Idea #16680
closedEnsure expired tokens are handle properly
Description
If the user attempts to use an expired token, Workbench 2 should detect that the token is expired, notify the user that they have been logged out, and send them back to the log in page.
Related issues
Updated by Peter Amstutz about 4 years ago
- Description updated (diff)
- Tracker changed from Bug to Idea
Updated by Peter Amstutz about 4 years ago
- Related to Idea #16520: GxP Qualification added
Updated by Peter Amstutz about 4 years ago
- Target version set to 2020-09-09 Sprint
Updated by Lucas Di Pentima about 4 years ago
- Assigned To set to Lucas Di Pentima
Updated by Lucas Di Pentima about 4 years ago
- Status changed from New to In Progress
Updated by Lucas Di Pentima about 4 years ago
Updates at arvados-workbench2|202a49e - branch 16680-expired-token-handling
Test run: developer-tests-workbench2: #82
- Enhanced
commonService
's error reporting in order to get the status code on the error handler. - Logs out user when receiving a 401 error with message "Not logged in"
- Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.
I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.
Updated by Peter Amstutz about 4 years ago
Lucas Di Pentima wrote:
Updates at arvados-workbench2|202a49e - branch
16680-expired-token-handling
Test run: developer-tests-workbench2: #82
- Enhanced
commonService
's error reporting in order to get the status code on the error handler.- Logs out user when receiving a 401 error with message "Not logged in"
- Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.
Tested manually, worked as expected. I noticed that if you try to download something, keep-web doesn't return good errors to the browser, but I made that a separate ticket #16774.
I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.
I think that's a good idea. Otherwise LGTM.
Updated by Lucas Di Pentima about 4 years ago
Update at arvados-workbench2|68139213
Test run: developer-tests-workbench2: #86
- Fixes Dockerfile replacing the use of deprecated
MAINTAINER
withLABEL
. - Adds e2e test checking the auto-logout behaviour when using an invalid token.
Updated by Peter Amstutz about 4 years ago
Lucas Di Pentima wrote:
Update at arvados-workbench2|68139213
Test run: developer-tests-workbench2: #86
- Fixes Dockerfile replacing the use of deprecated
MAINTAINER
withLABEL
.- Adds e2e test checking the auto-logout behaviour when using an invalid token.
LGTM
Updated by Anonymous about 4 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados-workbench2|f17af4bfbdd3b0054d3494cdc6c5f75c2e872d9f.