[ https://issues.apache.org/jira/browse/OFBIZ-12620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542864#comment-17542864 ]
Jacques Le Roux commented on OFBIZ-12620: ----------------------------------------- Sorry guys, I noticed a weird behaviour on trunk demo and I guess it's related to this Jira. When you get to https://demo-stable.ofbiz.apache.org/webtools/control/ServiceLog or https://localhost:8443/webtools/control/ServiceLog the login page shows. But when you get to https://demo-next.ofbiz.apache.org/webtools/control/ServiceLog or https://demo-trunk.ofbiz.apache.org/webtools/control/ServiceLog you get a 401 with this msg: bq. This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Same for trunk. When you are signed off, there is no pb to get to https://demo-trunk.ofbiz.apache.org/webtools/control/main but when you push the Connexion button https://demo-next.ofbiz.apache.org/webtools/control/checkLogin is a pb but not https://demo-stable.ofbiz.apache.org/webtools/control/checkLogin or https://localhost:8443/webtools/control/checkLogin etc. It's maybe related to the HTTPD config. Could you please investigate? Note that dor all cases (demos and locally) https://.../webtools/control fails. I guess it's OK HTH, TIA > Redirect unauthenticated user to login on AJAX calls > ---------------------------------------------------- > > Key: OFBIZ-12620 > URL: https://issues.apache.org/jira/browse/OFBIZ-12620 > Project: OFBiz > Issue Type: Improvement > Components: framework/webapp, themes > Affects Versions: 22.01.01, Upcoming Branch > Reporter: Florian Motteau > Assignee: Nicolas Malin > Priority: Major > Fix For: 22.01.01 > > Attachments: OFBIZ-12620.patch, Peek 18-05-2022 15-37.mp4, > image-2022-05-18-14-47-09-659.png > > > Use case : > * log in, > * open a second browser tab (so both tabs are authenticated), > * in first tab, open a page, where a link opens a modal, the modal content > is fetched through AJAX when user clicks the link, > * log out in second tab, > * in first tab, click on the link, the AJAX request fires, but returns > nothing with a status 200, which result in a white modal without any user > feedback. > Example : > `/workeffort/control/EditWorkEffortRates?workEffortId=PrivateDemoEmployee` > !image-2022-05-18-14-47-09-659.png|width=218,height=124! > This patch does 3 things to improve this behavior : > * return a HTTP status code 401 (Unauthorized) in LoginWorker::checkLogin if > user is not authenticated (no more 200), > * in common-theme, OfbizUtil.js, on AJAX calls handler, if the request fails > with a 401 status code, reload current page (so we land on login form instead > of being stuck in a blank modal) with a new search param `clickOn` containing > the id of the link that triggered the AJAX call, > * on page load, if `clickOn` search parameter exists, trigger a click event > on the link, so the initial modal pops in after a successful login > As a result, il the user tries to open a AJAX-based modal while > unauthenticated, here is what happens : > * modal opens, > * user is immediatly redirected to the page he was, which will be filled with > login form > * after successful login, page is reloaded (no change here), and the modal is > re-opened > [^Peek 18-05-2022 15-37.mp4] -- This message was sent by Atlassian Jira (v8.20.7#820007)