(js) Improve CAS handling

Fixes #4468
Alinto · Jan 22, 2019 · 9596ac2 · 9596ac2
1 parent fcbec9a
commit 9596ac2
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 11 deletions.
diff --git a/NEWS b/NEWS
@@ -8,6 +8,7 @@ Bug fixes
  - [web] fixed all-day event dates with different timezone
  - [web] fixed display of Bcc header (#4642)
  - [web] fixed refresh of drafts folder when saving a draft
+ - [web] fixed CAS session timeout handling during XHR requests (#4468)
  - [core] ignore transparent events in time conflict validation (#4539)
  - [core] fixed yearly recurrence calculator when starting from previous year
 

diff --git a/UI/WebServerResources/js/Common/Common.app.js b/UI/WebServerResources/js/Common/Common.app.js
@@ -310,18 +310,26 @@
         if (/^application\/json/.test(rejection.config.headers.Accept)) {
           // Handle CAS ticket renewal
           if ($window.usesCASAuthentication && rejection.status == -1) {
-            deferred = $q.defer();
-            iframe = angular.element('<iframe class="ng-hide" src="' + $window.UserFolderURL + 'recover"></iframe>');
-            iframe.on('load', function() {
-              // Once the browser has followed the redirection, send the initial request
-              var $http = $injector.get('$http');
-              $http(rejection.config).then(deferred.resolve, deferred.reject);
-              iframe.remove();
-            });
-            document.body.appendChild(iframe[0]);
-            return deferred.promise;
+            if ($window.attempted) {
+              // Already attempted once -- reload page
+              $window.location.reload(true);
+            }
+            else {
+              deferred = $q.defer();
+              iframe = angular.element('<iframe class="ng-hide" src="' + $window.UserFolderURL + 'recover"></iframe>');
+              iframe.on('load', function() {
+                // Once the browser has followed the redirection, send the initial request
+                var $http = $injector.get('$http');
+                $http(rejection.config).then(deferred.resolve, deferred.reject);
+                iframe.remove();
+                $window.attempted = true;
+              });
+              document.body.appendChild(iframe[0]);
+              return deferred.promise;
+            }
           }
-          else if ($window.usesSAML2Authentication && rejection.status == 401) {
+          else if ($window.usesSAML2Authentication && rejection.status == 401 && !$window.attempted) {
+            $window.attempted = true;
             $window.location.reload(true);
           }
           else {