Open LanesGood opened 1 year ago
LanesGood
commented
1 year ago The team page does have an error handler, but no 401 is thrown by the API when a user is not authenticated: https://github.com/developmentseed/osm-teams/blob/develop/src/pages/teams/%5Bid%5D/index.js#L206
Investigate src/middlewares/base-handler.js
LanesGood
commented
1 year ago Invitations do throw an error status if the user is not logged in, and this is rendered on the frontend:
All protected routes should check for user authentication, permission, and throw proper errors to render this message when an unauthenticated user visits a protected route.
LanesGood
commented
1 year ago Example: the nextauth page is displayed when I visit an org page and am not logged in, instead of a "this page is protected" page:
Ensure that the API throws a 401 error when user is not authenticated, and then ensure the frontend displays appropriate error messages.