From 881c8e035c57984ab3ddab2b816613f13c1eb539 Mon Sep 17 00:00:00 2001
From: uzairr <uzairr@yahoo.com>
Date: Thu, 28 Feb 2019 17:11:32 +0500
Subject: [PATCH] Improve 403 error handling

Currently, ajax calls in courseware is handling 403 like 401.
In this PR, proper modifications have been done to make it
coherent with its intended behaviour.

LEARNER-7131
---
 lms/djangoapps/courseware/module_render.py            | 2 +-
 lms/djangoapps/courseware/tests/test_module_render.py | 3 +++
 lms/static/js/ajax-error.js                           | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lms/djangoapps/courseware/module_render.py b/lms/djangoapps/courseware/module_render.py
index 83e0e3118b..52f4d51c89 100644
--- a/lms/djangoapps/courseware/module_render.py
+++ b/lms/djangoapps/courseware/module_render.py
@@ -1043,7 +1043,7 @@ def handle_xblock_callback(request, course_id, usage_id, handler, suffix=None):
     # NOTE (CCB): Allow anonymous GET calls (e.g. for transcripts). Modifying this view is simpler than updating
     # the XBlocks to use `handle_xblock_callback_noauth`, which is practically identical to this view.
     if request.method != 'GET' and not (request.user and request.user.is_authenticated):
-        return HttpResponseForbidden()
+        return HttpResponseForbidden('Unauthenticated')
 
     request.user.known = request.user.is_authenticated
 
diff --git a/lms/djangoapps/courseware/tests/test_module_render.py b/lms/djangoapps/courseware/tests/test_module_render.py
index 290ce3db9a..929722ad90 100644
--- a/lms/djangoapps/courseware/tests/test_module_render.py
+++ b/lms/djangoapps/courseware/tests/test_module_render.py
@@ -327,6 +327,9 @@ class ModuleRenderTestCase(SharedModuleStoreTestCase, LoginEnrollmentTestCase):
         """Test that anonymous POST is not allowed."""
         dispatch_url = self._get_dispatch_url()
         response = self.client.post(dispatch_url, {'position': 2})
+
+        # https://openedx.atlassian.net/browse/LEARNER-7131
+        self.assertEquals('Unauthenticated', response.content)
         self.assertEquals(403, response.status_code)
 
     def test_session_authentication(self):
diff --git a/lms/static/js/ajax-error.js b/lms/static/js/ajax-error.js
index edab7732c4..b25164d2b8 100644
--- a/lms/static/js/ajax-error.js
+++ b/lms/static/js/ajax-error.js
@@ -1,5 +1,5 @@
 $(document).ajaxError(function(event, jXHR) {
-    if (jXHR.status === 403) {
+    if (jXHR.status === 403 && jXHR.responseText === 'Unauthenticated') {
         var message = gettext(
             'You have been logged out of your edX account. ' +
             'Click Okay to log in again now. ' +