do not delete session token on aborted request

Fixes #2263
liqd · Nov 23, 2016 · a33b5bc · a33b5bc
1 parent 0b03d1f
commit a33b5bc
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/src/adhocracy_frontend/adhocracy_frontend/static/js/Packages/Core/User/Credentials.ts b/src/adhocracy_frontend/adhocracy_frontend/static/js/Packages/Core/User/Credentials.ts
@@ -67,8 +67,10 @@ export class Service {
                     _self.enableToken(token, path);
                     deferred.resolve(true);
                 }, (msg) => {
-                    console.log("Expired or invalid session deleted");
-                    _self.deleteToken();
+                    if (msg.status >= 400) {
+                        console.log("Expired or invalid session deleted");
+                        _self.deleteToken();
+                    }
                     deferred.resolve(false);
                 });
             } catch (e) {

diff --git a/src/adhocracy_frontend/adhocracy_frontend/static/js/Packages/Core/User/User.ts b/src/adhocracy_frontend/adhocracy_frontend/static/js/Packages/Core/User/User.ts
@@ -66,11 +66,12 @@ export class Service {
                 // The user resource that was returned by the server could not be accessed.
                 // This may happen e.g. with a network disconnect
 
-                // FIXME: The request might fail because the window is
+                // The request might fail because the window is
                 // closed. In that case there is no reason to delete
-                // the token. We need to be able to discern the two
-                // cases.
-                _self.adhCredentials.deleteToken();
+                // the token.
+                if (reason[0].status >= 400) {
+                    _self.adhCredentials.deleteToken();
+                }
                 throw "failed to fetch user resource";
             });
     }