Unauthorized client side routing #796
Conversation
| templateUrl: 'modules/core/views/400.client.view.html' | ||
| }) | ||
| .state('unauthorized', { | ||
| url: '/unauthorized', |
|
@ilanbiala Not that I am looking at this, I don't think we should do interceptors for bad request on the client side.... Server side is throwing them quite a bit, even for things like article is not found. Guessing we don't want a redirect on these errors... Or do we? |
|
@trainerbill can you elaborate more on the requirement/purpose of this PR? I'm not really following what's it about. |
@trainerbill yes, this is the intention. 404 should go use $state.transitionTo on the client to go to the 404 page. This will all make better sense when resolves are used properly. I am not a fan of having the pub/sub implementation here, I don't see the value of doing it this way. The only thing I can think of is you tried implementing state.go in the http interceptor and ran in to the circular reference issue. You need to use |
|
@lirantal HTTP interceptors will do certain actions if the server responds with certain error codes. So for like an unauthorized 401 response I created a route so that the client will redirect to the route so the user knows they are unauthorized. This will come in handy when a user views an article then adds /edit to the end of the URL of an article that they don't own. I suggest pulling the branch and checking it out. Login with a user account and try to go to /admin/users. View an article the user doesn't own and add a /edit to the URL and try and edit the article. You will go to the unauthorized route. @rhutchison The example you gave me was based on pub/sub. I actually like the idea. So then in the module controllers we can broadcast the unauth event and it does the same thing every time for certain events. $state couldn't be injected into config so that is why I went with pub/sub but after doing it I kinda like it. As a framework/middleware we should really have events like this to make it easier on the modules. Just do a $rootScope.broadcast(events) and we handle everything for the modules. As for 404, the only reason I don't like it is because the backend throws them a lot. I don't think that redirecting to a bad-request route is a better option then just displaying the error on the client since the bad request error message is variable. Then the user has to hit the back button to get back to their previous state. |
|
@rhutchison Removed Modal, Removed Pub/Sub, changed unauthorized to forbidded to align with the http status code. 401 goes to authentication 403 goes to forbidden. |
trainerbill
force-pushed
the
UnauthorizedRoute2
branch
from
4b1eac7 to
d8eec6f
Compare
|
LGTM - thank you. |
|
@lirantal. This is ready to merge |
|
@trainerbill I pulled this branch and tested. A few things I noticed... Forgive me if you're aware of these issues.. When not signed in, I go to an invalid route. I'm redirected to the Bad Request state. Now if sign in successfully, I'm redirected back to the Bad Request state. If a 400 status is returned from the server, it redirects to the Bad Request, even if the 400 was caused by an invalid form submission; for instance, incorrect credentials at login. I saw mention of the issue where the user can add @trainerbill Overall this looks really good. Thanks. |
|
@mleanos Thanks for taking it for a test drive. I was actually worried on the bad request 400 interceptor as the backend seems to throw them quite a bit. I am going to remove the 400 interceptor just to get the PR in. The forbidden route and interceptor is what I really want in. @rhutchison any issue with this? The /edit route will be taken care of by the article refactor PR #800 |
trainerbill
force-pushed
the
UnauthorizedRoute2
branch
from
55164b3 to
a873414
Compare
| @@ -0,0 +1,23 @@ | |||
| 'use strict'; | |||
|
|
|||
| //Articles service used for communicating with the articles REST endpoints | |||
There was a problem hiding this comment.
remove unrelated comment
trainerbill
force-pushed
the
UnauthorizedRoute2
branch
from
2f59044 to
19c1c59
Compare
| $locationProvider.html5Mode(true).hashPrefix('!'); | ||
| } | ||
| angular.module(ApplicationConfiguration.applicationModuleName).config(['$locationProvider', '$httpProvider', | ||
| function ($locationProvider, $httpProvider) { |
trainerbill
force-pushed
the
UnauthorizedRoute2
branch
from
28ec9a7 to
3258163
Compare
|
LGTM thanks @trainerbill |
|
@trainerbill I see the 400 is removed, so the issue with the invalid form submission is resolved. Thanks. I'm still seeing that when I get sent to the not-found state, and then login I'm getting redirected back to the not-found state. Were you waiting to handle that in a separate PR? Other than that everything looks good to me.
This LGTM, and appears to be ready for merging. |
|
LGTM |
|
@mleanos @trainerbill @codydaig Please review #843
|
trainerbill
force-pushed
the
UnauthorizedRoute2
branch
from
d3c3f30 to
979c4e5
Compare
|
Don't merge yet. Writing tests |
trainerbill
force-pushed
the
UnauthorizedRoute2
branch
2 times, most recently
from
58572ce to
3bd74cd
Compare
|
@lirantal @rhutchison Ready to merge |
Added Auth Interceptor tests cleaned up test Update routes
trainerbill
force-pushed
the
UnauthorizedRoute2
branch
from
1ff8089 to
ed89f9e
Compare
|
LGTM |
Unauthorized client side routing
Reintroducing to master branch. closing #727
@ilanbiala @lirantal @rhutchison @codydaig