From 15518f2069e3b1c86016a6566b76cc63662753e2 Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Wed, 11 Sep 2013 12:40:43 +1000
Subject: [PATCH] Completes: U4-2749 Fix auth filters to return 401 when not
 logged in and 403 when the user has no access - adds ngSanitize which is
 required for ng-bind-html so we can add a bit of html to the notification
 msgs (like line breaks) and since devs might do this as well we require
 ngSanitize so that unsafe html cannot be injected.

---
 src/Umbraco.Web.UI.Client/src/app.dev.js      |  2 +-
 src/Umbraco.Web.UI.Client/src/app.js          |  2 +-
 .../src/common/security/interceptor.js        |  8 ++++--
 .../common/services/notifications.service.js  | 28 +++++++++----------
 src/Umbraco.Web.UI.Client/src/loader.js       |  4 ++-
 .../views/directives/umb-notifications.html   |  3 +-
 src/Umbraco.Web/UI/JavaScript/JsInitialize.js |  2 ++
 7 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/app.dev.js b/src/Umbraco.Web.UI.Client/src/app.dev.js
index 5115239ba5..ad56364b7f 100644
--- a/src/Umbraco.Web.UI.Client/src/app.dev.js
+++ b/src/Umbraco.Web.UI.Client/src/app.dev.js
@@ -6,7 +6,7 @@ var app = angular.module('umbraco', [
 	'umbraco.httpbackend',
     'ngCookies',
     'ngMobile',
-    
+    'ngSanitize',
     /*'ui.sortable',*/
     'blueimp.fileupload'
 ]);
diff --git a/src/Umbraco.Web.UI.Client/src/app.js b/src/Umbraco.Web.UI.Client/src/app.js
index 9a84905edc..b31d570129 100644
--- a/src/Umbraco.Web.UI.Client/src/app.js
+++ b/src/Umbraco.Web.UI.Client/src/app.js
@@ -6,7 +6,7 @@ var app = angular.module('umbraco', [
 	'umbraco.packages',
     'ngCookies',
     'ngMobile',
-    
+    'ngSanitize',
     'blueimp.fileupload'
 ]);
 
diff --git a/src/Umbraco.Web.UI.Client/src/common/security/interceptor.js b/src/Umbraco.Web.UI.Client/src/common/security/interceptor.js
index b9fb633310..23ed171730 100644
--- a/src/Umbraco.Web.UI.Client/src/common/security/interceptor.js
+++ b/src/Umbraco.Web.UI.Client/src/common/security/interceptor.js
@@ -1,7 +1,7 @@
 angular.module('umbraco.security.interceptor', ['umbraco.security.retryQueue'])
 
 // This http interceptor listens for authentication failures
-.factory('securityInterceptor', ['$injector', 'securityRetryQueue', function ($injector, queue) {
+.factory('securityInterceptor', ['$injector', 'securityRetryQueue', 'notificationsService', function ($injector, queue, notifications) {
     return function (promise) {
         // Intercept failed requests
         return promise.then(null, function (originalResponse) {
@@ -21,8 +21,10 @@ angular.module('umbraco.security.interceptor', ['umbraco.security.retryQueue'])
                 
                 //http://issues.umbraco.org/issue/U4-2749
                 
-                //For now, I'm just going to do an alert!
-                alert("Unauthorized access to URL \r\n" + originalResponse.config.url + "\r\n with data \r\n" + angular.toJson(originalResponse.config.data));
+                //It was decided to just put these messages into the normal status messages. 
+                notifications.error(
+                    "Authorization error", 
+                    "Unauthorized access to URL: <br/><i>" + originalResponse.config.url + "</i><br/> with data: <br/><i>" + angular.toJson(originalResponse.config.data) + "</i><br/>Contact your administrator for information.");
             }
             return promise;
         });
diff --git a/src/Umbraco.Web.UI.Client/src/common/services/notifications.service.js b/src/Umbraco.Web.UI.Client/src/common/services/notifications.service.js
index d32713994c..0f4457f95b 100644
--- a/src/Umbraco.Web.UI.Client/src/common/services/notifications.service.js
+++ b/src/Umbraco.Web.UI.Client/src/common/services/notifications.service.js
@@ -32,8 +32,8 @@ angular.module('umbraco.services')
 	        //add a colon after the headline if there is a message as well
 	        if (item.message) {
 	            item.headline += ":";
-	            if(item.message.length > 200){
-	            	item.sticky = true;
+	            if(item.message.length > 200) {
+	                item.sticky = true;
 	            }
 	        }
 
