Properly redirect on authentication failure

[rtibbles]

Summary

• Reorder authentication classes for consistent dev and production errors.
• Check user_id not id for forbidden redirects.
• When redirecting a user because they were logged out, persist a next parameter to return them to the last page they were on before logout

References

Fixes #11773

Reviewer guidance

Delete your session cookie while on the quiz creation page, make sure you get properly redirected there and back again.

---

Testing checklist

• Contributor has fully tested the PR manually
• If there are any front-end changes, before/after screenshots are included
• Critical user journeys are covered by Gherkin stories
• Critical and brittle code paths are covered by unit tests

PR process

• PR has the correct target branch and milestone
• PR has 'needs review' or 'work-in-progress' label
• If PR is ready for review, a reviewer has been added. (Don't use 'Assignees')
• If this is an important user-facing change, PR or related issue has a 'changelog' label
• If this includes an internal dependency change, a link to the diff is provided

Reviewer checklist

• Automated test coverage is satisfactory
• PR is fully functional
• PR has been tested for accessibility regressions
• External dependency files were updated if necessary (yarn and pip)
• Documentation is updated
• Contributor is in AUTHORS.md

[github-actions]

Build Artifacts

Asset type	Download link
PEX file	kolibri-.pex
Windows Installer (EXE)	kolibri-0.17.0a0.dev0+git.246.g271a4b17-windows-setup-unsigned.exe
Debian Package	kolibri_0.17.0a0.dev0+git.246.g271a4b17-0ubuntu1_all.deb
Mac Installer (DMG)	kolibri-0.17.0a0.dev0+git.246.g271a4b17-0.4.2.dmg
Android Package (APK)	kolibri-0.17.0a0.dev0+git.246.g271a4b17-0.1.3-debug.apk
TAR file	kolibri-0.17.0a0.dev0+git.246.g271a4b17.tar.gz
WHL file	kolibri-0.17.0a0.dev0+git.246.g271a4b17-py2.py3-none-any.whl

[radinamatic]

This is now fixed in all steps of the quiz creation process, and it redirects properly upon session end (tested in Firefox on Ubuntu).

redirect.mp4

@pcenov Could you do some additional checks with Chrome on other coach user workflows? Thank you!

[radinamatic]

Quiz creation redirect when session ends is a go! 👏🏽

Let's test redirects on some more coach workflows before we give a final approval 🙂

[marcellamaki]

The code changes here seem correct to me, and my own manual QA when running the dev server did properly redirect me out of coach when doing quiz creation.

I'll wait for some final checks from Peter though, per Radina's comment.

[pcenov]

Hi @marcellamaki - I noticed two possible follow-up issues if we want to dig deeper in this:

1. When my session has ended while I've been editing a quiz then I am brought back to the sign-in page where I can sign in as a learner user in which case I am redirected back to the quiz editing page and since I don't actually have permissions to see it I am getting a blank screen:

learner.mp4

2. If as a coach I've made some changes to the quiz without saving them, then when I sign in they are lost (which is fine in that case) however the contents of the first section are also not displayed until I click on the section tab, which can be confusing:

coach.mp4

[rtibbles]

I think issue 2 has been independently resolved by @nucleogenesis elsewhere. Issue 1 can be filed as a follow up.