Log out user after 401 or 403 error

[SystemZ]

This is very important bugfix, unfortunately it doesn't log out user with malformed token :cry:

Steps to reproduce:

1. Log in
2. Add one random character to token in localStorage
3. Click on any link on sidebar

Result: Errors in console, user is still logged in

Expected result: Logout then display notification about expired session

[Libter]

I can't reproduce error on branch from this PR:

1. Log in
2. localStorage.setItem("token", localStorage.getItem("token" + "c"))
3. Click on any link on sidebar

Result: Errors in console, user is logged out and redirected to /login page.

Notification about expired session will be added.

[SystemZ]

Ok, maybe more details will help debugging. Maybe I'm doing something wrong or it's OS/Browser dependent.

Ubuntu 16.04 64bit Chrome 56.0.2924.87 (64-bit)

git clone https://github.com/Libter/spawn-frontend-material
cd spawn-frontend-material
git checkout issue69
npm install
npm run dev

After logging in with fresh user from https://demoapi.lvlup.pro/v3/auth/register on incognito mode I edit localStorage with devtools by adding z before first char then clicking payments page. Next this happens:

[Libter]

It's another problem with Access-Control-Allow-Origin - for tests it should be always * (#18) and for production always my.lvlup.pro. Currently it's set properly only if response doesn't contains errors.

I forgot that I was using chrome browser with --disable-web-security flag which gave me correct error:

[SystemZ]

Ok so it's CORS related if works for you with --disable-web-security. On demo it's configured like this: https://enable-cors.org/server_nginx.html Some vodoo must be missing from CORS config.

[SystemZ]

Oh no, it's CORS nginx related for error results http://serverfault.com/a/431580/195911

[SystemZ]

http://nginx.org/en/docs/http/ngx_http_headers_module.html

Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307. A value can contain variables.

http://serverfault.com/a/647552/195911

Since Nginx 1.7.5 you can use always to add a header irrespective of the response code:

add_header X-Test "blahblahblah" always;

After boxing with nginx I think it's working on dev env, now I just rewrite new config for demo and prod and deploy ETA 10min

[SystemZ]

Ok, CORS patch is online and this code works now :tada: Unfortunately when logging in with wrong credentials there is also a "Session expired" notification. Can you try fix it? Then I can finally merge :>

[Libter]

Done. In the future backend may return standard JSON response (HTTP code: 200) like { "error": true, "code": "invalid_password" }, { "error": true, "code": "token_expired" }, { "error": true, "code": "invalid_token" }, etc. instead of error code 401 - this will make error handling much more accurate.