Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

checkAuth should also commit purgeAuth when an error is catched #159

Open
AlexanderOpran opened this issue Jul 14, 2019 · 3 comments
Open

Comments

@AlexanderOpran
Copy link

[CHECK_AUTH](context) {
if (JwtService.getToken()) {
ApiService.setHeader();
ApiService.get("user")
.then(({ data }) => {
context.commit(SET_AUTH, data.user);
})
.catch(({ response }) => {
context.commit(SET_ERROR, response.data.errors);
});
} else {
context.commit(PURGE_AUTH);
}
},

As it currently stands, when the JWT token expires or is invalid the user will be permanently stuck in the isAuthenticated state. You can test it for yourselves by going to https://vue-vuex-realworld.netlify.com/, log in and then delete the token from local storage or alter it a bit and then either go to a new route or refresh the page and see what happens.

I think this is a pretty serious issue.

When the authentication check fails (401), we should also commit the purgeAuth mutation in order to clear the state.

@AlexanderOpran
Copy link
Author

No one actually encountered this problem?

@mkantautas
Copy link

When the authentication check fails (401), we should also commit the purgeAuth mutation in order to clear the state.

^ Exactly what I've changed when building from this template. Because with the current repo state for e.g. when jwt token expires and your API starts sending you 401 (Unauthorized) - your front-end stays on the same page, rather than committing a purgAuth commit and pushing you to Login page.

@thinh105
Copy link

thank guys to pointing out of this bug, I stuck in that 2 days

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants