fix(tradein/auth): honest 401/error screens in RouteGuard instead of misleading text #2516

Merged
lekss361 merged 1 commit from fix/tradein-routeguard-401-screen into main 2026-07-13 20:19:13 +00:00
Collaborator

Summary

  • RouteGuard's 401 (unauthenticated /me) handling already showed a "Session expired" screen (from earlier PR #896/#800), but its only action was a "Logout" button (logout()), not a re-auth CTA.
  • Generic non-401/403 errors (500 / network failure) reused variant="user" copy ("account not linked to a role"), which is misleading for a technical failure — user sees the wrong reason and no clear next step.

Changes

  • NoAccessScreen.tsx:
    • session variant CTA button relabeled "Войти снова" (was "Выйти"), action changed to window.location.reload() — reload on top-level navigation re-triggers Caddy's basic_auth challenge when cached creds were rejected.
    • new "error" variant for non-401/403 useMe() failures — honest copy ("Не удалось проверить доступ" / technical-issue subtitle) + "Обновить страницу" reload CTA, replacing the misleading user text.
    • trial (role=expired) and user/path (403 / path-deny) screens unchanged — untouched per spec.
  • RouteGuard.tsx: the catch-all if (error) branch (covers 500s / network errors) now routes to variant="error" instead of variant="user".

Test plan

  • npx tsc --noEmit -p tsconfig.json — clean
  • npm run lint (next lint / eslint) — clean, no warnings in touched files
  • npm run build — production build succeeds, all routes compile
  • Visual smoke on staging/prod: force a 401 from /trade-in/api/v1/me and confirm the "Сессия истекла" screen with "Войти снова" button renders (not blank); force a 500/network failure and confirm the "Не удалось проверить доступ" screen renders with "Обновить страницу"
## Summary - RouteGuard's 401 (unauthenticated `/me`) handling already showed a "Session expired" screen (from earlier PR #896/#800), but its only action was a "Logout" button (`logout()`), not a re-auth CTA. - Generic non-401/403 errors (500 / network failure) reused `variant="user"` copy ("account not linked to a role"), which is misleading for a technical failure — user sees the wrong reason and no clear next step. ## Changes - `NoAccessScreen.tsx`: - session variant CTA button relabeled "Войти снова" (was "Выйти"), action changed to `window.location.reload()` — reload on top-level navigation re-triggers Caddy's basic_auth challenge when cached creds were rejected. - new `"error"` variant for non-401/403 `useMe()` failures — honest copy ("Не удалось проверить доступ" / technical-issue subtitle) + "Обновить страницу" reload CTA, replacing the misleading `user` text. - `trial` (role=expired) and `user`/`path` (403 / path-deny) screens unchanged — untouched per spec. - `RouteGuard.tsx`: the catch-all `if (error)` branch (covers 500s / network errors) now routes to `variant="error"` instead of `variant="user"`. ## Test plan - [x] `npx tsc --noEmit -p tsconfig.json` — clean - [x] `npm run lint` (next lint / eslint) — clean, no warnings in touched files - [x] `npm run build` — production build succeeds, all routes compile - [ ] Visual smoke on staging/prod: force a 401 from `/trade-in/api/v1/me` and confirm the "Сессия истекла" screen with "Войти снова" button renders (not blank); force a 500/network failure and confirm the "Не удалось проверить доступ" screen renders with "Обновить страницу"
bot-frontend added 1 commit 2026-07-13 19:49:50 +00:00
fix(tradein/auth): honest 401/error screens in RouteGuard instead of misleading text
All checks were successful
CI / frontend-tests (pull_request) Has been skipped
CI / openapi-codegen-check (pull_request) Has been skipped
CI / changes (pull_request) Successful in 7s
CI Trade-In / changes (pull_request) Successful in 7s
CI Trade-In / backend-tests (pull_request) Has been skipped
CI / backend-tests (pull_request) Has been skipped
CI Trade-In / frontend-checks (pull_request) Successful in 1m1s
b176b1bc44
Session-expired (401) screen already existed but its CTA button was
mislabeled "Выйти" (logout) and called logout() with no reload alternative;
generic non-401/403 errors (500 / network fail) reused variant="user"
whose copy ("аккаунт не привязан к роли") is wrong for a technical failure.

- NoAccessScreen: session variant now shows "Войти снова" button that does
  window.location.reload() (basic_auth top-level nav reload re-triggers the
  browser's auth challenge on rejected creds) instead of full logout.
- New "error" variant for non-401/403 useMe() failures — honest copy +
  "Обновить страницу" reload CTA, replacing the misleading "user" text.
- RouteGuard: generic catch-all error branch now routes to variant="error".
- trial (role=expired) and 403 (variant="user") screens unchanged.
lekss361 merged commit 2c5b30f8c9 into main 2026-07-13 20:19:13 +00:00
lekss361 deleted branch fix/tradein-routeguard-401-screen 2026-07-13 20:19:13 +00:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lekss361/gendesign#2516
No description provided.