fix(auth): silently discard invalid auth tokens and log the user out

This commit is contained in:
kolaente 2023-09-29 10:38:00 +02:00
parent 8507808058
commit 287daf9125
Signed by untrusted user: konrad
GPG Key ID: F40E70337AB24C9B

View File

@ -226,15 +226,20 @@ export const useAuthStore = defineStore('auth', () => {
const jwt = getToken()
let isAuthenticated = false
if (jwt) {
const base64 = jwt
.split('.')[1]
.replace('-', '+')
.replace('_', '/')
const info = new UserModel(JSON.parse(atob(base64)))
const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND)
isAuthenticated = info.exp >= ts
// Settings should only be loaded from the api request, not via the jwt
setUser(info, false)
try {
const base64 = jwt
.split('.')[1]
.replace('-', '+')
.replace('_', '/')
const info = new UserModel(JSON.parse(atob(base64)))
const ts = Math.round((new Date()).getTime() / MILLISECONDS_A_SECOND)
isAuthenticated = info.exp >= ts
// Settings should only be loaded from the api request, not via the jwt
setUser(info, false)
} catch (e) {
logout()
}
if (isAuthenticated) {
await refreshUserInfo()
@ -292,11 +297,14 @@ export const useAuthStore = defineStore('auth', () => {
return newUser
} catch (e) {
if(e?.response?.data?.message === 'invalid or expired jwt') {
logout()
if(e?.response?.status === 401 ||
e?.response?.data?.message === 'missing, malformed, expired or otherwise invalid token provided') {
await logout()
return
}
console.log('continuerd')
const cause = {e}
if (typeof e?.response?.data?.message !== 'undefined') {