ami/tl-vikunja
1
0
Fork 0
Code

fix(auth): silently discard invalid auth tokens and log the user out

Browse Source
This commit is contained in:
kolaente 2023-09-29 10:38:00 +02:00
parent 8507808058
commit 287daf9125
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
1 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/stores/auth.ts
View File

@ -226,15 +226,20 @@ export const useAuthStore = defineStore('auth', () => {
const jwt = getToken() const jwt = getToken()
let isAuthenticated = false let isAuthenticated = false
if (jwt) { if (jwt) {
const base64 = jwt try {
.split('.')[1] const base64 = jwt
.replace('-', '+') .split('.')[1]
.replace('_', '/') .replace('-', '+')
const info = new UserModel(JSON.parse(atob(base64))) .replace('_', '/')
const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND) const info = new UserModel(JSON.parse(atob(base64)))
isAuthenticated = info.exp >= ts const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND)
// Settings should only be loaded from the api request, not via the jwt
setUser(info, false) isAuthenticated = info.exp >= ts
// Settings should only be loaded from the api request, not via the jwt
setUser(info, false)
} catch (e) {
logout()
}
if (isAuthenticated) { if (isAuthenticated) {
await refreshUserInfo() await refreshUserInfo()
@ -292,11 +297,14 @@ export const useAuthStore = defineStore('auth', () => {
return newUser return newUser
} catch (e) { } catch (e) {
if(e?.response?.data?.message === 'invalid or expired jwt') { if(e?.response?.status === 401 ||
logout() e?.response?.data?.message === 'missing, malformed, expired or otherwise invalid token provided') {
await logout()
return return
} }
console.log('continuerd')
const cause = {e} const cause = {e}
if (typeof e?.response?.data?.message !== 'undefined') { if (typeof e?.response?.data?.message !== 'undefined') {