Project

General

Profile

Actions
Copy link

Idea #16680

closed

Ensure expired tokens are handle properly

Added by Peter Amstutz over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Lucas Di Pentima
Category:
Workbench2
Target version:
2020-09-09 Sprint
Start date:
08/27/2020
Due date:
Story points:
-
Release:
Arvados 2.1.0
Release relationship:
Auto

Description

If the user attempts to use an expired token, Workbench 2 should detect that the token is expired, notify the user that they have been logged out, and send them back to the log in page.

Subtasks 1 (0 open1 closed)

Task #16758: Review 16680-expired-token-handlingResolvedPeter Amstutz08/27/2020Actions

Related issues

Related to Arvados Epics - Idea #16520: GxP QualificationResolved08/01/202004/30/2021Actions
Actions
Copy link
 #1

Updated by Peter Amstutz over 3 years ago

  • Description updated (diff)
  • Tracker changed from Bug to Idea
Actions
Copy link
 #2

Updated by Peter Amstutz over 3 years ago

Actions
Copy link
 #3

Updated by Peter Amstutz over 3 years ago

  • Release set to 25
Actions
Copy link
 #4

Updated by Peter Amstutz over 3 years ago

  • Target version set to 2020-09-09 Sprint
Actions
Copy link
 #5

Updated by Lucas Di Pentima over 3 years ago

  • Assigned To set to Lucas Di Pentima
Actions
Copy link
 #6

Updated by Lucas Di Pentima over 3 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #7

Updated by Lucas Di Pentima over 3 years ago

Updates at arvados-workbench2|202a49e - branch 16680-expired-token-handling
Test run: developer-tests-workbench2: #82

  • Enhanced commonService's error reporting in order to get the status code on the error handler.
  • Logs out user when receiving a 401 error with message "Not logged in"
  • Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.

I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.

Actions
Copy link
 #8

Updated by Peter Amstutz over 3 years ago

Lucas Di Pentima wrote:

Updates at arvados-workbench2|202a49e - branch 16680-expired-token-handling
Test run: developer-tests-workbench2: #82

  • Enhanced commonService's error reporting in order to get the status code on the error handler.
  • Logs out user when receiving a 401 error with message "Not logged in"
  • Changed the way "Not found" dialog is shown: instead of parsing the error message, it's displayed whenever a 404 error is received.

Tested manually, worked as expected. I noticed that if you try to download something, keep-web doesn't return good errors to the browser, but I made that a separate ticket #16774.

I'm not sure how to unit test this. I think I could make an e2e test by setting the token to something invalid and checking that the login form is shown.

I think that's a good idea. Otherwise LGTM.

Actions
Copy link
 #9

Updated by Lucas Di Pentima over 3 years ago

Update at arvados-workbench2|68139213
Test run: developer-tests-workbench2: #86

  • Fixes Dockerfile replacing the use of deprecated MAINTAINER with LABEL.
  • Adds e2e test checking the auto-logout behaviour when using an invalid token.
Actions
Copy link
 #10

Updated by Peter Amstutz over 3 years ago

Lucas Di Pentima wrote:

Update at arvados-workbench2|68139213
Test run: developer-tests-workbench2: #86

  • Fixes Dockerfile replacing the use of deprecated MAINTAINER with LABEL.
  • Adds e2e test checking the auto-logout behaviour when using an invalid token.

LGTM

Actions
Copy link
 #11

Updated by Anonymous over 3 years ago

  • Status changed from In Progress to Resolved
Actions
Copy link

Also available in: Atom PDF