feat: Invalidate access token on logout

2025-12-26 17:25:03 +03:00 · 2022-09-07 18:39:33 +05:00
parent f091de6827
commit 48ea62c0a0
26 changed files with 242 additions and 37 deletions
--- a/client/src/sagas/core/index.js
+++ b/client/src/sagas/core/index.js
@@ -1,9 +1,8 @@
-import { all, apply, call, fork, take } from 'redux-saga/effects';
+import { all, apply, fork, take } from 'redux-saga/effects';

 import watchers from './watchers';
 import services from './services';
 import { socket } from '../../api';
-import { removeAccessToken } from '../../utils/access-token-storage';
 import ActionTypes from '../../constants/ActionTypes';
 import Paths from '../../constants/Paths';

@@ -15,6 +14,5 @@ export default function* coreSaga() {

  yield take(ActionTypes.LOGOUT);

-  yield call(removeAccessToken);
  window.location.href = Paths.LOGIN;
 }
--- a/client/src/sagas/core/request.js
+++ b/client/src/sagas/core/request.js
@@ -1,7 +1,8 @@
-import { call, fork, join, put, take } from 'redux-saga/effects';
+import { call, fork, join, put, select, take } from 'redux-saga/effects';

+import selectors from '../../selectors';
 import actions from '../../actions';
-import { getAccessToken } from '../../utils/access-token-storage';
+import { removeAccessToken } from '../../utils/access-token-storage';
 import ErrorCodes from '../../constants/ErrorCodes';

 let lastRequestTask;
@@ -13,7 +14,7 @@ function* queueRequest(method, ...args) {
    } catch {} // eslint-disable-line no-empty
  }

-  const accessToken = yield call(getAccessToken);
+  const accessToken = yield select(selectors.selectAccessToken);

  try {
    return yield call(method, ...args, {
@@ -21,6 +22,7 @@ function* queueRequest(method, ...args) {
    });
  } catch (error) {
    if (error.code === ErrorCodes.UNAUTHORIZED) {
+      yield call(removeAccessToken);
      yield put(actions.logout()); // TODO: next url
      yield take();
    }
--- a/client/src/sagas/core/services/core.js
+++ b/client/src/sagas/core/services/core.js
@@ -1,8 +1,11 @@
 import { call, put, take } from 'redux-saga/effects';

+import request from '../request';
 import requests from '../requests';
 import actions from '../../../actions';
+import api from '../../../api';
 import i18n from '../../../i18n';
+import { removeAccessToken } from '../../../utils/access-token-storage';

 export function* initializeCore() {
  const {
@@ -60,7 +63,17 @@ export function* changeCoreLanguage(language) {
  }
 }

-export function* logout() {
+export function* logout(invalidateAccessToken = true) {
+  yield call(removeAccessToken);
+
+  if (invalidateAccessToken) {
+    yield put(actions.logout.invalidateAccessToken());
+
+    try {
+      yield call(request, api.deleteCurrentAccessToken);
+    } catch (error) {} // eslint-disable-line no-empty
+  }
+
  yield put(actions.logout());
  yield take();
 }
--- a/client/src/sagas/core/services/users.js
+++ b/client/src/sagas/core/services/users.js
@@ -124,11 +124,13 @@ export function* updateUserPassword(id, data) {
    return;
  }

-  if (accessTokens && accessTokens[0]) {
-    yield call(setAccessToken, accessTokens[0]);
+  const accessToken = accessTokens && accessTokens[0];
+
+  if (accessToken) {
+    yield call(setAccessToken, accessToken);
  }

-  yield put(actions.updateUserPassword.success(user));
+  yield put(actions.updateUserPassword.success(user, accessToken));
 }

 export function* updateCurrentUserPassword(data) {
@@ -215,7 +217,7 @@ export function* handleUserDelete(user) {
  const currentUserId = yield select(selectors.selectCurrentUserId);

  if (user.id === currentUserId) {
-    yield call(logout);
+    yield call(logout, false);
  }

  yield put(actions.handleUserDelete(user));
--- a/client/src/sagas/login/index.js
+++ b/client/src/sagas/login/index.js
@@ -2,18 +2,13 @@ import { all, call, cancel, fork, take } from 'redux-saga/effects';

 import watchers from './watchers';
 import services from './services';
-import { setAccessToken } from '../../utils/access-token-storage';
 import ActionTypes from '../../constants/ActionTypes';

 export default function* loginSaga() {
  const watcherTasks = yield all(watchers.map((watcher) => fork(watcher)));

-  const {
-    payload: { accessToken },
-  } = yield take(ActionTypes.AUTHENTICATE__SUCCESS);
+  yield take(ActionTypes.AUTHENTICATE__SUCCESS);

  yield cancel(watcherTasks);
-
-  yield call(setAccessToken, accessToken);
  yield call(services.goToRoot);
 }
--- a/client/src/sagas/login/services/login.js
+++ b/client/src/sagas/login/services/login.js
@@ -2,6 +2,7 @@ import { call, put } from 'redux-saga/effects';

 import actions from '../../../actions';
 import api from '../../../api';
+import { setAccessToken } from '../../../utils/access-token-storage';

 export function* authenticate(data) {
  yield put(actions.authenticate(data));
@@ -14,6 +15,7 @@ export function* authenticate(data) {
    return;
  }

+  yield call(setAccessToken, accessToken);
  yield put(actions.authenticate.success(accessToken));
 }