Change 403 handling to 401 and have a modal dialog (that cannot be removed) display when the user's session has expired. This forces them to reload the page, and thus reset all the state.

2013-11-11 19:26:56 -05:00 · 2013-11-11 19:26:56 -05:00 · b8dc051705
commit b8dc051705
parent e2c9c91080
3 changed files with 35 additions and 8 deletions
--- a/endpoints/api.py
+++ b/endpoints/api.py
@ -41,8 +41,8 @@ def api_login_required(f):
    if not current_user.is_authenticated():
      abort(401)

-    if current_user.db_user().organization:
-      abort(403)
+    if current_user and current_user.db_user() and current_user.db_user().organization:
+      abort(401)

    return f(*args, **kwargs)
  return decorated_view
@ -82,10 +82,13 @@ def get_logged_in_user():
      'can_create_repo': admin_org.can() or CreateRepositoryPermission(o.username).can()
    }

-  if current_user.is_anonymous() or current_user.db_user().organization:
+  if current_user.is_anonymous():
    return jsonify({'anonymous': True})

  user = current_user.db_user()
+  if not user or user.organization:
+    return jsonify({'anonymous': True})    
+    
  organizations = model.get_user_organizations(user.username)

  return jsonify({
--- a/static/js/app.js
+++ b/static/js/app.js
@ -60,7 +60,7 @@ quayApp = angular.module('quay', ['restangular', 'angularMoment', 'angulartics',

      var userService = {}

-      userService.load = function() {
+      userService.load = function(opt_callback) {
        var userFetch = Restangular.one('user/');
        userFetch.get().then(function(loadedUser) {
          userResponse = loadedUser;
@ -76,6 +76,10 @@ quayApp = angular.module('quay', ['restangular', 'angularMoment', 'angulartics',
              '$created': new Date()
            })
          }
+
+          if (opt_callback) {
+            opt_callback();
+          }
        });
      };

@ -868,11 +872,13 @@ quayApp.directive('ngBlur', function() {
 });

 quayApp.run(['$location', '$rootScope', 'Restangular', 'UserService', function($location, $rootScope, Restangular, UserService) {
-  Restangular.setResponseInterceptor(function(data, operation, what, url, response, deferred) {
-    if (response.status == 403) {
-      UserService.load();
+  Restangular.setErrorInterceptor(function(response) {
+    if (response.status == 401) {
+      $('#sessionexpiredModal').modal({});
+      return false;
    }
-    return data;
+
+    return true;
  });

  $rootScope.$on('$routeChangeSuccess', function (event, current, previous) {
--- a/templates/index.html
+++ b/templates/index.html
@ -30,4 +30,22 @@

 {% block body_content %}
  <div ng-view></div>
+
+
+  <!-- Modal message dialog -->
+  <div class="modal fade" id="sessionexpiredModal" data-backdrop="static">
+    <div class="modal-dialog">
+      <div class="modal-content">
+        <div class="modal-header">
+          <h4 class="modal-title">Session Expired</h4>
+        </div>
+        <div class="modal-body">
+          Your user session has expired. Please reload to continue.
+        </div>
+        <div class="modal-footer">
+        </div>
+      </div><!-- /.modal-content -->
+    </div><!-- /.modal-dialog -->
+  </div><!-- /.modal -->
+
 {% endblock %}