automatically redirect to login if backend auth expires

e000d9a3 · o@immerda.ch · cebe2410 · e000d9a3 · e000d9a3 · e000d9a3
Commit e000d9a3 authored Feb 03, 2019 by o@immerda.ch
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,6 +3,12 @@ require 'zxcvbn'
 class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

+  # Happens when api token times out
+  rescue_from RestClient::Unauthorized, :with => :catch_unauthorized
+  def catch_unauthorized
+    redirect_to '/login'
+  end
+
  before_action :authorize

  before_action :set_locale
@@ -119,7 +125,7 @@ class ApplicationController < ActionController::Base
  end

  def update_session_expiry
-    session[:expires_at] = 15.minutes.from_now.to_i
+    session[:expires_at] = 60.minutes.from_now.to_i
  end
  helper_method :update_session_expiry


--- a/app/controllers/concerns/api_backend.rb
+++ b/app/controllers/concerns/api_backend.rb
@@ -74,6 +74,8 @@ module ApiBackend
        res
      rescue RestClient::BadRequest => e
        raise ApiError.new("400", JSON.parse(e.response)['errors'])
+      rescue RestClient::Unauthorized => e
+        raise e
      rescue => e
        raise ApiError.new("#{e}")
      end

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -5,6 +5,15 @@ require 'jsobfu'
 class SessionsController < ApplicationController
  include ApiBackend

+  def destroy_local
+    reset_user_session
+    if SamlConfig.idp_sso_logout
+      redirect_to SamlConfig.idp_sso_logout
+    else
+      redirect_to '/login'
+    end
+  end
+
  def destroy
    reset_user_session
    redirect_to '/login'

--- a/app/controllers/tfa_controller.rb
+++ b/app/controllers/tfa_controller.rb
@@ -39,7 +39,6 @@ class TfaController < ApplicationController
    redirect_to tfa_path
  end

-
  private
  def fetch_existing_2fa
    res = api.get_totp_names

--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -33,7 +33,7 @@

      <div class="loginstat">
      <% if current_user %>
-        <%= link_to t(:hello), '/' %> <%= current_user %> (<%= link_to (t :logout), if SamlConfig.idp_sso_logout then SamlConfig.idp_sso_logout else '/logout' end %>)
+        <%= link_to t(:hello), '/' %> <%= current_user %> (<%= link_to (t :logout), '/logout_local' %>)
      <% elsif !@handoff %>
        <i><%= t(:main_title) %></i>
      <% end %>

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,6 +3,7 @@ Rails.application.routes.draw do

  get  '/login',           to: 'saml#init'
  get  '/logout',          to: 'sessions#destroy'
+  get  '/logout_local',    to: 'sessions#destroy_local'

  if !Admin::Enabled