK auth failure', (done) => {
+        jest.spyOn(auth, 'authenticate').mockResolvedValue(false);
+        const authEmitter = index.init({
+            thoughtSpotHost,
+            authType: index.AuthType.Basic,
+            username: 'test',
+            password: 'test',
+        });
+        authEmitter.on(auth.AuthStatus.FAILURE, (reason) => {
+            expect(reason).toBe(auth.AuthFailureType.SDK);
+            done();
+        });
+    });
+
+    test('Logout method should disable autoLogin', () => {
+        jest.spyOn(window, 'fetch').mockResolvedValue({
+            type: 'opaque',
+        });
+        index.init({
+            thoughtSpotHost,
+            authType: index.AuthType.None,
+            autoLogin: true,
+        });
+        index.logout();
+        expect(window.fetch).toHaveBeenCalledWith(
+            `http://${thoughtSpotHost}${auth.EndPoints.LOGOUT}`,
+            {
+                credentials: 'include',
+                headers: {
+                    'x-requested-by': 'ThoughtSpot',
+                },
+                method: 'POST',
+            },
+        );
+        expect(base.getEmbedConfig().autoLogin).toBe(false);
+    });
+});
+
+describe('Base without init', () => {
+    test('notify should error when called without init', () => {
+        base.reset();
+        jest.spyOn(global.console, 'error').mockImplementation(() => undefined);
+        base.notifyAuthSuccess();
+        base.notifyAuthFailure(auth.AuthFailureType.SDK);
+        base.notifyLogout();
+        expect(global.console.error).toHaveBeenCalledTimes(3);
+    });
 });