FEATURE: Reload page to go to login when user session expires; drop obsolete dev-deps#50
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reload the page when the backend session expires
Why
When a Neos backend session times out, the core UI pops up a client-side ReloginDialog that lets the user re-authenticate in place. That dialog can't complete a 2FA challenge — accounts with a second factor get stuck, unable to finish the relogin from inside the editor.
This PR replaces that flow for our users: instead of the in-place dialog, the page reloads and hands off to the server-side login flow, which does know how to handle 2FA.
How
A small Neos UI plugin registers a single redux-saga:
The plugin lives in Resources/Private/Neos.Ui/ (TypeScript, bundled with esbuild) and is wired into the Neos UI via Configuration/Settings.yaml. The esbuild config aliases shared deps (notably redux-saga) to the host runtime via extensibilityMap — bundling a private copy would give redux-saga different effect Symbols, so the host middleware would never recognize our take() and the saga would silently never fire.
Build setup
New frontend toolchain under Resources/Private/Neos.Ui/:
Tests
E2E scenario in login.feature covering the full path: log in → destroy the session server-side (flow:session:destroyAll) → trigger an authenticated UI backend request → assert the page lands back on the login screen. The request is issued through the core's own fetchWithErrorHandling to faithfully reproduce what the UI does on any backend interaction.
Cleanup
Dropped the obsolete sandstorm/neos-init-e2e-tests-plugin dev-dependency and its allow-plugins entry from composer.json.