Fix #5678 "Improve handling of expired session on the client"

- server sends 440
- client detects 440 and shows dialog

Author: ebruchez

common/shared/src/main/scala/org/orbeon/oxf/http/HttpStatusCodeException.scala

@@ -36,6 +36,6 @@ case class HttpRedirectException(
 }
 
 case class SessionExpiredException(message: String) extends HttpStatusCode {
-  val code = StatusCode.Forbidden
+  val code = StatusCode.LoginTimeOut
   override def toString = s"SessionExpiredException(message= $message)"
 }

common/shared/src/main/scala/org/orbeon/oxf/http/definitions.scala

@@ -240,6 +240,7 @@ object StatusCode {
   val Gone                  = 410
   val RequestEntityTooLarge = 413
   val Locked                = 423
+  val LoginTimeOut          = 440 // not standard
   val InternalServerError   = 500
   val ServiceUnavailable    = 503
 

xforms-runtime/jvm/src/main/java/org/orbeon/oxf/xforms/processor/XFormsAssetServer.scala

@@ -154,7 +154,7 @@ class XFormsAssetServer extends ProcessorImpl with Logging {
                   }
                 case None =>
                   info(s"document not found in store while building dynamic form initialization")
-                  response.setStatus(StatusCode.Forbidden)
+                  response.setStatus(StatusCode.LoginTimeOut)
               }
             }
         }

xforms-runtime/shared/src/main/scala/org/orbeon/oxf/xforms/event/XFormsServer.scala

@@ -310,7 +310,7 @@ object XFormsServer {
     allEvents option XFormsStateManager.createInitialDocumentFromStore(requestParametersForAll) match {
       case Some(None) =>
         info(s"document not found in store while computing all initialization events")
-        ClientEvents.errorResponse(StatusCode.Forbidden) // status code debatable
+        ClientEvents.errorResponse(StatusCode.LoginTimeOut) // status code debatable
       case initialContainingDocumentOptOpt =>
         withDocument {
           xmlReceiver.startPrefixMapping(XXFORMS_SHORT_PREFIX, XXFORMS_NAMESPACE_URI)

xforms-web/src/main/scala/org/orbeon/xforms/AjaxClient.scala

@@ -113,14 +113,14 @@ object AjaxClient {
   //
   // Public for `UploaderClient`
   def handleFailure(
-    response     : String Either dom.Document,
-    formId       : String,
-    ignoreErrors : Boolean
+    response        : String Either dom.Document,
+    namespacedFormId: String,
+    ignoreErrors    : Boolean
   ): Boolean = {
 
     object LoginRegexpMatcher {
       def unapply(s: String): Boolean = {
-        val loginRegexp = Page.getXFormsFormFromNamespacedIdOrThrow(formId).configuration.loginPageDetectionRegexp
+        val loginRegexp = Page.getXFormsFormFromNamespacedIdOrThrow(namespacedFormId).configuration.loginPageDetectionRegexp
         loginRegexp.exists(re => new js.RegExp(re).test(s))
       }
     }
@@ -138,50 +138,51 @@ object AjaxClient {
         val title = responseXml.getElementsByTagName("title") map (_.textContent) mkString ""
         val body  = responseXml.getElementsByTagName("body")  map (_.textContent) mkString ""
 
-        showError(title, body, formId, ignoreErrors)
+        showError(title, body, namespacedFormId, ignoreErrors)
 
         true
 
       case Left(LoginRegexpMatcher()) =>
-
-         // It seems we got a login page back, so display dialog and reload form
-        val dialogEl = $(s"#$formId .xforms-login-detected-dialog")
-
-        def getUniqueId(prefix: String): String = {
-          var i = 0
-          var r: String = null
-          do {
-            r = prefix + i
-            i += 1
-          } while (dom.document.getElementById(r) ne null)
-          r
-        }
-
-        // Link dialog with title for ARIA
-        val title = dialogEl.find("h4")
-        if (title.attr("id").isEmpty) {
-            val titleId = getUniqueId("xf-aria-dialog-title-")
-            title.attr("id", titleId)
-            dialogEl.attr("aria-labelledby", titleId)
-        }
-
-        dialogEl.find("button").one("click.xf", ((_: JQueryEventObject) => {
-          // Reloading the page will redirect us to the login page if necessary
-          dom.window.location.href = dom.window.location.href
-        }): js.Function1[JQueryEventObject, js.Any])
-        dialogEl.asInstanceOf[js.Dynamic].modal(new js.Object {
-          val backdrop = "static" // Click on the background doesn't hide dialog
-          val keyboard = false    // Can't use esc to close the dialog
-        })
-
+        showLoginDetectedDialog(namespacedFormId)
         true
-
       case _ =>
         // This will cause a retry for event requests (but not uploads)
         false
     }
   }
 
