fix(core): Redirect to login page rather than 403 if not signed in #1496
Conversation
|
@hyperreality Aren't there instances where we would have an Maybe we should check for both Or maybe simpler to do: if (!Authentication.user) {
// redirect to login
} else {
// redirect to forbidden
} |
|
I considered that, but after playing around with the app a bit I couldn't reach a state where Authentication.user was undefined. I'm not sure we need to worry about the case where people will create a different layout view in which the user object isn't embedded, because then they would have to rewrite the entire |
|
Perfect answer! Thanks! LGTM. We'll wait to see if others want to chime in over the next day or so. |
|
BTW this is good to keep in mind with JS: Matches only but... equals: |
|
@simison, yes, sometimes that shortcut is helpful, but eslint will complain about the lazy comparison operator |
|
I dont get this to work? its still not redirecting for me. |
* Added configuration for owasp. Synchronize client owap configs with the server configs. Also added a time indicator on failed login attempts to give the user feedback on subsequent failed login attempts. * switched to handlebar template for passing the server's owasp config down to the client. reverted some of the other changes (regarding the http request). * Removed debug code. * Changed variable name to owaspConfig * Fixed minor type-o's and set owasp.config() rather than the underlying configs. * chore(tidy): tidying up minor lint and layout issues * fix(lint): CSS alphabetize warnings (#1498) Fixes css lintings warnings of properties not alphabetized. * fix(authentication) Stops error on signin/signup (#1495) Uses the passport info object to simplify login and remove the need to temporarily cache the redirect within the session. * Moved owasp config into default and reverted other config files. Modified config to be "shared". This will allow future configurations to be easily passed to the client. * fixed 403 redirect if not signed in (#1496) * Update form-article.client.view.html For New Article, delete function no required * UI changes for mobile; autofocus * fixed broken password popover balloon * add e2e test for autofocus * Remove test, fix delete social login button * feat(core): Move template to .github folder * Deprecated $http success/error promise methods (#1508) Replaces the $http service calls with promise based methods of the client-side UsersService for the following: Users Change Password Users Manage Social Accounts Users Password Forgot Users Password Reset Users Signup Users Signin Modifies tests to reflect changes. Closes #1479 * rebase
feat(users): Redirect to login page rather than 403 if not signed in
Non-signed in users are being redirected to the unfriendly 403 forbidden page instead of the sign in page as should be the case. Fixed the tiny bug in the code that caused this to happen.