Skip to content

Auth bug fixed #619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
krulis-martin merged 2 commits into from
Feb 5, 2026
+26 −5
Merged

Auth bug fixed #619

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
041dcbf
Fixing bug with expired token cookie.
krulis-martin Feb 5, 2026
f3add06
Setting token cookie expiration time to token expiration time.
krulis-martin Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 23 additions & 2 deletions src/redux/middleware/authMiddleware.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { setLang } from '../modules/app.js';
import { CALL_API } from './apiMiddleware.js';
import { safeGet, canUseDOM } from '../../helpers/common.js';
import { getConfigVar } from '../../helpers/config.js';
import { decode, isTokenValid } from '../helpers/token';

const PERSISTENT_TOKENS_KEY_PREFIX = getConfigVar('PERSISTENT_TOKENS_KEY_PREFIX') || 'recodex';

Expand All @@ -26,8 +27,13 @@ export const storeToken = accessToken => {
localStorage.setItem(TOKEN_LOCAL_STORAGE_KEY, accessToken);
}

// @todo: expire after 'exp' in the token
cookies.set(TOKEN_COOKIES_KEY, accessToken, { expires: 14 }); // expires after 14 days
const decodedToken = decode(accessToken);
if (decodedToken && isTokenValid(decodedToken)) {
const expDate = new Date(decodedToken.exp * 1000);
cookies.set(TOKEN_COOKIES_KEY, accessToken, { expires: expDate }); // expires with token expiration
} else {
cookies.erase(TOKEN_COOKIES_KEY);
}
}
};

Expand Down Expand Up @@ -67,6 +73,19 @@ export const getToken = () => {
return null;
};

const checkAccessTokenCookie = token => {
const cookieToken = cookies.get(TOKEN_COOKIES_KEY);
const decodedCookieToken = cookieToken && decode(cookieToken);
if (!decodedCookieToken || !isTokenValid(decodedCookieToken)) {
const decodedToken = token && decode(token);
if (decodedToken && isTokenValid(decodedToken)) {
storeToken(token);
} else {
removeToken();
}
}
};

/**
* Store instance ID to both local storage and cookies.
*/
Expand Down Expand Up @@ -155,6 +174,8 @@ const middleware = store => next => action => {
}
}

checkAccessTokenCookie(action.request.accessToken);

break;
}

Expand Down
6 changes: 3 additions & 3 deletions src/redux/modules/auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,8 +139,8 @@ export const selectInstance = createAction(actionTypes.SELECT_INSTANCE, instance

/**
* Authentication reducer.
* @param {string} accessToken An access token to initialise the reducer
* @return {function} The initialised reducer
* @param {string} accessToken An access token to initialize the reducer
* @return {function} The initialized reducer
*/
const auth = (accessToken, instanceId, now = Date.now()) => {
const decodedToken = decodeAndValidateAccessToken(accessToken, now);
Expand Down Expand Up @@ -168,7 +168,7 @@ const auth = (accessToken, instanceId, now = Date.now()) => {

[actionTypes.LOGIN_FULFILLED]: (state, { payload: { accessToken, user }, meta: { service, popupWindow } }) => {
closeAuthPopupWindow(popupWindow);
return state.getIn(['status', service]) === statusTypes.LOGGING_IN // this should prevent re-login, when explicit logout ocurred whilst refreshing token
return state.getIn(['status', service]) === statusTypes.LOGGING_IN // this should prevent re-login, when explicit logout occurred whilst refreshing token
? state
.setIn(['status', service], statusTypes.LOGGED_IN)
.deleteIn(['errors', service])
Expand Down