Project

General

Profile

Actions

Idea #16680

closed

Ensure expired tokens are handle properly

Added by Peter Amstutz almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Workbench2
Target version:
Start date:
08/27/2020
Due date:
Story points:
-
Release relationship:
Auto

Description

If the user attempts to use an expired token, Workbench 2 should detect that the token is expired, notify the user that they have been logged out, and send them back to the log in page.


Subtasks 1 (0 open1 closed)

Task #16758: Review 16680-expired-token-handlingResolvedPeter Amstutz08/27/2020Actions

Related issues

Related to Arvados Epics - Idea #16520: GxP QualificationResolved08/01/202004/30/2021Actions
Actions #1

Updated by Peter Amstutz almost 4 years ago

  • Description updated (diff)
  • Tracker changed from Bug to Idea
Actions #2

Updated by Peter Amstutz almost 4 years ago

Actions #3

Updated by Peter Amstutz almost 4 years ago

  • Release set to 25
Actions #4

Updated by Peter Amstutz almost 4 years ago

  • Target version set to 2020-09-09 Sprint
Actions #5

Updated by Lucas Di Pentima almost 4 years ago

  • Assigned To set to Lucas Di Pentima
Actions #6

Updated by Lucas Di Pentima almost 4 years ago

  • Status changed from New to In Progress
Actions #7

Updated by Lucas Di Pentima almost 4 years ago

Updates at arvados-workbench2|202a49e - branch 16680-expired-token-handling
Test run: developer-tests-workbench2: #82

  • Enhanced commonService's error reporting in order to get the status code on the error handler.
  • Logs out user when receiving a 401 error with message "Not logged in"
  • Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.

I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.

Actions #8

Updated by Peter Amstutz almost 4 years ago

Lucas Di Pentima wrote:

Updates at arvados-workbench2|202a49e - branch 16680-expired-token-handling
Test run: developer-tests-workbench2: #82

  • Enhanced commonService's error reporting in order to get the status code on the error handler.
  • Logs out user when receiving a 401 error with message "Not logged in"
  • Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.

Tested manually, worked as expected. I noticed that if you try to download something, keep-web doesn't return good errors to the browser, but I made that a separate ticket #16774.

I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.

I think that's a good idea. Otherwise LGTM.

Actions #9

Updated by Lucas Di Pentima almost 4 years ago

Update at arvados-workbench2|68139213
Test run: developer-tests-workbench2: #86

  • Fixes Dockerfile replacing the use of deprecated MAINTAINER with LABEL.
  • Adds e2e test checking the auto-logout behaviour when using an invalid token.
Actions #10

Updated by Peter Amstutz almost 4 years ago

Lucas Di Pentima wrote:

Update at arvados-workbench2|68139213
Test run: developer-tests-workbench2: #86

  • Fixes Dockerfile replacing the use of deprecated MAINTAINER with LABEL.
  • Adds e2e test checking the auto-logout behaviour when using an invalid token.

LGTM

Actions #11

Updated by Anonymous almost 4 years ago

  • Status changed from In Progress to Resolved
Actions

Also available in: Atom PDF