4574 add session check redirection

[anagradova]

Link to issue #4574

This feature/fix is designed to solve a usability issue that certain users were experiencing as referenced in this ticket

To test this feature, the user should begin an audit submission and continue to the upload SAC step. Wait for the session to expire with your current login and then attempt to upload the file.

Upon submission, with an expired session, the user should be presented with this screen allowing them to log back in or proceed to the home page.

If the user goes back through the login cycle, the callback URL from login.gov should place them back on the upload submission step where their session expired.

I have created two modals, one for session expiration (session-expired-modal) and one for session timeout warning (session-warning-modal). Each modal has a javascript snippet with it to trigger the modal due to the USWDS framework design requiring a or tag attribute and action to trigger the modal. The javascript snippet creates and simulates a click on an tag for the modal. Due to the nature of how we manage sessions and interaction, the warning modal should never trigger, but I have left the code in place in the nav_primary.html template should we wish to use it in the future.

The session expiration flag is set in mixin.py during the auth check, but could be triggered by anything that can pass the trigger to the template context.

NOTE: A quick way to trigger this for testing is to login, reach the upload step, open a new browser window from the site, logout, and then attempt to upload the file. This should trigger the modal.

PR Checklist: Reviewer

• Pull the branch to your local environment and run make docker-clean; make docker-first-run && docker compose up; then run docker compose exec web /bin/bash -c "python manage.py test"
• Manually test out the changes locally, or check this box to verify that it wasn’t applicable in this case.
• Check that the PR has appropriate tests. Look out for changes in HTML/JS/JSON Schema logic that may need to be captured in Python tests even though the logic isn’t in Python.
• Verify that no Git surgery is necessary at any point (such as during a merge party), or, if it was, repeat the testing after it’s finished.

Pre Merge Checklist: Merger

• Ensure that prior to approving, the terraform plan is what we expect it to be. -/+ resource "null_resource" "cors_header" should be destroying and recreating its self and ~ resource "cloudfoundry_app" "clamav_api" might be updating its sha256 for the fac-file-scanner and fac-av-${ENV} by default.
• Ensure that the branch is up to date with main.
• Ensure that a terraform plan has been recently generated for the pull request.

[github-actions]

Terraform plan for meta

No changes. Your infrastructure matches the configuration.

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

✅ Plan applied in Deploy to Development and Management Environment #927

[github-actions]

Terraform plan for dev

Plan: 1 to add, 0 to change, 1 to destroy.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.dev.module.cors.null_resource.cors_header must be replaced
-/+ resource "null_resource" "cors_header" {
!~      id       = "*******************" -> (known after apply)
!~      triggers = { # forces replacement
!~          "always_run" = "2025-01-24T17:30:29Z" -> (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

✅ Plan applied in Deploy to Development and Management Environment #927

[gsa-jrothacker]

Looks good to me, all my comments were random thoughts I had while reviewing and no changes requested. Thanks!

[gsa-jrothacker]

Thank you.

[gsa-jrothacker]

I think this is going to be a much better experience, the user will now see a nice page instead of the 403. Great work.

[gsa-jrothacker]

I was worried we didn't have any remaining tests for PermissionDenied... but then realized I forgot to expand the diff. Again, I think giving more specific exceptions between a Permissions problem and a Session Expired is going be nice.

[gsa-jrothacker]

I didn't see this used anywhere else (I did a cmd+f to verify).

[anagradova]

Removed.

[github-actions]

Package	Line Rate	Branch Rate	Health
.	100%	100%	✔
api	98%	90%	✔
audit	97%	87%	✔
audit.cross_validation	98%	88%	✔
audit.fixtures	84%	50%	❌
audit.intakelib	91%	81%	✔
audit.intakelib.checks	92%	85%	✔
audit.intakelib.common	98%	82%	✔
audit.intakelib.transforms	100%	95%	✔
audit.management.commands	78%	17%	❌
audit.migrations	100%	100%	✔
audit.models	94%	76%	✔
audit.templatetags	100%	100%	✔
audit.views	70%	53%	❌
census_historical_migration	96%	65%	✔
census_historical_migration.migrations	100%	100%	✔
census_historical_migration.sac_general_lib	92%	84%	✔
census_historical_migration.transforms	95%	90%	✔
census_historical_migration.workbooklib	68%	69%	❌
config	77%	37%	❌
curation	100%	100%	✔
curation.curationlib	93%	100%	✔
curation.migrations	100%	100%	✔
dissemination	91%	70%	✔
dissemination.migrations	97%	25%	✔
dissemination.searchlib	76%	66%	❌
dissemination.templatetags	100%	100%	✔
djangooidc	53%	38%	❌
djangooidc.tests	100%	94%	✔
report_submission	93%	88%	✔
report_submission.migrations	100%	100%	✔
report_submission.templatetags	74%	100%	❌
support	91%	66%	✔
support.migrations	100%	100%	✔
support.models	96%	50%	✔
tools	98%	50%	✔
users	95%	92%	✔
users.fixtures	100%	83%	✔
users.management	100%	100%	✔
users.management.commands	100%	100%	✔
users.migrations	100%	100%	✔
Summary	91% (18176 / 19965)	77% (2250 / 2936)	✔

Minimum allowed line rate is 85%