Story #16680
Ensure expired tokens are handle properly
100%
Description
If the user attempts to use an expired token, Workbench 2 should detect that the token is expired, notify the user that they have been logged out, and send them back to the log in page.
Subtasks
Related issues
Associated revisions
History
#1
Updated by Peter Amstutz about 1 year ago
Updated by - Description updated (diff)
- Tracker changed from Bug to Story
#2
Updated by Peter Amstutz about 1 year ago
- Related to Story #16520: GxP Qualification added
#3
Updated by Peter Amstutz about 1 year ago
- Release set to 25
#4
Updated by Peter Amstutz about 1 year ago
- Target version set to 2020-09-09 Sprint
#5
Updated by Lucas Di Pentima about 1 year ago
Updated by - Assigned To set to Lucas Di Pentima
#6
Updated by Lucas Di Pentima about 1 year ago
- Status changed from New to In Progress
#7
Updated by Lucas Di Pentima about 1 year ago
Updates at arvados-workbench2|202a49e - branch 16680-expired-token-handling
Test run: https://ci.arvados.org/view/Developer/job/developer-tests-workbench2/82/
- Enhanced
commonService's error reporting in order to get the status code on the error handler. - Logs out user when receiving a 401 error with message "Not logged in"
- Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.
I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.
#8
Updated by Peter Amstutz about 1 year ago
Lucas Di Pentima wrote:
Updates at arvados-workbench2|202a49e - branch
16680-expired-token-handling
Test run: https://ci.arvados.org/view/Developer/job/developer-tests-workbench2/82/
- Enhanced
commonService's error reporting in order to get the status code on the error handler.- Logs out user when receiving a 401 error with message "Not logged in"
- Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.
Tested manually, worked as expected. I noticed that if you try to download something, keep-web doesn't return good errors to the browser, but I made that a separate ticket #16774.
I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.
I think that's a good idea. Otherwise LGTM.
#9
Updated by Lucas Di Pentima about 1 year ago
Update at arvados-workbench2|68139213
Test run: https://ci.arvados.org/view/Developer/job/developer-tests-workbench2/86/
- Fixes Dockerfile replacing the use of deprecated
MAINTAINERwithLABEL. - Adds e2e test checking the auto-logout behaviour when using an invalid token.
#10
Updated by Peter Amstutz about 1 year ago
Lucas Di Pentima wrote:
Update at arvados-workbench2|68139213
Test run: https://ci.arvados.org/view/Developer/job/developer-tests-workbench2/86/
- Fixes Dockerfile replacing the use of deprecated
MAINTAINERwithLABEL.- Adds e2e test checking the auto-logout behaviour when using an invalid token.
LGTM
#11
Updated by Anonymous about 1 year ago
- Status changed from In Progress to Resolved
Applied in changeset arvados-workbench2|f17af4bfbdd3b0054d3494cdc6c5f75c2e872d9f.
Merge branch '16680-expired-token-handling'
Closes #16680
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>