Merge pull request #365 from sharelatex/bg-redirect-to-login-on-403

redirect to login on 403
2025-03-22 02:04:31 +00:00 · 2016-11-07 14:44:08 +00:00 · 2016-11-07 14:44:08 +00:00 · f77ee597f4
commit f77ee597f4
parent 0b50623d51 6f41dddb42
4 changed files with 27 additions and 4 deletions
--- a/services/web/app/views/project/editor/editor.jade
+++ b/services/web/app/views/project/editor/editor.jade
@ -24,7 +24,7 @@ div.full-size(
 			keybindings="settings.mode",
 			font-size="settings.fontSize",
 			auto-complete="settings.autoComplete",
-			spell-check="true",
+			spell-check="!anonymous",
 			spell-check-language="project.spellCheckLanguage",
 			highlights="onlineUserCursorHighlights[editor.open_doc_id]"
 			show-print-margin="false",
--- a/services/web/public/coffee/directives/asyncForm.coffee
+++ b/services/web/public/coffee/directives/asyncForm.coffee
@ -24,8 +24,10 @@ define [

 					scope[attrs.name].inflight = true

+					# for asyncForm prevent automatic redirect to /login if
+					# authentication fails, we will handle it ourselves
 					$http
-						.post(element.attr('action'), formData)
+						.post(element.attr('action'), formData, {disableAutoLoginRedirect: true})
 						.success (data, status, headers, config) ->
 							scope[attrs.name].inflight = false
 							response.success = true
--- a/services/web/public/coffee/main/account-settings.coffee
+++ b/services/web/public/coffee/main/account-settings.coffee
@ -57,6 +57,7 @@ define [
 							"Content-Type": 'application/json'
 						data:
 							password: $scope.state.password
+						disableAutoLoginRedirect: true # we want to handle errors ourselves
 					})
 					.success () ->
 						$modalInstance.close()
--- a/services/web/public/coffee/modules/errorCatcher.coffee
+++ b/services/web/public/coffee/modules/errorCatcher.coffee
@ -9,6 +9,26 @@ app.config ['$provide', ($provide) ->
 	]
 ]

-# TODO: add support for an errorHttpInterceptor to catch failing ajax
-# requests as described at
+# Interceptor to check auth failures in all $http requests
 # http://bahmutov.calepin.co/catch-all-errors-in-angular-app.html
+
+app.factory 'unAuthHttpResponseInterceptor', ['$q','$location', ($q, $location) ->
+		responseError: (response) ->
+			# redirect any unauthorised or forbidden responses back to /login
+			#
+			# set disableAutoLoginRedirect:true in the http request config
+			# to disable this behaviour
+			if response.status in [401, 403] and not response.config?.disableAutoLoginRedirect
+				# for /project urls set the ?redir parameter to come back here
+				# otherwise just go to the login page
+				if window.location.pathname.match(/^\/project/)
+					window.location = "/login?redir=#{encodeURI(window.location.pathname)}"
+				else
+					window.location = "/login"
+			# pass the response back to the original requester
+			return $q.reject(response)
+]
+
+app.config ['$httpProvider', ($httpProvider) ->
+	$httpProvider.interceptors.push 'unAuthHttpResponseInterceptor'
+]