+  def showLoginDetectedDialog(formId: String): Unit = {
+    // It seems we got a login page back, so display dialog and reload form
+      val dialogEl = $(s"#$formId .xforms-login-detected-dialog")
+
+      def getUniqueId(prefix: String): String = {
+        var i = 0
+        var r: String = null
+        do {
+          r = prefix + i
+          i += 1
+        } while (dom.document.getElementById(r) ne null)
+        r
+      }
+
+      // Link dialog with title for ARIA
+      val title = dialogEl.find("h4")
+      if (title.attr("id").isEmpty) {
+          val titleId = getUniqueId("xf-aria-dialog-title-")
+          title.attr("id", titleId)
+          dialogEl.attr("aria-labelledby", titleId)
+      }
+
+      dialogEl.find("button").one("click.xf", ((_: JQueryEventObject) => {
+        // Reloading the page will redirect us to the login page if necessary
+        dom.window.location.href = dom.window.location.href
+      }): js.Function1[JQueryEventObject, js.Any])
+      dialogEl.asInstanceOf[js.Dynamic].modal(new js.Object {
+        val backdrop = "static" // Click on the background doesn't hide dialog
+        val keyboard = false    // Can't use esc to close the dialog
+      })
+  }
+
   // Create a timer which after the specified delay will fire a server event
   // 2020-07-21: Only for upload response
   @JSExport

xforms-web/src/main/scala/org/orbeon/xforms/rpc/RemoteClientServerChannel.scala

@@ -15,10 +15,11 @@ package org.orbeon.xforms.rpc
 
 import cats.data.NonEmptyList
 import cats.syntax.option._
+import org.orbeon.oxf.http.StatusCode.{LoginTimeOut, ServiceUnavailable}
 import org.orbeon.oxf.util.ContentTypes
 import org.orbeon.xforms
 import org.orbeon.xforms.AjaxClient.handleFailure
-import org.orbeon.xforms.{AjaxRequest, Page, Support}
+import org.orbeon.xforms.{AjaxClient, AjaxRequest, Page, Support}
 import org.scalajs.dom
 import org.scalajs.dom.FormData
 import org.scalajs.dom.experimental.AbortController
@@ -92,22 +93,30 @@ object RemoteClientServerChannel extends ClientServerChannel[xforms.Form, dom.Do
               // We ignore HTTP status and just check that we have a well-formed response document
               Page.loadingIndicator().requestEnded(showProgress)
               promise.success(responseXml)
-            case Success((503, _, _)) =>
+            case Success((LoginTimeOut, _, _)) =>
+              // https://github.com/orbeon/orbeon-forms/issues/5678
+              AjaxClient.showLoginDetectedDialog(requestForm.namespacedFormId)
+              Page.loadingIndicator().requestEnded(showProgress)
+              // The `Failure` is ignored by the caller of `sendEvents()`
+              promise.failure(new Throwable) // TODO: It would be good to return another error type.
+            case Success((ServiceUnavailable, _, _)) =>
               // The server returns an explicit 503 when the Ajax server is still busy
               retryRequestAfterDelay(requestForm, () =>
                 asyncAjaxRequestWithRetry(requestForm, requestBody, showProgress, ignoreErrors = ignoreErrors) onComplete
                   promise.complete
               )
             case Success((_, responseText, responseXmlOpt)) =>
               // Retry if we DON'T have an explicit error doc or a login
-              if (! handleFailure(responseXmlOpt.toRight(responseText), requestForm.namespacedFormId, ignoreErrors))
+              if (! handleFailure(responseXmlOpt.toRight(responseText), requestForm.namespacedFormId, ignoreErrors)) {
                 retryRequestAfterDelay(requestForm, () =>
                   asyncAjaxRequestWithRetry(requestForm, requestBody, showProgress, ignoreErrors = ignoreErrors) onComplete
                     promise.complete
                 )
-              else {
+              } else {
                 Page.loadingIndicator().requestEnded(showProgress)
                 // This was handled by showing a dialog or login
+                //   2023-08-21: What does the above comment mean?
+                // The `Failure` is ignored by the caller of `sendEvents()`
                 promise.failure(new Throwable) // TODO: It would be good to return another error type.
               }
             case Failure(_) =>