Expired editor session 401 on save has unhelpful error message

[novaugust]

Issue Summary

If your session expired on the editor and you attempt a save, the error is reported as Unknown Error. Worse, you're going to be prompted to leave/stay because of the unauthed redirect. Staying, however, won't let you save your work.

Reproduction Steps

1. Edit a post
2. Expire your token (could someone with more DB knowledge than me give steps for this? @sebgie)
3. Save your post
4. Worthless error

Specs

Latest Chrome,
Ghost Pro 0.5.6

I'm not sure much can be done about the modal; I'd consider this issue solved if the 401 just showed a more helpful "You aren't logged in" error message. Because of that, I'd call this a beginner issue, eh?

[jonathanyeong]

Can I take this issue? I'm looking for a way to contribute to this awesome platform. I'm new to the Ghost project though so it might take me a while. If it's pressing someone else should take this. :)

[novaugust]

I reckon it's about the farthest thing from pressing ;) It's all yours.
Don't hesitate to speak up here or irc (#ghost) if you have any questions!

On Sat, Dec 6, 2014 at 2:43 PM, Jonathan Yeong notifications@github.com
wrote:

Can I take this issue? I'm looking for a way to contribute to this awesome
platform. I'm new to the Ghost project though so it might take me a while.
If it's pressing someone else should take this. :)

—
Reply to this email directly or view it on GitHub
#4596 (comment).

[ErisDS]

Just as a heads up, there is other work being done to improve the behaviour when a 401 happens: #3492

However, changing the save error message to say something useful would still be good :)

[jonathanyeong]

Thanks for the heads up. I'm just trying to familiarise myself with the Ghost project and I'm wondering if there is a nice way to manually expire a token (other wise you'd have to wait?).

[novaugust]

@jonathanyeong I have a method, though it's a bit of work. I'm sure the DB people could help do it easier, but my mysql foo is weak.

1. Have the ember inspector installed (honestly, you need this to do any development with ghost's admin client)
2. Open the inspector
3. Go to "routes"
4. click on the >$E next to ApplicationRoute
   Now, if you type $E in your console, you're messing with the ApplicationRoute.
5. type $E.send("invalidateSession") into your console, but don't hit it yet. this was just setup.
6. open a post to edit
7. make some changes to your post, and now hit enter on what you typed in step 5. you have to do this within the 3 second autosave limit, or your post will already be saved and you'll just be shipped to sign in screen.
8. hit stay on page on the confirm box
9. now try saving, and you'll see the error i was describing

...... ridiculous, but it works

[novaugust]

Hit me up on IRC if you need help with that repro

[jonathanyeong]

Awesome! Thanks for the steps and I will definitely will hit you up on IRC if I run into problems.

[sebgie]

The solution @novaugust posted above doesn't seem to be a bad option to me :).

Another way would be to delete all accesstokens from the DB:

• log in and open a post to edit
• open the DB (with a client of your choice)
• delete all entries from the accesstokens table (SQL: Delete from accesstokens;)
• delete all entries from the refreshtokens table (SQL: Delete from refreshtokens;)
• try to save (unknown error message and leave page dialog are shown)

[ErisDS]

I don't think this is a problem now that #3492 is in? Seems like the reauthentication flow is working quite nicely now.