@@ -44,19 +44,19 @@ angular.module('umbraco.services')
 	        
 	        nArray.push(item);
             
-            if(!item.sticky){
-		        $timeout(function () {
-		            var found = _.find(nArray, function(i) {
-		                return i.id === item.id;
-		            });
+            if(!item.sticky) {
+                $timeout(function() {
+                    var found = _.find(nArray, function(i) {
+                        return i.id === item.id;
+                    });
 
-	                if (found) {
-	                    var index = nArray.indexOf(found);
-	                    nArray.splice(index, 1);
-	                }
-		            
-		        }, 7000);
-	    	}
+                    if (found) {
+                        var index = nArray.indexOf(found);
+                        nArray.splice(index, 1);
+                    }
+
+                }, 7000);
+            }
 
 	        return item;
 	    });
diff --git a/src/Umbraco.Web.UI.Client/src/loader.js b/src/Umbraco.Web.UI.Client/src/loader.js
index 46629a2e2d..f29b2bcea0 100644
--- a/src/Umbraco.Web.UI.Client/src/loader.js
+++ b/src/Umbraco.Web.UI.Client/src/loader.js
@@ -19,14 +19,16 @@ yepnope({
     'lib/angular/1.1.5/angular-cookies.min.js',
     'lib/angular/1.1.5/angular-mobile.min.js',
     'lib/angular/1.1.5/angular-mocks.js',
+    'lib/angular/1.1.5/angular-sanitize.min.js',
 
     /* 1.2 RC1
     'lib/angular/1.2/angular.min.js',
     'lib/angular/1.2/angular-route.min.js',
     'lib/angular/1.2/angular-touch.min.js',
     'lib/angular/1.2/angular-cookies.min.js',
-    'lib/angular/1.2/angular-animate.min.js',
+    'lib/angular/1.2/angular-animate.min.js', 
     'lib/angular/1.2/angular-mocks.js',
+    'lib/angular/1.2/angular-sanitize.min.js',
     */
 
     /* temporary sorter lib, should be updated */
diff --git a/src/Umbraco.Web.UI.Client/src/views/directives/umb-notifications.html b/src/Umbraco.Web.UI.Client/src/views/directives/umb-notifications.html
index 8151f749cd..63e88429df 100644
--- a/src/Umbraco.Web.UI.Client/src/views/directives/umb-notifications.html
+++ b/src/Umbraco.Web.UI.Client/src/views/directives/umb-notifications.html
@@ -5,8 +5,7 @@
             <a class='close' ng-click="removeNotification($index)" prevent-default href='#'>&times;</a>
 
             <strong>{{notification.headline}}</strong>
-            {{notification.message}}
-            
+            <span ng-bind-html="notification.message"></span>            
            
         </li>
     </ul>
diff --git a/src/Umbraco.Web/UI/JavaScript/JsInitialize.js b/src/Umbraco.Web/UI/JavaScript/JsInitialize.js
index 41d33459c2..be44767fa9 100644
--- a/src/Umbraco.Web/UI/JavaScript/JsInitialize.js
+++ b/src/Umbraco.Web/UI/JavaScript/JsInitialize.js
@@ -15,6 +15,7 @@
     'lib/angular/1.1.5/angular.min.js',
     'lib/angular/1.1.5/angular-cookies.min.js',
     'lib/angular/1.1.5/angular-mobile.min.js',
+    'lib/angular/1.1.5/angular-sanitize.min.js',
     
     /* 1.2 RC1
     'lib/angular/1.2/angular.min.js',
@@ -22,6 +23,7 @@
     'lib/angular/1.2/angular-touch.min.js',
     'lib/angular/1.2/angular-cookies.min.js',
 	'lib/angular/1.2/angular-animate.min.js',
+    'lib/angular/1.2/angular-sanitize.min.js',
     */
 
     /* temporary sorter lib, should be updated