channel: Ask spectator to login for unauthenticated requests.

Get complete coverage for channel.
2025-11-04 05:53:43 +00:00 · 2021-09-28 10:20:14 +00:00
parent 50812ead0f
commit 8433ce90dc
3 changed files with 108 additions and 8 deletions
--- a/frontend_tests/node_tests/channel.js
+++ b/frontend_tests/node_tests/channel.js
@@ -4,15 +4,43 @@ const {strict: assert} = require("assert");

 const _ = require("lodash");

-const {mock_jquery, set_global, zrequire} = require("../zjsunit/namespace");
+const {mock_jquery, mock_esm, set_global, zrequire} = require("../zjsunit/namespace");
 const {run_test} = require("../zjsunit/test");
 const blueslip = require("../zjsunit/zblueslip");
+const {page_params} = require("../zjsunit/zpage_params");

 set_global("setTimeout", (f, delay) => {
    assert.equal(delay, 0);
    f();
 });

+const xhr_401 = {
+    status: 401,
+    responseText: '{"msg": "Use cannnot access XYZ"}',
+};
+
+const xhr_password_changes = new WeakMap();
+xhr_password_changes.set(xhr_401, 0);
+
+const setup = mock_esm("../../static/js/setup", {
+    password_change_in_progress: false,
+    password_changes: 0,
+    xhr_password_changes,
+});
+
+let login_to_access_shown = false;
+mock_esm("../../static/js/spectators", {
+    login_to_access: () => {
+        login_to_access_shown = true;
+    },
+});
+
+set_global("window", {
+    location: {
+        replace: () => {},
+    },
+});
+
 const reload_state = zrequire("reload_state");
 const channel = zrequire("channel");

@@ -215,6 +243,67 @@ test("patch_with_form_data", () => {
    });
 });

+test("authentication_error_401_is_spectator", () => {
+    test_with_mock_ajax({
+        xhr: xhr_401,
+        run_code() {
+            channel.post({});
+        },
+
+        // is_spectator = true
+        check_ajax_options(options) {
+            page_params.is_spectator = true;
+
+            options.simulate_error();
+            assert.ok(login_to_access_shown);
+
+            login_to_access_shown = false;
+        },
+    });
+});
+
+test("authentication_error_401_password_change_in_progress", () => {
+    test_with_mock_ajax({
+        xhr: xhr_401,
+        run_code() {
+            channel.post({});
+        },
+
+        // is_spectator = true
+        // password_change_in_progress = true
+        check_ajax_options(options) {
+            page_params.is_spectator = true;
+            setup.password_change_in_progress = true;
+
+            options.simulate_error();
+            assert.ok(!login_to_access_shown);
+
+            setup.password_change_in_progress = false;
+            page_params.is_spectator = false;
+            login_to_access_shown = false;
+        },
+    });
+});
+
+test("authentication_error_401_not_spectator", () => {
+    test_with_mock_ajax({
+        xhr: xhr_401,
+        run_code() {
+            channel.post({});
+        },
+
+        // is_spectator = false
+        check_ajax_options(options) {
+            page_params.is_spectator = false;
+
+            options.simulate_error();
+            assert.ok(!login_to_access_shown);
+
+            login_to_access_shown = false;
+        },
+    });
+});
+
 test("reload_on_403_error", () => {
    test_with_mock_ajax({
        xhr: {
--- a/static/js/channel.js
+++ b/static/js/channel.js
@@ -4,6 +4,7 @@ import * as blueslip from "./blueslip";
 import {page_params} from "./page_params";
 import * as reload_state from "./reload_state";
 import * as setup from "./setup";
+import * as spectators from "./spectators";

 const pending_requests = [];

@@ -69,12 +70,23 @@ function call(args, idempotent) {
                return;
            }

-            // We got logged out somehow, perhaps from another window
-            // changing the user's password, or a session timeout.  We
-            // could display an error message, but jumping right to
-            // the login page conveys the same information with a
-            // smoother relogin experience.
-            window.location.replace(page_params.login_page);
+            if (page_params.is_spectator) {
+                // In theory, the specator implementation should be
+                // designed to prevent accessing widgets that would
+                // make network requests not available to spectators.
+                //
+                // In the case that we have a bug in that logic, we
+                // prefer the user experience of offering the
+                // login_to_access widget over reloading the page.
+                spectators.login_to_access();
+            } else {
+                // We got logged out somehow, perhaps from another window
+                // changing the user's password, or a session timeout.  We
+                // could display an error message, but jumping right to
+                // the login page conveys the same information with a
+                // smoother relogin experience.
+                window.location.replace(page_params.login_page);
+            }
        } else if (xhr.status === 403) {
            try {
                if (
--- a/tools/test-js-with-node
+++ b/tools/test-js-with-node
@@ -45,7 +45,6 @@ EXEMPT_FILES = {
    "static/js/billing/upgrade.js",
    "static/js/blueslip.ts",
    "static/js/blueslip_stacktrace.ts",
-    "static/js/channel.js",
    "static/js/click_handlers.js",
    "static/js/compose_actions.js",
    "static/js/compose_closed_ui.js",