Skip to content

Commit

Permalink
Blacklist refresh token on logout
Browse files Browse the repository at this point in the history
Found by ZeroPath's Beta Business Logic Scanner https://zeropath.com
  • Loading branch information
derneuere committed Sep 14, 2024
1 parent 3f83c74 commit f23c8b8
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 15 deletions.
9 changes: 9 additions & 0 deletions src/api_client/api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ export enum Endpoints {
fetchStorageStats = "fetchStorageStats",
fetchImageTag = "fetchImageTag",
generateAutoAlbumTitle = "generateAutoAlbumTitle",
logout = "logout",
}

const baseQuery = fetchBaseQuery({
Expand Down Expand Up @@ -144,6 +145,13 @@ export const api = createApi({
return data;
},
}),
[Endpoints.logout]: builder.mutation<void, void>({
query: () => ({
url: "/auth/token/blacklist/",
method: "POST",
body: { refresh: new Cookies().get("refresh") },
}),
}),
[Endpoints.isFirstTimeSetup]: builder.query<boolean, void>({
query: () => ({
url: "/firsttimesetup/",
Expand Down Expand Up @@ -268,6 +276,7 @@ export const {
useFetchIncompleteFacesQuery,
useLoginMutation,
useSignUpMutation,
useLogoutMutation,
useWorkerQuery,
useDeleteUserMutation,
useManageUpdateUserMutation,
Expand Down
5 changes: 3 additions & 2 deletions src/components/menubars/TopMenu.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ import { push } from "redux-first-history";

import { toggleSidebar } from "../../actions/uiActions";
import { api } from "../../api_client/api";
import { useLogoutMutation } from "../../api_client/api";
import { serverAddress } from "../../api_client/apiClient";
import { logout } from "../../store/auth/authSlice";
import { useAppDispatch, useAppSelector } from "../../store/store";
import { ChunkedUploadButton } from "../ChunkedUploadButton";
import { CustomSearch } from "../CustomSearch";
Expand All @@ -27,6 +27,7 @@ export function TopMenu() {
const userSelfDetails = useAppSelector(state => state.user.userSelfDetails);
const { t } = useTranslation();
const matches = useMediaQuery("(min-width: 700px)");
const [logout] = useLogoutMutation();

useEffect(() => {
if (auth.access) {
Expand Down Expand Up @@ -90,7 +91,7 @@ export function TopMenu() {
<Menu.Item
icon={<Logout />}
onClick={() => {
dispatch(logout());
logout();
dispatch(api.util.resetApiState());
}}
>
Expand Down
18 changes: 8 additions & 10 deletions src/store/auth/authSlice.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,6 @@ const authSlice = createSlice({
token: payload.access,
},
}),
logout: () => {
cookies.remove("access");
cookies.remove("refresh");
cookies.remove("csrftoken");
cookies.remove("jwt");
push("/login");
return initialState;
},
clearError: state => ({ ...state, error: null }),
},
extraReducers: builder => {
Expand All @@ -64,11 +56,17 @@ const authSlice = createSlice({
access: null,
refresh: null,
error: AuthErrorSchema.parse(payload),
}));
}))
.addMatcher(api.endpoints.logout.matchFulfilled, state => {
cookies.remove("access");
cookies.remove("refresh");
push("/login");
return { access: null, refresh: null, error: null };
});
},
});

export const authReducer = authSlice.reducer;

export const { actions: authActions } = authSlice;
export const { logout, tokenReceived, clearError } = authActions;
export const { tokenReceived, clearError } = authActions;
4 changes: 1 addition & 3 deletions src/store/middleware/errorMiddleware.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import { isRejectedWithValue } from "@reduxjs/toolkit";
import { Endpoints, api } from "../../api_client/api";
import { notification } from "../../service/notifications";
import { AuthErrorSchema } from "../auth/auth.zod";
import { logout } from "../auth/authSlice";

export const errorMiddleware: Middleware =
({ dispatch }: MiddlewareAPI) =>
Expand All @@ -19,8 +18,7 @@ export const errorMiddleware: Middleware =
if (error.field === "code") {
if (error.message === "token_not_valid") {
notification.invalidToken();
dispatch(logout());
dispatch(api.util.resetApiState());
dispatch(api.endpoints.logout.initiate());
return;
}
}
Expand Down

0 comments on commit f23c8b8

Please sign in to comment.