From ab0e96df9506fb6f1783e0ee79b63934dabe0cbe Mon Sep 17 00:00:00 2001 From: Gloria Gu Date: Tue, 20 Aug 2019 15:45:22 -0700 Subject: [PATCH] Avoid forced logout when 403 error encountered Before this change when a 403 error was encountered, such as failure to have the permission to perform an operation, the user would get logged out from UI pages written in the AngularJS framework. For example, if an admin user lacks the get_project permission and tries to access the images page, project->compute->images, the 403 will forcibly log out the user. This change keeps the user logged in when a 403 error is encountered and displays an error message. The change only affects AngularJS pages. Change-Id: I10a6eeb96dd1418449e1d15b1a3869cd4de9cafa Closes-bug: #1840844 --- horizon/static/framework/framework.module.js | 17 ++++++++++------- .../static/framework/framework.module.spec.js | 3 +-- .../widgets/wizard/wizard.controller.js | 2 +- .../widgets/wizard/wizard.controller.spec.js | 10 +++++----- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/horizon/static/framework/framework.module.js b/horizon/static/framework/framework.module.js index 755dde3b84..9da0c312f9 100644 --- a/horizon/static/framework/framework.module.js +++ b/horizon/static/framework/framework.module.js @@ -27,7 +27,7 @@ .factory('horizon.framework.redirect', redirect) .config(registerNotFound) .constant('horizon.framework.events', { - FORCE_LOGOUT: 'FORCE_LOGOUT' + AUTH_ERROR: 'AUTH_ERROR' }); config.$inject = [ @@ -130,11 +130,11 @@ responseError: function (error) { if (error.status === 401) { var msg = gettext('Unauthorized. Redirecting to login'); - handleRedirectMessage(msg, $rootScope, $window, frameworkEvents, toastService); + handleRedirectMessage(msg, $rootScope, $window, frameworkEvents, toastService, true); } if (error.status === 403) { - var msg2 = gettext('Forbidden. Redirecting to login'); - handleRedirectMessage(msg2, $rootScope, $window, frameworkEvents, toastService); + var msg2 = gettext('Forbidden. Insufficient permissions of the requested operation'); + handleRedirectMessage(msg2, $rootScope, $window, frameworkEvents, toastService, false); } return $q.reject(error); }, @@ -144,14 +144,17 @@ }; } - function handleRedirectMessage(msg, $rootScope, $window, frameworkEvents, toastService) { + function handleRedirectMessage( + msg, $rootScope, $window, frameworkEvents, toastService, forceLogout) { var toast = toastService.find('error', msg); //Suppress the multiple duplicate redirect toast messages. if (!toast) { toastService.add('error', msg); - $rootScope.$broadcast(frameworkEvents.FORCE_LOGOUT, msg); + $rootScope.$broadcast(frameworkEvents.AUTH_ERROR, msg); + } + if (forceLogout) { + $window.location.replace($window.WEBROOT + 'auth/logout'); } - $window.location.replace($window.WEBROOT + 'auth/logout'); } registerNotFound.$inject = [ diff --git a/horizon/static/framework/framework.module.spec.js b/horizon/static/framework/framework.module.spec.js index f998d2bd4d..63f503886c 100644 --- a/horizon/static/framework/framework.module.spec.js +++ b/horizon/static/framework/framework.module.spec.js @@ -56,7 +56,7 @@ }); describe('when forbidden', function() { - it('should redirect to /auth/logout and add a forbidden toast message ', inject( + it('should add a forbidden toast message ', inject( function($http, $httpBackend, $window, $injector, $rootScope) { $window.WEBROOT = '/dashboard/'; $httpBackend.when('GET', '/api').respond(403, ''); @@ -69,7 +69,6 @@ $http.get('/api').error(function() { expect(toastService.add).toHaveBeenCalled(); expect($rootScope.$broadcast).toHaveBeenCalled(); - expect($window.location.replace).toHaveBeenCalledWith('/dashboard/auth/logout'); }); $httpBackend.flush(); }) diff --git a/horizon/static/framework/widgets/wizard/wizard.controller.js b/horizon/static/framework/widgets/wizard/wizard.controller.js index eeb3c6ec06..e3f2de35f6 100644 --- a/horizon/static/framework/widgets/wizard/wizard.controller.js +++ b/horizon/static/framework/widgets/wizard/wizard.controller.js @@ -142,7 +142,7 @@ $scope.$broadcast(wizardEvents.ON_INIT_ERROR); } - $scope.$on(frameworkEvents.FORCE_LOGOUT, function(evt, arg) { + $scope.$on(frameworkEvents.AUTH_ERROR, function(evt, arg) { viewModel.hasError = true; viewModel.errorMessage = arg; return; diff --git a/horizon/static/framework/widgets/wizard/wizard.controller.spec.js b/horizon/static/framework/widgets/wizard/wizard.controller.spec.js index d52538d663..e2951639b7 100644 --- a/horizon/static/framework/widgets/wizard/wizard.controller.spec.js +++ b/horizon/static/framework/widgets/wizard/wizard.controller.spec.js @@ -62,14 +62,14 @@ expect(scope.viewModel.errorMessage).toBe('in valid'); }); - it('call onInitSuccess with logout event', function() { - rootScope.$broadcast(frameworkEvents.FORCE_LOGOUT, 'logout'); + it('call onInitSuccess with auth_error event', function() { + rootScope.$broadcast(frameworkEvents.AUTH_ERROR, 'auth_error'); ctrl.onInitSuccess(); scope.$apply(); expect(scope.viewModel.hasError).toBe(true); }); - it('call onInitSuccess without logout event', function() { + it('call onInitSuccess without auth_error event', function() { spyOn(scope, '$broadcast'); ctrl.onInitSuccess(); scope.$apply(); @@ -77,8 +77,8 @@ expect(scope.$broadcast).toHaveBeenCalledWith(wizardEvents.ON_INIT_SUCCESS); }); - it('call onInitError with logout event', function() { - rootScope.$broadcast(frameworkEvents.FORCE_LOGOUT, 'logout'); + it('call onInitError with auth_error event', function() { + rootScope.$broadcast(frameworkEvents.AUTH_ERROR, 'auth_error'); ctrl.onInitError(); scope.$apply(); expect(scope.viewModel.hasError).toBe(true);