fix(admin-ui): Fix handling of expired sessions

admin-ui/src/app/core/providers/guard/auth.guard.ts

@@ -16,11 +16,8 @@ export class AuthGuard implements CanActivate {
     canActivate(route: ActivatedRouteSnapshot): Observable<boolean> {
         return this.authService.checkAuthenticatedStatus().pipe(
             tap(authenticated => {
-                if (authenticated) {
-                    return true;
-                } else {
+                if (!authenticated) {
                     this.router.navigate(['/login']);
-                    return false;
                 }
             }),
         );

admin-ui/src/app/data/providers/interceptor.ts

@@ -75,8 +75,10 @@ export class DefaultInterceptor implements HttpInterceptor {
                         this.displayErrorNotification(_(`error.401-unauthorized`));
                         break;
                     case 403:
-                        this.displayErrorNotification(_(`error.403-forbidden`));
                         this.authService.logOut().subscribe(() => {
+                            if (!window.location.pathname.includes('login')) {
+                                this.displayErrorNotification(_(`error.403-forbidden`));
+                            }
                             this.router.navigate(['/login'], {
                                 queryParams: {
                                     [AUTH_REDIRECT_PARAM]: btoa(this.router.url),

admin-ui/src/app/login/components/login/login.component.ts

@@ -20,7 +20,7 @@ export class LoginComponent {
         this.authService.logIn(this.username, this.password, this.rememberMe).subscribe(
             () => {
                 const redirect = this.getRedirectRoute();
-                this.router.navigate([redirect ? redirect : '/']);
+                this.router.navigateByUrl(redirect ? redirect : '/');
             },
             err => {
                 /* error handled by http interceptor */

admin-ui/src/app/login/login.module.ts

@@ -5,11 +5,12 @@ import { SharedModule } from '../shared/shared.module';
 
 import { LoginComponent } from './components/login/login.component';
 import { loginRoutes } from './login.routes';
+import { LoginGuard } from './providers/login.guard';
 
 @NgModule({
     imports: [SharedModule, RouterModule.forChild(loginRoutes)],
     exports: [],
     declarations: [LoginComponent],
-    providers: [],
+    providers: [LoginGuard],
 })
 export class LoginModule {}

admin-ui/src/app/login/login.routes.ts

@@ -1,11 +1,13 @@
 import { Routes } from '@angular/router';
 
 import { LoginComponent } from './components/login/login.component';
+import { LoginGuard } from './providers/login.guard';
 
 export const loginRoutes: Routes = [
     {
         path: '',
         component: LoginComponent,
         pathMatch: 'full',
+        canActivate: [LoginGuard],
     },
 ];

admin-ui/src/app/login/providers/login.guard.ts

@@ -0,0 +1,25 @@
+import { Injectable } from '@angular/core';
+import { ActivatedRouteSnapshot, CanActivate, Router } from '@angular/router';
+import { Observable } from 'rxjs';
+import { map } from 'rxjs/operators';
+
+import { AuthService } from '../../core/providers/auth/auth.service';
+
+/**
+ * This guard prevents loggen-in users from navigating to the login screen.
+ */
+@Injectable()
+export class LoginGuard implements CanActivate {
+    constructor(private router: Router, private authService: AuthService) {}
+
+    canActivate(route: ActivatedRouteSnapshot): Observable<boolean> {
+        return this.authService.checkAuthenticatedStatus().pipe(
+            map(authenticated => {
+                if (authenticated) {
+                    this.router.navigate(['/']);
+                }
+                return !authenticated;
+            }),
+        );
+    }
+}