Don't show code giveaways for people who are not logged in (#1311)

rage · Sep 9, 2024 · 784da78 · 784da78
1 parent c7da267
commit 784da78
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/services/course-material/src/components/ContentRenderer/moocfi/CodeGiveAway/index.tsx b/services/course-material/src/components/ContentRenderer/moocfi/CodeGiveAway/index.tsx
@@ -1,5 +1,6 @@
 import styled from "@emotion/styled"
 import { useQuery } from "@tanstack/react-query"
+import { useContext } from "react"
 import { useTranslation } from "react-i18next"
 
 import { BlockRendererProps } from "../.."
@@ -9,6 +10,7 @@ import ClaimCode from "./ClaimCode"
 
 import { getCodeGiveawayStatus } from "@/services/backend"
 import ErrorBanner from "@/shared-module/common/components/ErrorBanner"
+import LoginStateContext from "@/shared-module/common/contexts/LoginStateContext"
 import { assertNotNullOrUndefined } from "@/shared-module/common/utils/nullability"
 
 interface CodeGiveawayBlockProps {
@@ -25,20 +27,21 @@ const CodeGiveawayBlock: React.FC<
   React.PropsWithChildren<BlockRendererProps<CodeGiveawayBlockProps>>
 > = (props) => {
   const { t } = useTranslation()
+  const loginContext = useContext(LoginStateContext)
 
   const codeGiveawayId = props.data.attributes.code_giveaway_id
 
   const codeGiveawayStatusQuery = useQuery({
     queryKey: ["fetchCodeGiveawayStatus", codeGiveawayId],
     queryFn: () => getCodeGiveawayStatus(assertNotNullOrUndefined(codeGiveawayId)),
-    enabled: !!codeGiveawayId,
+    enabled: Boolean(!!codeGiveawayId && loginContext.signedIn),
   })
 
   if (!codeGiveawayId) {
     return <ErrorBanner variant="readOnly" error={t("error-no-code-giveaway-id")} />
   }
 
-  if (codeGiveawayStatusQuery.isLoading) {
+  if (!loginContext.signedIn || codeGiveawayStatusQuery.isLoading) {
     return null
   }
 

diff --git a/services/headless-lms/server/src/domain/authorization.rs b/services/headless-lms/server/src/domain/authorization.rs
@@ -73,15 +73,15 @@ impl FromRequest for AuthUser {
                 Ok(Some(user)) => Ok(verify_auth_user_exists(user, pool, &session).await?),
                 Ok(None) => Err(ControllerError::new(
                     ControllerErrorType::Unauthorized,
-                    "Unauthorized.".to_string(),
+                    "Unauthorized. You're not logged in.".to_string(),
                     None,
                 )),
                 Err(_) => {
                     // session had an invalid value
                     session.remove(SESSION_KEY);
                     Err(ControllerError::new(
                         ControllerErrorType::Unauthorized,
-                        "Unauthorized.".to_string(),
+                        "Unauthorized. You're not logged in.".to_string(),
                         // Don't want to leak too many details from the error to the user
                         None,
                     ))