billing: Redirect user to login page if session expires.

If user makes an AJAX request but their session is expired, we redirect user to the login page.
2025-11-02 21:13:36 +00:00 · 2024-02-16 18:27:17 +00:00
parent 98868b7f4a
commit 176c15f74b
2 changed files with 21 additions and 0 deletions
--- a/corporate/lib/decorator.py
+++ b/corporate/lib/decorator.py
@@ -2,6 +2,7 @@ from functools import wraps
 from typing import Callable, Optional
 from urllib.parse import urlencode, urljoin

+import orjson
 from django.conf import settings
 from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
 from django.shortcuts import render
@@ -104,6 +105,18 @@ def authenticated_remote_realm_management_endpoint(
                query = urlencode({"next_page": page_type})
                url = append_url_query_string(url, query)

+            # Return error for AJAX requests with url.
+            if request.headers.get("x-requested-with") == "XMLHttpRequest":  # nocoverage
+                return HttpResponse(
+                    orjson.dumps(
+                        {
+                            "error_message": "Remote billing authentication expired",
+                            "login_url": url,
+                        }
+                    ),
+                    status=401,
+                )
+
            return HttpResponseRedirect(url)

        billing_session = RemoteRealmBillingSession(
--- a/web/src/billing/helpers.ts
+++ b/web/src/billing/helpers.ts
@@ -102,6 +102,14 @@ export function create_ajax_request(
            }
            $(form_input_section).show();
            error_callback(xhr);
+
+            if (xhr.status === 401) {
+                // User session timed out, we need to login again.
+                const login_url = JSON.parse(xhr.responseText)?.login_url;
+                if (login_url !== undefined) {
+                    window.location.href = login_url;
+                }
+            }
        },
    });
 }