fix(web-runtime): keep session on transient network errors during context init#13941
fix(web-runtime): keep session on transient network errors during context init#13941dj4oC wants to merge 1 commit into
Conversation
…text init On page reload the authenticated context is re-established by fetching user data over HTTP. Previously any error thrown from updateContext() - including transient connectivity failures (ERR_NETWORK, request timeouts, fetch TypeErrors) - was treated like an expired/invalid token, forcing a logout and redirect to the access-denied page. This adds an isNetworkError() classifier so connectivity failures preserve the existing session, while genuine auth rejections (carrying an HTTP response such as 401) still trigger the existing logout flow. Applies to both the page-reload token-restore path and the addUserLoaded handler. Closes: #12980 Signed-off-by: dj4oC <noreply@github.com>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
|
The failing This diff only changes error handling inside a No code change needed here; the e2e job should pass on a re-run once the group sync provisions in time. 🤖 Automated by Claude Code Generated by Claude Code |
|
web repo is dead - target your prs towards owncloud/ocis |
The web frontend (now maintained in this monorepo under web/) re-establishes the authenticated context on page reload by calling updateContext(), which fetches user data over HTTP. Previously any error thrown there - including transient connectivity failures (ERR_NETWORK, timeouts, fetch TypeErrors) - was treated like an expired or invalid token, forcing a logout and redirect to the access-denied page. This adds an isNetworkError() classifier so connectivity failures preserve the existing session, while genuine auth rejections (carrying an HTTP response such as 401) still trigger the existing logout flow. Applies to the page-reload token-restore path and the addUserLoaded handler. Ports the fix for owncloud/web#12980 (originally owncloud/web#13941; owncloud/web is deprecated and development moved into this repo). Signed-off-by: dj4oC <noreply@github.com>



Description
On page reload the authenticated context is re-established in
AuthService.initializeContext()by callinguserManager.updateContext(), which fetches user data over HTTP (graph.users.getMe(), capabilities, roles). Both the page-reload token-restore path and theaddUserLoadedevent handler wrapped that call in a blanketcatchthat treated any thrown error identically to a genuine authentication rejection: it calledhandleAuthError()→removeUser('authError')→ redirect toaccessDenied.Root cause: the
catchblocks did not distinguish a transient network/connectivity failure (e.g. a fast page refresh cancelling in-flight requests, a short offline period, a timeout) from a real auth rejection (401 / invalid or expired token). A temporary connectivity blip therefore forced a full logout and showed the "trouble connecting to the login service" page.Fix: a small
isNetworkError()classifier is introduced. Connectivity failures (axiosERR_NETWORK/ECONNABORTEDwith no HTTPresponse, or a fetchTypeErrorsuch as Safari's "Load failed") now preserve the existing session and let the regular auth flow recover on the next navigation / token refresh. Errors that carry an HTTPresponse(e.g.401) still go through the unchangedhandleAuthError()logout flow. The change is applied to the twocatchblocks named in the issue analysis (reload path +addUserLoaded).Related Issue
Motivation and Context
Users were being logged out on transient connectivity issues and bounced to the access-denied page, losing their active session — reported as a real, reproducible problem (e.g. quick reloads in Safari). Only genuine auth rejections should end the session.
How Has This Been Tested?
vue-tsc --noEmittype check + ESLint/Prettier, run locally in this branch.packages/web-runtime/tests/unit/services/auth/authService.spec.ts— 26/26 passing. New coverage:isNetworkErrortable test across all branches (axiosERR_NETWORK/ECONNABORTED, fetchTypeErrorvariants, an error carrying an HTTP response, anERR_NETWORKthat nonetheless carries a response, an unrelatedTypeError, unknown code,null, string).handleAuthErrornot called;401→handleAuthErrorcalled.addUserLoadedhandler: network error preserves the session;401triggers logout.pnpm check:types→ passes.eslint+prettier --checkon the changed files → clean.catchbranches are exercised by the added tests (well above the 85% target). Not run: Playwright e2e (needs a full running oCIS stack, not available in this environment).Screenshots (if appropriate):
n/a — no UI change.
Open tasks:
Notes for reviewers
handleAuthErrorbehaviour, so unknown/real errors are no worse off than today.owncloud/web's README notes development is moving intoowncloud/ocis. This fix is filed here because the issue and the affected code live here; a maintainer may want to port it toocisas well.changelog/unreleased/bugfix-preserve-session-on-network-error). No admin/end-user docs change (behaviour is strictly less disruptive than before). REUSE per-file headers are not used on TS sources in this repo, so none were added. No OTel tooling in this package.🤖 Automated by Claude Code
Generated by Claude Code