Conversation
Contributor
|
Click here to review and test in web IDE: |
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
olexii4
changed the title
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #1557 +/- ##
========================================
Coverage 92.51% 92.51%
========================================
Files 561 563 +2
Lines 55867 56164 +297
Branches 4225 4258 +33
========================================
+ Hits 51684 51960 +276
- Misses 4135 4154 +19
- Partials 48 50 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
2 similar comments
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
olexii4
force-pushed
the
CRW-10290
branch
2 times, most recently
from
18f35d2 to
f001621
Compare
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
1 similar comment
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
Contributor
Author
|
/retest |
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
Reads spec.networking.auth.gateway.oAuthProxy.cookieExpireSeconds from the CheCluster CR (che-operator PR #1760, +kubebuilder:default:=86400) as the primary source. Falls back to parsing cookie_expire from the che-gateway-config-oauth-proxy ConfigMap for clusters running older operators where the CR field is absent. Returns -1 when neither source is available so the frontend hook is a no-op. - Add cookieExpireSeconds to CheClusterCustomResource networking type (field name is oAuthProxy per Go JSON tag in che-operator PR #1760) - Add parseDurationToSeconds helper (parses Go time.Duration strings; returns -1 on empty/unmatched input so the hook disables itself) - Add async getSessionTimeout(cheCustomResource) with CR-first + ConfigMap fallback strategy - Wire into the server-config route handler - Add selectSessionTimeout Redux selector; default unloadedState to -1 Fixes: https://issues.redhat.com/browse/CRW-10290 Assisted-by: Claude Sonnet 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Tracks UI idle time via mousemove/keydown/click/touchstart events and shows a warning modal 60 s before the OAuth session cookie expires. Activity events are ignored while the modal is open so the countdown is never accidentally reset by mouse movement. - isModalOpenRef updated synchronously alongside React state to eliminate the render/effect timing race (stale ref race) - onExtend uses try/finally so the idle timer restarts on network failure - No-op when sessionTimeout <= 0 (field absent on older operators) Fixes: https://issues.redhat.com/browse/CRW-10290 Assisted-by: Claude Sonnet 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
PF6 small modal with amber countdown ring (red/pulsing at <= 20 s, suppressed by prefers-reduced-motion), Extend Session and Sign Out Now buttons. Mounted in App.tsx so it appears on every page. - Icon uses var(--pf-t--global--icon--color--status--warning--default) - Closing via X button or backdrop extends the session - Space key listener active only while modal is open Satisfies WCAG 2.2.1 Timing Adjustable (Level A). Fixes: https://issues.redhat.com/browse/CRW-10290 Assisted-by: Claude Sonnet 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1557 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1557", name: che-dashboard}]}}]" |
Contributor
Author
|
@sskoryk we need your review |
Contributor
Author
|
/retest |
SkorikSergey
approved these changes
May 12, 2026
Contributor
SkorikSergey
left a comment
SkorikSergey
left a comment
There was a problem hiding this comment.
Looks good to merge
|
@SkorikSergey: changing LGTM is restricted to collaborators DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: olexii4, SkorikSergey, svor The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
olexii4
added a commit
that referenced
this pull request
May 28, 2026
Three bugs in the session-timeout warning introduced by #1557: 1. selectSessionTimeout selector used ?? 86400 as fallback — if the backend omits sessionTimeout (old operator), the modal activated with a spurious 24 h timeout instead of staying disabled. Changed to ?? -1 so the modal only activates when the backend explicitly provides a positive value. 2. The idle timer reset on UI events (mousemove/click/keydown) but not on authenticated HTTP requests. The OAuth proxy refreshes the session cookie on every request (including background workspace polling), so the JS clock diverged from the real session expiry. Added an Axios response interceptor that resets the idle timer on each successful response, keeping both clocks in sync. 3. Sessions shorter than 90 s leave less than 30 s of usable warning time (WARNING_LEAD_SECONDS = 60). Added a MIN_SESSION_TIMEOUT_SECONDS = 90 guard that suppresses the modal for such short timeouts. Assisted-by: Claude Sonnet 4.5 Signed-off-by: Oleksii Orel <oorel@redhat.com>
artaleks9
pushed a commit
that referenced
this pull request
May 29, 2026
Three bugs in the session-timeout warning introduced by #1557: 1. selectSessionTimeout selector used ?? 86400 as fallback — if the backend omits sessionTimeout (old operator), the modal activated with a spurious 24 h timeout instead of staying disabled. Changed to ?? -1 so the modal only activates when the backend explicitly provides a positive value. 2. The idle timer reset on UI events (mousemove/click/keydown) but not on authenticated HTTP requests. The OAuth proxy refreshes the session cookie on every request (including background workspace polling), so the JS clock diverged from the real session expiry. Added an Axios response interceptor that resets the idle timer on each successful response, keeping both clocks in sync. 3. Sessions shorter than 90 s leave less than 30 s of usable warning time (WARNING_LEAD_SECONDS = 60). Added a MIN_SESSION_TIMEOUT_SECONDS = 90 guard that suppresses the modal for such short timeouts. Assisted-by: Claude Sonnet 4.5 Signed-off-by: Oleksii Orel <oorel@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds a session timeout warning modal to satisfy WCAG 2.2.1 Timing Adjustable (Level A).
When a user sits idle on any Dashboard page, the OAuth proxy session eventually expires without any prior warning, causing an abrupt redirect to the login page and potential loss of unsaved form data.
This PR:
Backend — exposes
sessionTimeout(seconds) through the existing/dashboard/api/server-configendpoint using a two-source strategy:spec.networking.auth.gateway.oAuthProxy.cookieExpireSecondsfrom theCheClusterCR (added in che-operator#1760,+kubebuilder:default:=86400).cookie_expiredirectly from theche-gateway-config-oauth-proxyConfigMap — which always reflects the value the OAuth proxy actually enforces.-1when neither source is available (e.g. local dev without k8s) so the modal is a no-op.Frontend — adds a
useSessionTimeouthook that tracks UI inactivity, and aSessionTimeoutModalcomponent (mounted globally inApp.tsx) that:prefers-reduced-motion)GET /dashboard/api/user/idon extendThe modal is a no-op when
sessionTimeout ≤ 0.Screenshot/screencast of this PR
Normal state (> 20 s remaining) — amber ring:
Urgent state (≤ 20 s remaining) — red pulsing ring:
What issues does this PR fix or reference?
fixes https://issues.redhat.com/browse/CRW-10290
Is it tested? How?
Tested manually on a local CRC cluster (OpenShift + HTPasswd OAuth) and a Minikube cluster (Dex OIDC).
To trigger the modal quickly without waiting the full session duration, patch the
CheClusterCR to shortencookieExpireSecondsto 3 minutes:kubectl patch checluster/eclipse-che -n eclipse-che --type=merge \ -p '{"spec":{"networking":{"auth":{"gateway":{"oAuthProxy":{"cookieExpireSeconds":180}}}}}}'Verify the Dashboard API reflects the change:
Test the modal:
Cmd+Shift+R/Ctrl+Shift+R)Restore when done:
kubectl patch checluster/eclipse-che -n eclipse-che --type=merge \ -p '{"spec":{"networking":{"auth":{"gateway":{"oAuthProxy":{"cookieExpireSeconds":86400}}}}}}'Release Notes
Before the session expires, a warning modal now appears with a countdown timer giving users at least 60 seconds to extend their session or sign out gracefully. Satisfies WCAG 2.2.1 Timing Adjustable (Level A).
Docs PR