Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not reload on timeout #1838

Closed
jrchudy opened this issue Aug 13, 2019 · 3 comments
Closed

Do not reload on timeout #1838

jrchudy opened this issue Aug 13, 2019 · 3 comments
Assignees
@jrchudy
Labels
bug recordedit

Comments

@jrchudy
Copy link
Member

jrchudy commented Aug 13, 2019

If the user's session is timed out on recordedit and they log back in (same user), do not reload the page. Check to see if the previous user (reference.session info) is the same as the new user that just logged in to accomplish this. Related to issue #1837 .
@RFSH RFSH mentioned this issue Feb 18, 2020
Closed
@RFSH RFSH added the bug label Feb 18, 2020
@jrchudy jrchudy self-assigned this Feb 29, 2020
@jrchudy jrchudy mentioned this issue Mar 10, 2020
Closed
@jrchudy
Copy link
Member Author

jrchudy commented Mar 10, 2020
edited
Loading

There are 3 cases that can occur with respect to a user being timed out/logged out. The following is how the 3 cases will be handled in recordedit:

  1. The same user signs in again, the data submission request is "retried" and the workflow remains the same as previous if errors occur
  2. A different user signs in, this user does NOT have permission to create/edit for that table or specific row of data.
    • notify the user the specific record was being created/edited by someone else (identity name)
    • error dialog popup that can NOT be dismissed
  3. A different user signs in, this user HAS permission to create/edit for that table or specific row of data.
    • the same as detailed above about showing an error dialog and saying who the user was

I created an issue (#1916) to keep track of the case with read requests.

@jrchudy
Copy link
Member Author

jrchudy commented Mar 12, 2020

Another case that can occur is that the user X (original user) has multiple recordedit pages open at once. The submission in one page will trigger the session timeout login dialog to popup, if the user logs in with a different user (user Y) that CAN submit this data, then blocking them in 1 tab won't keep user Y from submitting requests in the other tabs that were started by user X.

The UX will show them as user X still in those other tabs, but upon data submission, the user information will be fetched from webauthn, and it will be user Y that has submitted that data creation or update when they shouldn't be able to. This can be mitigated by having an onfocus event that gets the current session from webauthn and does a check to see if the previous user is the same as the current user before allowing the submission to occur.

@jrchudy jrchudy mentioned this issue Mar 23, 2020
Merged
@jrchudy
Copy link
Member Author

jrchudy commented Mar 26, 2020
edited
Loading

Error modal:
image

Text from modal:

Continuing on this page requires that you be logged in as prev user full_name (display_name). However, you are currently curr user full_name (display_name).

Click Reload to start over with the identity "curr user full_name (display_name)"; or

Click Continue to continue as "prev user full_name (display_name)" after you restore your login status to. Instructions on how to restore login is in Switch User Accounts Document.

NOTE: When the user is anonymous, and this error is triggered, curr user will be "anonymous".

Text from modal (session expires):

Your session has expired. Continuing on this page requires that you be logged in as prev user full_name (display_name).

Click Reload to start over with limited anonymous access; or

Click Login to login and continue access as "prev user full_name (display_name)*.

Identity management instructions:

https://dev.rebuildingakidney.org/~jchudy/chaise/logout/logoutInstructions.html

Switch to a different user identity

If a different identity is used to login unintentionally and you want to go back to your previous identity without loosing your existing work (e.g. the data submission content), please follow the following steps to switch identity.

  • Use a different tab to access the navigation bar, then click the "Log out" button in the upper right corner on the navigation bar. Or click logout here.

  • While logging out, please make sure that you also logout from your identity provider (such as Globus, Google, or your institution) as your identity is usually cached by the provider and will automatically be used for login without being prompted.

  • Log back in with the intended identity by clicking the "Login" button in the upper right corner of the navigation bar, or click login here.

  • Once you are logged in with the intended identity, go back to the on-going tab where you want to resume the work (e.g. data submission tab), and click "Continue" to resume identity.

Continue login after session expires

  • To resume your identity after the existing session expires, click the "Login" button in the upper right corner on the navigation bar, or click [login](link to login) here.
    [HT NOTE]: would be good if we can do a snapshot of that login corner

[HT: josh I think I addressed the below text.. If not, please let me know before I delete]

If you are using a shared computer, please ensure you have also logged out of any identity providers used during your session.

This can be accomplished by navigating to Globus to logout - Log out.

If another identity provider was used to log into globus, make sure you have also logged out of that provider as well.

@jrchudy jrchudy closed this as completed Apr 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrchudy jrchudy

Labels
bug recordedit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RFSH @jrchudy