Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed refreshToken in jwt should be considered as the same as invalid JWT token #1728

Open
quangld opened this issue Apr 16, 2020 · 0 comments
Open

Failed refreshToken in jwt should be considered as the same as invalid JWT token #1728

quangld opened this issue Apr 16, 2020 · 0 comments
Assignees
@NGPixel
Labels
enhancement

Comments

@quangld
Copy link

quangld commented Apr 16, 2020
edited
Loading

if the refreshToken fails in this below code, it throws new WIKI.Error.AuthGenericError(). This will show the internal error on user's screen.

function authenticate in server\core\auth.js

// Expired but still valid within N days, just renew
...
    try {
        const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
...
    } catch (errc) {
        WIKI.logger.warn(errc)
        **return next()**
    }
}
// JWT is NOT valid, set as guest
if (!user) {
...
}

My suggestion is to set user to null, skip next(). That means the token is considered invalid.

// Expired but still valid within N days, just renew
...
    try {
        const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
...
    } catch (errc) {
        WIKI.logger.warn(errc)
        // return next()
        user = null // JWT token is invalid, continue with no user is set
    }
}
// JWT is NOT valid, set as guest
if (!user) {
...
}

Edited: fix formatting
@NGPixel NGPixel self-assigned this Apr 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NGPixel NGPixel

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@quangld @NGPixel