[
https://issues.apache.org/jira/browse/OFBIZ-12620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542058#comment-17542058
]
ASF subversion and git services commented on OFBIZ-12620:
---------------------------------------------------------
Commit 09cf6eb4990663040016f32809bb2ad718279562 in ofbiz-framework's branch
refs/heads/trunk from Nicolas Malin
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=09cf6eb499 ]
Improved: Redirect unauthenticated user to login on AJAX calls (OFBIZ-12620)
At this time when you aren't logged and you need to be authenticated for access
to a page, OFBiz return the login page with a http code 200
This set a problem for ajax call to understand why the page returned isn't the
attendee/
This improvement does 3 things :
* return a HTTP status code 401 (Unauthorized) in LoginWorker::checkLogin if
user is not authenticated (no more 200),
* in common-theme, OfbizUtil.js, on AJAX calls handler, if the request fails
with a 401 status code, reload current page (so we land on login form instead
of being stuck in a blank modal) with a new search param `clickOn` containing
the id of the link that triggered the AJAX call,
* on page load, if `clickOn` search parameter exists, trigger a click event
on the link, so the initial modal pops in after a successful login
Thanks to Florian Motteau for this improvement
> Redirect unauthenticated user to login on AJAX calls
> ----------------------------------------------------
>
> Key: OFBIZ-12620
> URL: https://issues.apache.org/jira/browse/OFBIZ-12620
> Project: OFBiz
> Issue Type: Improvement
> Components: framework/webapp, themes
> Affects Versions: 22.01.01, Upcoming Branch
> Reporter: Florian Motteau
> Assignee: Nicolas Malin
> Priority: Major
> Attachments: OFBIZ-12620.patch, Peek 18-05-2022 15-37.mp4,
> image-2022-05-18-14-47-09-659.png
>
>
> Use case :
> * log in,
> * open a second browser tab (so both tabs are authenticated),
> * in first tab, open a page, where a link opens a modal, the modal content
> is fetched through AJAX when user clicks the link,
> * log out in second tab,
> * in first tab, click on the link, the AJAX request fires, but returns
> nothing with a status 200, which result in a white modal without any user
> feedback.
> Example :
> `/workeffort/control/EditWorkEffortRates?workEffortId=PrivateDemoEmployee`
> !image-2022-05-18-14-47-09-659.png|width=218,height=124!
> This patch does 3 things to improve this behavior :
> * return a HTTP status code 401 (Unauthorized) in LoginWorker::checkLogin if
> user is not authenticated (no more 200),
> * in common-theme, OfbizUtil.js, on AJAX calls handler, if the request fails
> with a 401 status code, reload current page (so we land on login form instead
> of being stuck in a blank modal) with a new search param `clickOn` containing
> the id of the link that triggered the AJAX call,
> * on page load, if `clickOn` search parameter exists, trigger a click event
> on the link, so the initial modal pops in after a successful login
> As a result, il the user tries to open a AJAX-based modal while
> unauthenticated, here is what happens :
> * modal opens,
> * user is immediatly redirected to the page he was, which will be filled with
> login form
> * after successful login, page is reloaded (no change here), and the modal is
> re-opened
> [^Peek 18-05-2022 15-37.mp4]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
