Ensure correct no access message is shown (#17445)

* Ensure correct no access message is shown

* Add tests for access error messages

* fix ui tests

core/Access.php

@@ -745,14 +745,15 @@ private function throwNoAccessException($message)
     {
         if (Piwik::isUserIsAnonymous() && !Request::isRootRequestApiRequest()) {
             $message = Piwik::translate('General_YouMustBeLoggedIn');
-        }
-        // Try to detect whether user was previously logged in so that we can display a different message
-        $referrer = Url::getReferrer();
-        $matomoUrl = SettingsPiwik::getPiwikUrl();
-        if ($referrer && $matomoUrl && Url::isValidHost(Url::getHostFromUrl($referrer)) &&
-            strpos($referrer, $matomoUrl) === 0
-        ) {
-            $message = Piwik::translate('General_YourSessionHasExpired');
+
+            // Try to detect whether user was previously logged in so that we can display a different message
+            $referrer = Url::getReferrer();
+            $matomoUrl = SettingsPiwik::getPiwikUrl();
+            if ($referrer && $matomoUrl && Url::isValidHost(Url::getHostFromUrl($referrer)) &&
+                strpos($referrer, $matomoUrl) === 0
+            ) {
+                $message = Piwik::translate('General_YourSessionHasExpired');
+            }
         }
 
         throw new NoAccessException($message);

plugins/IntranetMeasurable/tests/UI/IntranetMeasurable_spec.js

@@ -18,6 +18,11 @@ describe("IntranetMeasurable", function () {
         testEnvironment.save();
     });
 
+    after(async function () {
+        // ensure the newly created site is removed afterwards, so other tests reusing the fixture won't change results
+        await testEnvironment.callApi('SitesManager.deleteSite', { idSite: 64 });
+    });
+
     it("should show intranet selection", async function () {
         await page.goto(url);
         await (await page.jQuery('.SitesManager .addSite:first')).click();

plugins/Login/tests/UI/NoAccess_spec.js

@@ -0,0 +1,61 @@
+/*!
+ * Matomo - free/libre analytics platform
+ *
+ * login & password reset screenshot tests.
+ *
+ * @link https://matomo.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ */
+
+describe("NoAccess", function () {
+    this.timeout(0);
+
+    before(async function () {
+        testEnvironment.testUseMockAuth = 0;
+        testEnvironment.overrideConfig('General', 'login_session_not_remembered_idle_timeout', 1)
+        testEnvironment.save();
+
+        await page.clearCookies();
+    });
+
+    after(async function () {
+        testEnvironment.testUseMockAuth = 1;
+        testEnvironment.save();
+
+        await page.clearCookies();
+    });
+
+    it("should login successfully with user credentials and show error when a site without access is viewed", async function() {
+        await page.clearCookies();
+        await page.goto("?idSite=2");
+        await page.waitForNetworkIdle();
+        await page.type("#login_form_login", "oliverqueen");
+        await page.type("#login_form_password", "smartypants");
+        await page.evaluate(function(){
+            $('#login_form_submit').click();
+        });
+
+        await page.waitForNetworkIdle();
+
+        expect(await page.screenshot({ fullPage: true })).to.matchImage('login_noaccess');
+    });
+
+    it("should show session timeout error", async function() {
+        await page.clearCookies();
+        await page.goto("");
+        await page.waitForNetworkIdle();
+        await page.type("#login_form_login", "oliverqueen");
+        await page.type("#login_form_password", "smartypants");
+        await page.evaluate(function(){
+            $('#login_form_submit').click();
+        });
+
+        await page.waitFor(60500); // wait for session timeout
+
+        await page.click('#topmenu-corehome');
+        await page.waitForNetworkIdle();
+
+        expect(await page.screenshot({ fullPage: true })).to.matchImage('login_session_timeout');
+    });
+
+});