Merge pull request #2313 from ryanpetrello/fix-ui-401

don't send WWW-Authenticate: Basic for AJAX, and properly detect 401

awx/api/generics.py

@@ -233,6 +233,8 @@ class APIView(views.APIView):
         use the request header as an indication for which authentication method
         was attempted.
         """
+        if request.META.get('HTTP_X_REQUESTED_WITH') == 'XMLHttpRequest':
+            return 'Bearer realm=api'
         for authenticator in self.get_authenticators():
             try: 
                 resp_hdr = authenticator.authenticate_header(request)

awx/ui/client/src/rest/interceptors.service.js

@@ -14,6 +14,10 @@
     [ '$rootScope', '$q', '$injector',
         function ($rootScope, $q, $injector) {
             return {
+                request: function (config) {
+                    config.headers['X-Requested-With'] = 'XMLHttpRequest';
+                    return config;
+                },
                 response: function(config) {
                     if(config.headers('auth-token-timeout') !== null){
                         $rootScope.loginConfig.promise.then(function () {

awx/ui/client/src/shared/Utilities.js

@@ -165,8 +165,7 @@ angular.module('Utilities', ['RestServices', 'Utilities'])
                 Alert('Conflict', data.conflict || "Resource currently in use.");
             } else if (status === 410) {
                 Alert('Deleted Object', 'The requested object was previously deleted and can no longer be accessed.');
-            } else if ((status === 'Session is expired') || (status === 401 && data.detail && data.detail === 'Token is expired') ||
+            } else if ((status === 'Session is expired') || (status === 401)) {
-                (status === 401 && data && data.detail && data.detail === 'Invalid token')) {
                 if ($rootScope.sessionTimer) {
                     $rootScope.sessionTimer.expireSession('idle');
                 }