[BUG] 404 errors when trying to reach Dashboard's admin section

[joewiz]

Describe the bug

Many users have reported that after upgrading to Dashboard v2.0.8 (the latest version, which ships with eXist 5.3.0), the admin section of Dashboard yields persistent 404 errors—rendering the admin functions of Dashboard inaccessible. Clearing cookies and cache may (or may not) temporarily relieve the problem, but it returns under common circumstances, involving logging into other eXIst apps like eXide and restarting eXist.

Expected behavior

There should not be a 404 error when using Dashboard's admin section.

To Reproduce

1. Prepare a fresh installation of eXist 5.3.0 (and thus Dashboard v2.0.8) - to rule out any stale database contents
2. In your browser, open an Incognito/Private window - to rule out stale cookie or cache from previous sessions)
3. Open eXide, and log in as admin with "Remember me" checkbox selected
4. Restart eXist
5. In the same Incognito/Private browser window, open Dashboard, and log in as admin
6. After submitting the credentials, you'll get a 404 error
7. Removing "admin" from URL will return you to the guest view, where you can try logging in again, but you'll get the 404

Discussion

Step 2 sets a cookie, like this:

Name: org.exist.login 
Value: 4pOvIen3syA47U9uBq+Fmg==:sApVZ0KG+vyo9vGZxgzTHA==
Domain: localhost
Path: /exist
Expires: 2021-07-27T03:47:07.146Z
Size: 64
HttpOnly: 
Secure: 
SameSite:
SamePage: 
Priority: Medium

After restarting in step 4, this cookie persists.

Only when you delete this org.exist.login cookie is Dashboard's admin section accessible again. There are a few methods to delete the cookie:

1. Log out and back into eXide or monex
2. Use your browser's Developer Tools > Application to locate the cookie and delete it
3. Run response:set-cookie("org.exist.login", "", xs:duration("PT1S"), false(), "localhost", "/exist") in eXide.

Thus, it appears that something about the stale org.exist.login persistent login cookie throws off Dashboard and triggers this 404.

Context (please always complete the following information):

• OS: macOS 11.4
• eXist-db Version: 5.3.0
• Java Version: OpenJDK 1.8.0_292 (liberica-jdk8-full)
• App Version: 2.0.8

Additional context

• How is eXist-db installed? DMG
• Any custom changes in e.g. conf.xml? none

[line-o]

replace

dashboard/controller.xql

Line 88 in 603060a

) else ()

with

    ) else (
        <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
            <forward url="login.html">
                <cache-control cache="no"/>
                <set-header name="Cache-Control" value="no-cache"/>
            </forward>
        </dispatch>
    )

will forward to the login page (infamously known from #156) but fix the 404 error and will let you access the admin section.

    ) else (
        <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
          <redirect url="index.html"/>
        </dispatch>
    )

could be what we are really after, redirecting users that are "effectively" logged in but not as administrators back to the normal launcher view with the possibility to log in.

[line-o]

I will happily create a PR once we decided if one of the above is good enough. @joewiz @JoernT

[JoernT]

@line-o yep, please do so. Would go with variant 2.

[joewiz]

@line-o Thanks for fixing this - and, in particular, of your own accord!