Merge pull request #15181 from marefr/fix_ping_unauthorized

auth: /api/login/ping fixes

Merge pull request #15181 from marefr/fix_ping_unauthorized
auth: /api/login/ping fixes
60d7d9c6 · Torkel Ödegaard · GitHub · d4ecba52 · cfd8eb51 · 60d7d9c6
Commit 60d7d9c6 authored Feb 04, 2019 by Torkel Ödegaard Committed by GitHub Feb 04, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 13 deletions

pkg/api/api.go
+2 -2

public/app/core/services/backend_srv.ts
+26 -11

No files found.
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -108,8 +108,8 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Get("/api/snapshots-delete/:deleteKey", Wrap(DeleteDashboardSnapshotByDeleteKey))
 	r.Delete("/api/snapshots/:key", reqEditorRole, Wrap(DeleteDashboardSnapshot))

-	// api renew session based on remember cookie
-	r.Get("/api/login/ping", quota("session"), hs.LoginAPIPing)
+	// api renew session based on cookie
+	r.Get("/api/login/ping", quota("session"), Wrap(hs.LoginAPIPing))

 	// authed api
 	r.Group("/api", func(apiRoute routing.RouteRegister) {

--- a/public/app/core/services/backend_srv.ts
+++ b/public/app/core/services/backend_srv.ts
 import _ from 'lodash';
 import coreModule from 'app/core/core_module';
 import appEvents from 'app/core/app_events';
+import config from 'app/core/config';
 import { DashboardModel } from 'app/features/dashboard/state/DashboardModel';

 export class BackendSrv {
@@ -103,10 +104,17 @@ export class BackendSrv {
      err => {
        // handle unauthorized
        if (err.status === 401 && this.contextSrv.user.isSignedIn && firstAttempt) {
-          return this.loginPing().then(() => {
-            options.retry = 1;
-            return this.request(options);
-          });
+          return this.loginPing()
+            .then(() => {
+              options.retry = 1;
+              return this.request(options);
+            })
+            .catch(err => {
+              if (err.status === 401) {
+                window.location.href = config.appSubUrl + '/logout';
+                throw err;
+              }
+            });
        }

        this.$timeout(this.requestErrorHandler.bind(this, err), 50);
@@ -184,13 +192,20 @@ export class BackendSrv {

        // handle unauthorized for backend requests
        if (requestIsLocal && firstAttempt && err.status === 401) {
-          return this.loginPing().then(() => {
-            options.retry = 1;
-            if (canceler) {
-              canceler.resolve();
-            }
-            return this.datasourceRequest(options);
-          });
+          return this.loginPing()
+            .then(() => {
+              options.retry = 1;
+              if (canceler) {
+                canceler.resolve();
+              }
+              return this.datasourceRequest(options);
+            })
+            .catch(err => {
+              if (err.status === 401) {
+                window.location.href = config.appSubUrl + '/logout';
+                throw err;
+              }
+            });
        }

        // populate error obj on Internal Error