Improve handling of 403 logouts and return URL cookie

2022-01-25 15:28:31 +00:00 · 2022-01-25 15:28:31 +00:00 · 45547f1efc
parent 7b32543537
commit 45547f1efc
5 changed files with 30 additions and 21 deletions
--- a/packages/builder/src/api.js
+++ b/packages/builder/src/api.js
@ -29,13 +29,7 @@ export const API = createAPIClient({

    // Logout on 403's
    if (status === 403) {
-      // Don't do anything if fetching templates.
-      // TODO: clarify why this is here
-      if (url.includes("/api/templates")) {
-        return
-      }
-
-      // Remove the auth cookie
+      // Remove cookies
      CookieUtils.removeCookie(Constants.Cookies.Auth)

      // Reload after removing cookie, go to login
--- a/packages/builder/src/components/backend/DatasourceNavigator/DatasourceNavigator.svelte
+++ b/packages/builder/src/components/backend/DatasourceNavigator/DatasourceNavigator.svelte
@ -64,10 +64,10 @@
    }
  }

-  onMount(() => {
+  onMount(async () => {
    try {
-      datasources.fetch()
-      queries.fetch()
+      await datasources.fetch()
+      await queries.fetch()
    } catch (error) {
      notifications.error("Error fetching datasources and queries")
    }
--- a/packages/builder/src/pages/builder/_layout.svelte
+++ b/packages/builder/src/pages/builder/_layout.svelte
@ -3,7 +3,6 @@
  import { admin, auth } from "stores/portal"
  import { onMount } from "svelte"
  import { CookieUtils, Constants } from "@budibase/frontend-core"
-  import { notifications } from "@budibase/bbui"

  let loaded = false

@ -57,11 +56,15 @@

  onMount(async () => {
    try {
+      await auth.checkAuth()
+      await admin.init()
+
+      // Set init info if present
      if ($params["?template"]) {
        await auth.setInitInfo({ init_template: $params["?template"] })
      }
-      await auth.checkAuth()
-      await admin.init()
+
+      // Validate tenant if in a multi-tenant env
      if (useAccountPortal && multiTenancyEnabled) {
        await validateTenantId()
      }
--- a/packages/builder/src/pages/index.svelte
+++ b/packages/builder/src/pages/index.svelte
@ -2,10 +2,14 @@
  import { redirect } from "@roxi/routify"
  import { auth } from "../stores/portal"
  import { onMount } from "svelte"
+  import { notifications } from "@budibase/bbui"

-  auth.checkQueryString()
-
-  onMount(() => {
+  onMount(async () => {
+    try {
+      await auth.checkQueryString()
+    } catch (error) {
+      notifications.error("Error setting org")
+    }
    $redirect(`./builder`)
  })
 </script>
--- a/packages/builder/src/stores/portal/auth.js
+++ b/packages/builder/src/stores/portal/auth.js
@ -98,7 +98,7 @@ export function createAuthStore() {
    return info
  }

-  async function setPostLogout() {
+  function setPostLogout() {
    auth.update(store => {
      store.postLogout = true
      return store
@ -130,8 +130,16 @@ export function createAuthStore() {
      await setOrganisation(tenantId)
    },
    checkAuth: async () => {
-      const user = await API.fetchBuilderSelf()
-      setUser(user)
+      // We need to catch this locally as we never want this to fail, even
+      // though normally we never want to swallow API errors at the store level.
+      // We're either logged in or we aren't.
+      // We also need to always update the loaded flag.
+      try {
+        const user = await API.fetchBuilderSelf()
+        setUser(user)
+      } catch (error) {
+        setUser(null)
+      }
    },
    login: async creds => {
      const tenantId = get(store).tenantId
@ -143,10 +151,10 @@ export function createAuthStore() {
      setUser(response.user)
    },
    logout: async () => {
-      await API.logOut()
-      await setInitInfo({})
      setUser(null)
      setPostLogout()
+      await API.logOut()
+      await setInitInfo({})
    },
    updateSelf: async fields => {
      const newUser = { ...get(auth).user, ...fields }