Redirect user when loading class summary results in 403

nucleogenesis commented 1 month ago

Summary

When a coach is doing coach things and they are logged out due to timeout, Kolibri will keep track of the last place the user was in. If a coach is doing coach things, then they timeout, but then a Learner logs in again the Learner is redirected to where the coach previously was.

Since the Learner cannot do Coach things, they get a 403 on the classSummary API call.

So we catch that particular error and redirect the user such that they go to wherever they'd normally have gone after logging in.

References

Fixes #12442

Reviewer guidance

Sign in as admin/coach and go to create a quiz
Go to your devtools and delete the kolibri cookie, see that you are redirected to the sign-in page
Sign in as a learner

Before the fix:

The learner would see a blank screen and basically be stuck there

After the fix:

The learner is ~completely~ virtually unaware that they were initially being redirected to Coach things (unless they're keenly watching the URL bar or their devtools as they are still directed to the Coach URL before being re-redirected)

Testing checklist

[ ] Contributor has fully tested the PR manually
[ ] If there are any front-end changes, before/after screenshots are included
[ ] Critical user journeys are covered by Gherkin stories
[ ] Critical and brittle code paths are covered by unit tests

PR process

[ ] PR has the correct target branch and milestone
[ ] PR has 'needs review' or 'work-in-progress' label
[ ] If PR is ready for review, a reviewer has been added. (Don't use 'Assignees')
[ ] If this is an important user-facing change, PR or related issue has a 'changelog' label
[ ] If this includes an internal dependency change, a link to the diff is provided

Reviewer checklist

PR is fully functional
PR has been tested for accessibility regressions
External dependency files were updated if necessary (yarn and pip)
Documentation is updated
Contributor is in AUTHORS.md

github-actions[bot] commented 1 month ago

Build Artifacts

Asset type	Download link
PEX file	kolibri-0.17.3b0.dev0_git.3.g71527243.pex
Windows Installer (EXE)	kolibri-0.17.3b0.dev0+git.3.g71527243-windows-setup-unsigned.exe
Debian Package	kolibri_0.17.3b0.dev0+git.3.g71527243-0ubuntu1_all.deb
Mac Installer (DMG)	kolibri-0.17.3b0.dev0+git.3.g71527243.dmg
Android Package (APK)	kolibri-0.17.3b0.dev0+git.3.g71527243-0.1.4-debug.apk
TAR file	kolibri-0.17.3b0.dev0+git.3.g71527243.tar.gz
WHL file	kolibri-0.17.3b0.dev0+git.3.g71527243-py2.py3-none-any.whl

radinamatic commented 4 weeks ago

Learner is still being stuck with blank page and 403 in the console 😕 (Firefox on Ubuntu)

https://github.com/user-attachments/assets/4bf8ad4b-102f-4391-bc5a-7f3151c0aebc

rtibbles commented 4 weeks ago

Hrm, looks like it's maybe a race condition? If the class notifications endpoint gives a 403 before the class summary endpoint, we see it stuck, but if the class summary endpoint returns then we see the authentication message properly?

learningequality / kolibri