Merge pull request #1906 from creative-commoners/pulls/3.0/sudo-401

GuySartorelli · web-flow · commit d9fae0271c23 · 2025-03-03T13:56:21.000+13:00
FIX Handle 401 from server
diff --git a/client/dist/js/bundle.js b/client/dist/js/bundle.js
diff --git a/client/src/components/SudoModePasswordField/SudoModePasswordField.js b/client/src/components/SudoModePasswordField/SudoModePasswordField.js
@@ -53,12 +53,12 @@ function SudoModePasswordField(props) {
     const headers = {
       'X-SecurityID': Config.get('SecurityID'),
     };
-    const responseJson = await fetcher(data, headers);
-    if (responseJson.result) {
-      onSuccess();
-    } else {
-      setResponseMessage(responseJson.message);
-    }
+    fetcher(data, headers)
+      .then(() => onSuccess())
+      .catch(async (err) => {
+        const responseJson = await err.response.json();
+        setResponseMessage(responseJson.message);
+      });
   }
 
   /**
diff --git a/client/src/components/SudoModePasswordField/tests/SudoModePasswordField-test.js b/client/src/components/SudoModePasswordField/tests/SudoModePasswordField-test.js
@@ -16,11 +16,29 @@ window.ss.config = {
 };
 
 let doResolve;
+let doReject;
+
+beforeEach(() => {
+  doResolve = undefined;
+  doReject = undefined;
+});
+
+function createJsonError(message) {
+  return {
+    response: {
+      json: () => ({
+        result: false,
+        message
+      }),
+    },
+  };
+}
 
 jest.mock('lib/Backend', () => ({
   createEndpointFetcher: () => () => (
-    new Promise((resolve) => {
+    new Promise((resolve, reject) => {
       doResolve = resolve;
+      doReject = reject;
     })
   )
 }));
@@ -68,10 +86,7 @@ test('SudoModePasswordField should show a message on failure', async () => {
   passwordField.value = 'password';
   const verifyButton = await screen.findByText('Verify');
   fireEvent.click(verifyButton);
-  doResolve({
-    result: false,
-    message: 'A big failure'
-  });
+  await doReject(createJsonError('A big failure'));
   const message = await screen.findByText('A big failure');
   expect(message).not.toBeNull();
   expect(onSuccess).not.toBeCalled();
diff --git a/code/SudoModeController.php b/code/SudoModeController.php
@@ -79,22 +79,20 @@ public function activate(HTTPRequest $request): HTTPResponse
 
         if (!SecurityToken::inst()->checkRequest($request)) {
             return $this->jsonResponse([
-                'result' => false,
                 'message' => _t(__CLASS__ . '.TIMEOUT', 'Session timed out, please refresh and try again.'),
             ], 403);
         }
 
         // Validate password
         if (!$this->checkPassword($request)) {
             return $this->jsonResponse([
-                'result' => false,
                 'message' => _t(__CLASS__ . '.INVALID', 'Incorrect password'),
             ], 401);
         }
 
         // Activate sudo mode and return successful result
         $this->getSudoModeService()->activate($request->getSession());
-        return $this->jsonResponse(['result' => true]);
+        return $this->jsonResponse([]);
     }
 
     /**
diff --git a/tests/behat/features/form-sudo-mode.feature b/tests/behat/features/form-sudo-mode.feature
@@ -19,7 +19,7 @@ Feature: Form sudo mode
     # CMS profile
     When I go to "/admin/myprofile"
     Then I should see "Verify to continue"
-    And I should see a "#action_save[readonly]" element
+    And I should see a "#Form_EditForm_action_save[readonly]" element
 
     # Security admin - members
     When I go to "/admin/security"
@@ -65,7 +65,7 @@ Feature: Form sudo mode
     And I fill in "SudoModePassword" with "incorrect-password"
     And I click on the ".sudo-mode-password-field__verify-button" element
     Then I should see "Incorrect password"
-    And I should see a "#action_save[readonly]" element
+    And I should see a "#Form_EditForm_action_save[readonly]" element
 
   Scenario: Sensitive data can be edited after activating sudo mode
 
@@ -75,7 +75,7 @@ Feature: Form sudo mode
     And I fill in "SudoModePassword" with "Secret!123"
     And I click on the ".sudo-mode-password-field__verify-button" element
     And I wait for 2 seconds
-    Then I should not see a "#action_save[readonly]" element
+    Then I should not see a "#Form_EditForm_action_save[readonly]" element
 
     # Security admin - members
     When I go to "/admin/security"
diff --git a/tests/php/SudoModeControllerTest.php b/tests/php/SudoModeControllerTest.php
@@ -90,7 +90,6 @@ public function testActivateFailsWithIncorrectPassword()
 
         $this->assertSame(401, $response->getStatusCode());
         $result = json_decode((string) $response->getBody(), true);
-        $this->assertFalse($result['result'], 'Should have failed with incorrect password');
         $this->assertEquals('Incorrect password', $result['message']);
     }
 
@@ -103,7 +102,6 @@ public function testActivateSudoModeWithValidCredentials()
 
         $this->assertSame(200, $activateResponse->getStatusCode());
         $result = json_decode((string) $activateResponse->getBody(), true);
-        $this->assertTrue($result['result'], 'Should have activated sudo mode');
 
         $checkResponse = $this->get(SudoModeController::singleton()->Link('check'));
         $this->assertSame(200, $checkResponse->getStatusCode());
@@ -128,7 +126,6 @@ public function testActivateChecksCSRFToken()
 
         $this->assertSame(403, $activateResponse->getStatusCode());
         $result = json_decode((string) $activateResponse->getBody(), true);
-        $this->assertFalse($result['result'], 'Should have failed on CSRF token validation');
         $this->assertSame($result['message'], 'Session timed out, please refresh and try again.');
     }
 
