Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Pension Burials] Handle 403 errors #35027

Merged
merged 5 commits into from
Mar 7, 2025
Merged

[Pension Burials] Handle 403 errors #35027

merged 5 commits into from
Mar 7, 2025

Conversation

TaiWilkin
Copy link
Contributor

@TaiWilkin TaiWilkin commented Mar 4, 2025
edited
Loading

Are you removing, renaming or moving a folder in this PR?

  • No, I'm not changing any folders (skip to TeamSites and delete the rest of this section)
  • Yes, I'm removing, renaming or moving a folder

⚠️ TeamSites ⚠️

Examples of a TeamSite: https://va.gov/health and https://benefits.va.gov/benefits/. This scenario is also referred to as the "injected" header and footer. You can reach out in the #sitewide-public-websites Slack channel for questions.

Did you change site-wide styles, platform utilities or other infrastructure?

Summary

  • In some cases, users can be blocked from submitting their form by an expired or invalid CSRF token. Users can only correct this error by refreshing their page, which can cause them to lose entered data.
  • This PR adds handling to attempt to refresh the CSRF token at the beginning of requests if it isn't found. If the CSRF token is found but the request fails due to CSRF token issues, we try to refresh to CSRF token, then retry the request once.

Related issue(s)

Testing done

Mimic the CSRF error

  • In the application local storage, replace csrfToken with one that's expired (I can provide one if needed)

Mimic a non-CSRF error

  • throw an error in the Burials/Pensions claims controller

Test various scenarios for Pensions and Burials

  • Submission should succeed if CSRF token is not invalid
  • Submission should succeed if CSRF token is invalid starting on earlier page of form
  • Submission retry should succeed if CSRF token is invalid starting on review page
  • Submission should fail with UI message if a non-CSRF error occurs on first attempt
  • Submission retry should fail with UI message if a non-CSRF error occurs on retry attempt

What areas of the site does it impact?

Pensions and Burials

Acceptance criteria

Quality Assurance & Testing

  • I fixed|updated|added unit tests and integration tests for each feature (if applicable).
  • No sensitive information (i.e. PII/credentials/internal URLs/etc.) is captured in logging, hardcoded, or specs
  • Linting warnings have been addressed
  • Documentation has been updated (link to documentation *if necessary)
  • Screenshot of the developed feature is added
  • Accessibility testing has been performed

Error Handling

  • Browser console contains no warnings or errors.
  • Events are being sent to the appropriate logging solution
  • Feature/bug has a monitor built into Datadog or Grafana (if applicable)

Authentication

  • Did you login to a local build and verify all authenticated routes work as expected with a test user

@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 4, 2025 16:41 Inactive
@TaiWilkin TaiWilkin added pension-benefits Label used for Pull Requests/Issues that impact Pension Claims claims (CH36, 25-8832) burial-benefits Label used for Pull Requests that impact Burial claims (530) labels Mar 4, 2025
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 4, 2025 17:15 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 4, 2025 17:51 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 5, 2025 14:07 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 6, 2025 15:03 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 6, 2025 15:17 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 6, 2025 15:46 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 6, 2025 16:14 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to master/pbp/handle-403/main March 6, 2025 16:23 Inactive
@mjknight50 mjknight50 marked this pull request as ready for review March 7, 2025 14:55
@mjknight50 mjknight50 requested review from a team as code owners March 7, 2025 14:55
mjknight50
mjknight50 previously approved these changes Mar 7, 2025
View reviewed changes
Copy link
Contributor

@mjknight50 mjknight50 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GTG

@TaiWilkin
Copy link
Contributor Author

@mjknight50 Sorry, can you re-approve? I had to handle a merge conflict

mjknight50
mjknight50 approved these changes Mar 7, 2025
View reviewed changes
Copy link
Contributor

@mjknight50 mjknight50 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GTG

@TaiWilkin TaiWilkin merged commit 696d470 into main Mar 7, 2025
80 checks passed
@TaiWilkin TaiWilkin deleted the pbp/handle-403 branch March 7, 2025 16:01
@mjknight50 mjknight50 mentioned this pull request Mar 7, 2025
Open
6 tasks
bellepx0 pushed a commit that referenced this pull request Mar 14, 2025
@TaiWilkin
[Pension Burials] Handle 403 errors (#35027)
5659ff4 
* Handle 403s in Burials

* Handle 403s in Pensions

* Retry Pensions submission on 403

* Retry Burials 403 error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjknight50 mjknight50 mjknight50 approved these changes

Assignees
No one assigned
Labels
burial-benefits Label used for Pull Requests that impact Burial claims (530) pension-benefits Label used for Pull Requests/Issues that impact Pension Claims claims (CH36, 25-8832)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TaiWilkin @mjknight50 @va-vfs-bot