[GitHub] [trafficcontrol] mitchell852 commented on a change in pull request #3763: Oauth authentication rebase

Fri, 02 Aug 2019 12:59:12 -0700 

mitchell852 commented on a change in pull request #3763: Oauth authentication 
rebase
URL: https://github.com/apache/trafficcontrol/pull/3763#discussion_r310277372
 
 

 ##########
 File path: traffic_portal/app/src/common/api/AuthService.js
 ##########
 @@ -51,6 +51,30 @@ var AuthService = function($rootScope, $http, $state, 
$location, userModel, mess
         );
     };
 
+    this.oauthLogin = function(authCodeTokenUrl, code, clientId, redirectUri) {
+        return $http.post(ENV.api['root'] + 'user/login/oauth', { 
authCodeTokenUrl: authCodeTokenUrl, code: code, clientId: clientId, 
redirectUri: redirectUri})
+            .then(
+                function(result) {
+                    $rootScope.$broadcast('authService::login');
+                    var redirect = localStorage.getItem('redirectParam');
+                    localStorage.clear();
+                    if (redirect === undefined || redirect === '') {
+                        redirect = 
decodeURIComponent($location.search().redirect);
+                    }
+                    if (redirect !== undefined) {
+                        $location.search('redirect', null); // remove the 
redirect query param
+                        $location.url(redirect);
+                    } else {
+                        $location.url('/');
+                    }
+                },
+                function(fault) {
+                    messageModel.setMessages(fault.data.alerts, true);
+                    locationUtils.navigateToPath('/');
 
 Review comment:
   if sso fails due to missing user in TO (for example), a 403 is returned 
(invalid username or password) but line 73 sends them to the dashboard (/) 
which is a "private" page so TP makes a call to fetch current authenticated 
user which results in a 401 so you end up with this error message in the UI:
   
   
![image](https://user-images.githubusercontent.com/251272/62395345-2fb41e80-b52d-11e9-902c-a5ef442e4548.png)
   
   so basically that 401 squashed the previous 403 which is the more 
appropriate message. to fix this, i think you should change this line to 
   
   `locationUtils.navigateToPath('/login');`
   
   ^^ the login page is a "public" page that won't attempt to make a call to 
the api to fetch current authenticated user.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to