[ofbiz-framework] branch release22.01 updated: Improved: Redirect unauthenticated user to login on AJAX calls (OFBIZ-12620)

[nmalin]

This is an automated email from the ASF dual-hosted git repository.

nmalin pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release22.01 by this push:
     new 5f19f02349 Improved: Redirect unauthenticated user to login on AJAX 
calls (OFBIZ-12620)
5f19f02349 is described below

commit 5f19f023491161a35f3705d90822797666be3c2c
Author: Nicolas Malin <nicolas.ma...@nereide.fr>
AuthorDate: Wed May 25 15:37:45 2022 +0200

    Improved: Redirect unauthenticated user to login on AJAX calls (OFBIZ-12620)
    
    At this time when you aren't logged and you need to be authenticated for 
access to a page, OFBiz return the login page with a http code 200
    
    This set a problem for ajax call to understand why the page returned isn't 
the attendee/
    
    This improvement does 3 things :
       * return a HTTP status code 401 (Unauthorized) in 
LoginWorker::checkLogin if user is not authenticated (no more 200),
       * in common-theme, OfbizUtil.js, on AJAX calls handler, if the request 
fails with a 401 status code, reload current page (so we land on login form 
instead of being stuck in a blank modal) with a new search param `clickOn` 
containing the id of the link that triggered the AJAX call,
       * on page load, if `clickOn` search parameter exists, trigger a click 
event on the link, so the initial modal pops in after a successful login
    
    Thanks to Florian Motteau for this improvement
---
 .../apache/ofbiz/webapp/control/LoginWorker.java   |  2 ++
 .../webapp/common/js/util/OfbizUtil.js             | 22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
index d254502bef..2e71e537d4 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
@@ -45,6 +45,7 @@ import javax.servlet.http.HttpSession;
 import javax.servlet.jsp.PageContext;
 import javax.transaction.Transaction;
 
+import org.apache.http.HttpStatus;
 import org.apache.ofbiz.base.component.ComponentConfig;
 import org.apache.ofbiz.base.component.ComponentConfig.WebappInfo;
 import org.apache.ofbiz.base.util.Debug;
@@ -362,6 +363,7 @@ public final class LoginWorker {
                 if (UtilValidate.isNotEmpty(formParams)) {
                     session.setAttribute("_PREVIOUS_PARAM_MAP_FORM_", 
formParams);
                 }
+                response.setStatus(HttpStatus.SC_UNAUTHORIZED);
                 return "error";
             }
         }
diff --git a/themes/common-theme/webapp/common/js/util/OfbizUtil.js 
b/themes/common-theme/webapp/common/js/util/OfbizUtil.js
index 252dc457ee..6fa854eef9 100644
--- a/themes/common-theme/webapp/common/js/util/OfbizUtil.js
+++ b/themes/common-theme/webapp/common/js/util/OfbizUtil.js
@@ -23,6 +23,9 @@ var LAST_AUTOCOMP_REF = null;
 //default ajax request timeout in milliseconds
 var AJAX_REQUEST_TIMEOUT = 5000;
 
+// Search param : id of a link to be clicked right away
+var SP_CLICK_ON = 'clickOn';
+
 // Add observers on DOM ready.
 $(document).ready(function() {
     // add CSRF token to jQuery AJAX calls to the same domain
@@ -77,6 +80,14 @@ $(document).ready(function() {
     jQuery(document).ajaxSuccess(function () {
         initNamedBorders();
     });
+
+    // if clickOn search parameter is present, click on a#SP_CLICK_ON
+    const currentUrl = new URL(window.location.href);
+    const openModal = currentUrl.searchParams.get(SP_CLICK_ON);
+    const modalLink = jQuery(`#${openModal}`);
+    if (openModal && modalLink.length) {
+        modalLink.first().click();
+    }
 });
 
 /* bindObservers function contains the code of adding observers and it can be 
called for specific section as well
@@ -205,6 +216,17 @@ function bindObservers(bind_element) {
                     success: function(data) {
                         dialogContainer.html(data);
                         bindObservers(dialogContainer);
+                    },
+                    error: (xhr) => {
+                        // unauthorized user, reload page with the link id so 
we can reopen the modal
+                        if (xhr.status === 401) {
+                            const url = new URL(window.location.href);
+                            url.searchParams.append(SP_CLICK_ON, 
element.attr('id'));
+                            window.location.replace(url.toString());
+                        } else {
+                            // display some feedback in the modal body
+                            dialogContainer.text(`An unexpected server error 
occurred (status : ${xhr.status}).`);
+                        }
                     }
                 });
             }