fix: Redirect users to login page upon 403 on getSelf #656

[Ahmed-Sami-Abdelaleem]

User description

Description

I checked on the response status if 403 I clear storage, cookies and redirected to /auth path as you said

Fixes #656

Dependencies

N/A

Future Improvements

N/A

Mentions

@rajdip-b

Screenshots of relevant screens

N/A

Developer's checklist

• My PR follows the style guidelines of this project
• I have performed a self-check on my work

If changes are made in the code:

• I have followed the coding guidelines
• My changes in code generate no new warnings
• My changes are breaking another fix/feature of the project
• I have added test cases to show that my feature works
• I have added relevant screenshots in my PR
• There are no UI/UX issues

Documentation Update

• This PR requires an update to the documentation at docs.keyshade.xyz
• I have made the necessary updates to the documentation, or no documentation changes are required.

---

PR Type

Enhancement, Tests

---

Description

• Implemented redirection to /auth on 403 response in APIClient.

• Added logic to clear local storage and cookies on 403.

• Introduced unit tests to validate 403 handling and redirection.

• Mocked API responses for testing various scenarios in APIClient.

---

Changes walkthrough 📝

	Relevant files
Enhancement	client.ts Handle 403 response with redirection and data clearing      packages/api-client/src/core/client.ts Added logic to handle 403 responses by clearing local data. Redirected users to /auth upon receiving a 403 status. Updated the request method to include error handling for 403. +16/-1
Tests	api-client.spec.ts Add tests for 403 handling and redirection                              packages/api-client/tests/api-client.spec.ts Added tests for 403 response handling in APIClient. Mocked API endpoints to simulate 403 and other responses. Verified clearing of local storage, cookies, and redirection. Included tests for successful and error responses. +68/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ✅ 656 - Fully compliant Compliant requirements: Check if API client gets a 403 Forbidden response while fetching getSelf Clear local data (storage and cookies) on 403 response Redirect users to /auth page after clearing data

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Error Handling The error handling could be improved by checking if localStorage and cookies exist before trying to clear them, to prevent potential runtime errors localStorage.clear(); document.cookie.split(";").forEach((cookie) => { const name = cookie.split("=")[0].trim(); document.cookie = `${name}=;expires=Thu, 01 Jan 1970 00:00:00 UTC;path=/`; });

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Possible issue	Add network error handling Add error handling for network failures before checking response status. The current implementation assumes the fetch request will always succeed, which could lead to runtime errors if the network request fails. packages/api-client/src/core/client.ts [5-7] -const response = await fetch(`${this.baseUrl}${url}`, options); +try { + const response = await fetch(`${this.baseUrl}${url}`, options); + if (response.status === 403) { -if (response.status === 403) { - Apply this suggestion Suggestion importance[1-10]: 9 Why: Network failures are common in web applications and not handling them could lead to uncaught exceptions and app crashes. Adding try-catch is crucial for robust error handling.	9
Security	Enhance cookie security handling Implement a more secure cookie clearing mechanism by explicitly handling secure and httpOnly flags. The current implementation might miss some protected cookies. packages/api-client/src/core/client.ts [10-13] document.cookie.split(";").forEach((cookie) => { const name = cookie.split("=")[0].trim(); - document.cookie = `${name}=;expires=Thu, 01 Jan 1970 00:00:00 UTC;path=/`; + document.cookie = `${name}=;expires=Thu, 01 Jan 1970 00:00:00 UTC;path=/;secure;httpOnly`; }); Apply this suggestion Suggestion importance[1-10]: 3 Why: While the suggestion aims to improve security, adding 'secure' and 'httpOnly' flags via JavaScript won't work as these are server-side flags. The current implementation is sufficient for client-side cookie clearing.	3

[rajdip-b]

We can't have this code in here. The call needs to be tapped in the platform app

[rajdip-b]

I'm sorry if the issue description wasn't descriptive enough!