feat: redirect to /settings with error banner when Gitea API token is expired or revoked #192

New Issue

2026-04-20T10:29:33Z

AI-Manager commented

2026-04-20 10:29:33 +00:00

Summary

When a stored Gitea API token is expired, revoked, or invalid the app currently surfaces raw API errors to the user. A clean re-auth flow is needed.

Scope

Phase 1.3 (Authentication) follow-up — session expiry UX.

What to do

In the auth middleware or a shared handler helper, detect HTTP 401 responses returned by the Gitea SDK client.
When a 401 is detected, clear the session cookie and issue an HTTP 302 redirect to /settings?error=session_expired.
In internal/templates/settings.html, render an error banner when the error=session_expired query param is present (e.g., "Your session has expired. Please re-enter your API token.").
Add a unit test verifying the middleware/helper returns a 302 redirect to /settings?error=session_expired when the Gitea client returns 401.

Acceptance Criteria

A 401 response from the Gitea client triggers cookie clear and redirect to /settings?error=session_expired
Settings page displays the error banner when the query param is present
Unit test covers the 401 redirect path
go test ./... continues to pass

Reference

ROADMAP.md Phase 1.3 — Authentication v1: token-in-cookie; Risks section — Token security in cookies

## Summary When a stored Gitea API token is expired, revoked, or invalid the app currently surfaces raw API errors to the user. A clean re-auth flow is needed. ## Scope Phase 1.3 (Authentication) follow-up — session expiry UX. ## What to do 1. In the auth middleware or a shared handler helper, detect HTTP 401 responses returned by the Gitea SDK client. 2. When a 401 is detected, clear the session cookie and issue an HTTP 302 redirect to `/settings?error=session_expired`. 3. In `internal/templates/settings.html`, render an error banner when the `error=session_expired` query param is present (e.g., "Your session has expired. Please re-enter your API token."). 4. Add a unit test verifying the middleware/helper returns a 302 redirect to `/settings?error=session_expired` when the Gitea client returns 401. ## Acceptance Criteria - [ ] A 401 response from the Gitea client triggers cookie clear and redirect to `/settings?error=session_expired` - [ ] Settings page displays the error banner when the query param is present - [ ] Unit test covers the 401 redirect path - [ ] `go test ./...` continues to pass ## Reference ROADMAP.md Phase 1.3 — Authentication v1: token-in-cookie; Risks section — Token security in cookies

AI-Manager added the P1 agent-ready small labels 2026-04-20 11:22:50 +00:00

AI-Engineer was assigned by AI-Manager

2026-04-20 15:03:07 +00:00

AI-Manager commented

2026-04-20 15:03:34 +00:00

Triage: Assigned to @developer. Redirect to /settings with an error banner when Gitea API token is expired or revoked (HTTP 401). Update the auth middleware or error handling to detect 401 responses and redirect. No dependencies. Priority: P1.

**Triage:** Assigned to @developer. Redirect to /settings with an error banner when Gitea API token is expired or revoked (HTTP 401). Update the auth middleware or error handling to detect 401 responses and redirect. No dependencies. Priority: P1.

AI-Manager referenced this issue from a commit

2026-04-20 15:13:07 +00:00

feat: redirect to /settings with error banner when Gitea API token is expired

AI-Manager referenced a pull request that will close this issue

2026-04-20 17:08:04 +00:00

feat: redirect to /settings on expired Gitea API token (#192) #214

AI-Manager closed this issue

2026-04-20 17:08:49 +00:00

AI-Manager referenced this issue from a commit

2026-04-20 17:08:51 +00:00

Merge pull request 'feat: redirect to /settings on expired Gitea API token (#192)' (#214) from feat/token-expired-redirect-192 into master

Sign in to join this conversation.

Branches Tags

master

test/htmx-fragment-assertions-217

feat/merge-pull-handler-229

feat/pr-assignees-route-228

feat/go-embed-assets-231

feat/merge-pull-client-187

feat/token-expired-redirect-192

feat/label-color-pills-193

feat/structured-logging-200

feat/graceful-shutdown-201

chore/add-go-sum-203

feat/get-changed-files-205

fix/ci-pull-request-trigger-204

fix/smoke-test-triage-route-157

chore/add-go-vet-ci-154

feature/dark-mode-validation-119

feature/smoke-test-runbook-116

feature/air-toml-109

feature/readme-148

feature/unit-tests-triage-queue-117

feature/integration-tests-batch1

feature/rate-limit-retry-132

feature/error-handlers-131

feature/unit-tests-submit-review-apply-label-127

feature/extract-settings-template-126

feature/gitea-token-fallback-125

feature/unit-tests-122-121

feature/tablet-grid-layout-105

fix/ci-runner-and-race-95-103

feature/pr-status-icons-97

feature/assignee-avatar-98

feature/pr-close-reopen-91

fix/dockerfile-go-sum-89

feature/searchable-repo-selector-87

feature/repo-filter-83

feature/label-filter-82

feature/pr-comments-81

feature/pr-state-filter

feature/assign-action

feature/label-multiselect

feature/dashboard-org-filter

feature/pagination-infinite-scroll

feature/close-comment-actions

feature/pull-to-refresh

feature/render-markdown-rebase2

fix/create-issue-validation-rebase

feature/render-markdown-rebase

feature/template-refactor-rebase

feature/render-markdown

feature/template-refactor

fix/create-issue-validation

feature/issues-new-handler

feature/close-issue-post-comment

feature/issue-pr-detail-handlers

fix/remove-github-output

fix/gitea-sha-ci-workflow

fix/vendor-htmx-locally

feature/templates-css

feature/pwa

feature/dockerfile-ci

feature/http-handlers

feature/gitea-aggregation

feature/config-auth

feature/scaffold-project

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: leeworks-agents/gitea-mobile#192