Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Error 422 after session timeout #143

Merged
merged 5 commits into from
Oct 13, 2023
Merged

fix: Error 422 after session timeout #143

merged 5 commits into from
Oct 13, 2023

Conversation

Quentinchampenois
Copy link
Contributor

@Quentinchampenois Quentinchampenois commented Oct 12, 2023
edited
Loading

🎩 Description

Please describe your pull request.

When user is logged in and session expires, she is automatically logged out. When user is logged out from a restrictive route, she is redirected to signin route without reload and CSRF token is now expired on form submit, causing a 422 Error "InvalidAuthenticityToken"

This PRs aims to change after_sign_out_path from "request.referer" to "stored_location_for(user)"

📌 Related Issues

Link your PR to an issue

Testing

Describe the best way to test or validate your PR.

  • Run application with env var DECIDIM_SESSION_TIMEOUT=1 (unit: Minutes)
  • Log in as user
  • Access restrictive route like /admin
  • Wait a minute to be automatically logged out
  • Log again
  • You should not see a blank screen

Testing using Docker

  • Replace DECIDIM_SESSION_TIMEOUT value in both services in file docker-compose.local.yml
  • Run make run
  • Wait containers to be ready
  • Access https://localhost:3000

Tasks

  • Add specs
  • Extend Sign out path in sessions controller
  • Add env var DECIDIM_SESSION_TIMEOUT

Extra info

  • Add env var DECIDIM_SESSION_TIMEOUT
  • I am not completely sure if it really solves the 422 issue on log out but I can't reproduce this behaviour with this fix.

@Quentinchampenois Quentinchampenois changed the title Fix/422 error after timeout fix: Error 422 after session timeout Oct 12, 2023
@Quentinchampenois Quentinchampenois marked this pull request as ready for review October 12, 2023 11:04
@luciegrau luciegrau requested review from paulinebessoles and removed request for AyakorK October 13, 2023 09:13
@luciegrau luciegrau merged commit 46963f0 into develop Oct 13, 2023
10 checks passed
@Quentinchampenois Quentinchampenois deleted the fix/422_error_after_timeout branch March 12, 2024 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulinebessoles paulinebessoles paulinebessoles approved these changes

@luciegrau luciegrau luciegrau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Quentinchampenois @paulinebessoles @luciegrau