From 9596ac2a20a3235f4a3bddfac1d43368dfdc1a4e Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Tue, 22 Jan 2019 15:34:23 -0500
Subject: [PATCH] (js) Improve CAS handling

Fixes #4468
---
 NEWS                                          |  1 +
 UI/WebServerResources/js/Common/Common.app.js | 30 ++++++++++++-------
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/NEWS b/NEWS
index c448d9879..65a52a38b 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ Bug fixes
  - [web] fixed all-day event dates with different timezone
  - [web] fixed display of Bcc header (#4642)
  - [web] fixed refresh of drafts folder when saving a draft
+ - [web] fixed CAS session timeout handling during XHR requests (#4468)
  - [core] ignore transparent events in time conflict validation (#4539)
  - [core] fixed yearly recurrence calculator when starting from previous year
 
diff --git a/UI/WebServerResources/js/Common/Common.app.js b/UI/WebServerResources/js/Common/Common.app.js
index 30a74b23b..62f62fc9b 100644
--- a/UI/WebServerResources/js/Common/Common.app.js
+++ b/UI/WebServerResources/js/Common/Common.app.js
@@ -310,18 +310,26 @@
         if (/^application\/json/.test(rejection.config.headers.Accept)) {
           // Handle CAS ticket renewal
           if ($window.usesCASAuthentication && rejection.status == -1) {
-            deferred = $q.defer();
-            iframe = angular.element('<iframe class="ng-hide" src="' + $window.UserFolderURL + 'recover"></iframe>');
-            iframe.on('load', function() {
-              // Once the browser has followed the redirection, send the initial request
-              var $http = $injector.get('$http');
-              $http(rejection.config).then(deferred.resolve, deferred.reject);
-              iframe.remove();
-            });
-            document.body.appendChild(iframe[0]);
-            return deferred.promise;
+            if ($window.attempted) {
+              // Already attempted once -- reload page
+              $window.location.reload(true);
+            }
+            else {
+              deferred = $q.defer();
+              iframe = angular.element('<iframe class="ng-hide" src="' + $window.UserFolderURL + 'recover"></iframe>');
+              iframe.on('load', function() {
+                // Once the browser has followed the redirection, send the initial request
+                var $http = $injector.get('$http');
+                $http(rejection.config).then(deferred.resolve, deferred.reject);
+                iframe.remove();
+                $window.attempted = true;
+              });
+              document.body.appendChild(iframe[0]);
+              return deferred.promise;
+            }
           }
-          else if ($window.usesSAML2Authentication && rejection.status == 401) {
+          else if ($window.usesSAML2Authentication && rejection.status == 401 && !$window.attempted) {
+            $window.attempted = true;
             $window.location.reload(true);
           }
           else {