Skip to content

Feature/ccp 5048 fix email submission link#1920

Merged
usingtechnology merged 5 commits into
bcgov:mainfrom
bhuvan-aot:feature/CCP-5048-fix-email-submission-link
Jul 6, 2026
Merged

Feature/ccp 5048 fix email submission link#1920
usingtechnology merged 5 commits into
bcgov:mainfrom
bhuvan-aot:feature/CCP-5048-fix-email-submission-link

Conversation

@bhuvan-aot

@bhuvan-aot bhuvan-aot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Description

ccp-5048
When an unauthenticated user clicks the "View this submission" link from a submission confirmation email, the app navigates to /form/view?s=.

What was broken:
The FormView route's beforeEnter guard calls getSubmissionStatuses() to check permissions. For unauthenticated users, this returns a 401. The guard was treating 401 the same as 404 — redirecting to the NotFound page. So users saw a 404 instead of being asked to log in.

The fix (router.js):
Split the 401 and 404 handling:

  • 401 → call next() with no redirect. Since FormView has requiresAuth: true, the global guard calls authStore.login(), which redirects the user to the Keycloak login page. After login, they land back on the submission view.
  • 404 → still redirects to NotFound (submission genuinely doesn't exist).

Type of Change

Checklist

  • I have read the CONTRIBUTING doc
  • I have checked that unit tests pass locally with my changes
  • I have run the npm script lint on the frontend and backend
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • I have approval from the product owner for the contribution in this pull request

Further comments

@bhuvan-aot bhuvan-aot added bug Something isn't working Do not merge labels Jun 28, 2026
@github-actions

This comment has been minimized.

@bhuvan-aot bhuvan-aot marked this pull request as ready for review July 6, 2026 18:43
Copilot AI review requested due to automatic review settings July 6, 2026 18:43

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes unauthenticated access to the “View this submission” email link (/form/view?s=<submissionId>) so that a 401 from the permission-check call no longer redirects users to NotFound, enabling the intended login/auth flow instead.

Changes:

  • Updated the FormView route beforeEnter guard to treat 401 (unauthenticated) differently from 404 (missing submission).
  • Preserved NotFound redirect behavior for genuine 404 cases while allowing 401 cases to proceed.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread app/frontend/src/router.js Outdated
) {
// Expected errors: redirect to NotFound
if (err.response?.status === 401) {
// Not authenticated — let the global auth guard redirect to login
Comment thread app/frontend/src/router.js
@sonarqubecloud

sonarqubecloud Bot commented Jul 6, 2026

Copy link
Copy Markdown

@usingtechnology usingtechnology left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@usingtechnology usingtechnology merged commit b1d6e77 into bcgov:main Jul 6, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants