Improve handling of 403 logouts and return URL cookie

This commit is contained in:
Andrew Kingston 2022-01-25 15:28:31 +00:00
parent 66bf6c6059
commit c06947cf46
5 changed files with 30 additions and 21 deletions

View File

@ -29,13 +29,7 @@ export const API = createAPIClient({
// Logout on 403's // Logout on 403's
if (status === 403) { if (status === 403) {
// Don't do anything if fetching templates. // Remove cookies
// TODO: clarify why this is here
if (url.includes("/api/templates")) {
return
}
// Remove the auth cookie
CookieUtils.removeCookie(Constants.Cookies.Auth) CookieUtils.removeCookie(Constants.Cookies.Auth)
// Reload after removing cookie, go to login // Reload after removing cookie, go to login

View File

@ -64,10 +64,10 @@
} }
} }
onMount(() => { onMount(async () => {
try { try {
datasources.fetch() await datasources.fetch()
queries.fetch() await queries.fetch()
} catch (error) { } catch (error) {
notifications.error("Error fetching datasources and queries") notifications.error("Error fetching datasources and queries")
} }

View File

@ -3,7 +3,6 @@
import { admin, auth } from "stores/portal" import { admin, auth } from "stores/portal"
import { onMount } from "svelte" import { onMount } from "svelte"
import { CookieUtils, Constants } from "@budibase/frontend-core" import { CookieUtils, Constants } from "@budibase/frontend-core"
import { notifications } from "@budibase/bbui"
let loaded = false let loaded = false
@ -57,11 +56,15 @@
onMount(async () => { onMount(async () => {
try { try {
await auth.checkAuth()
await admin.init()
// Set init info if present
if ($params["?template"]) { if ($params["?template"]) {
await auth.setInitInfo({ init_template: $params["?template"] }) await auth.setInitInfo({ init_template: $params["?template"] })
} }
await auth.checkAuth()
await admin.init() // Validate tenant if in a multi-tenant env
if (useAccountPortal && multiTenancyEnabled) { if (useAccountPortal && multiTenancyEnabled) {
await validateTenantId() await validateTenantId()
} }

View File

@ -2,10 +2,14 @@
import { redirect } from "@roxi/routify" import { redirect } from "@roxi/routify"
import { auth } from "../stores/portal" import { auth } from "../stores/portal"
import { onMount } from "svelte" import { onMount } from "svelte"
import { notifications } from "@budibase/bbui"
auth.checkQueryString() onMount(async () => {
try {
onMount(() => { await auth.checkQueryString()
} catch (error) {
notifications.error("Error setting org")
}
$redirect(`./builder`) $redirect(`./builder`)
}) })
</script> </script>

View File

@ -98,7 +98,7 @@ export function createAuthStore() {
return info return info
} }
async function setPostLogout() { function setPostLogout() {
auth.update(store => { auth.update(store => {
store.postLogout = true store.postLogout = true
return store return store
@ -130,8 +130,16 @@ export function createAuthStore() {
await setOrganisation(tenantId) await setOrganisation(tenantId)
}, },
checkAuth: async () => { checkAuth: async () => {
const user = await API.fetchBuilderSelf() // We need to catch this locally as we never want this to fail, even
setUser(user) // though normally we never want to swallow API errors at the store level.
// We're either logged in or we aren't.
// We also need to always update the loaded flag.
try {
const user = await API.fetchBuilderSelf()
setUser(user)
} catch (error) {
setUser(null)
}
}, },
login: async creds => { login: async creds => {
const tenantId = get(store).tenantId const tenantId = get(store).tenantId
@ -143,10 +151,10 @@ export function createAuthStore() {
setUser(response.user) setUser(response.user)
}, },
logout: async () => { logout: async () => {
await API.logOut()
await setInitInfo({})
setUser(null) setUser(null)
setPostLogout() setPostLogout()
await API.logOut()
await setInitInfo({})
}, },
updateSelf: async fields => { updateSelf: async fields => {
const newUser = { ...get(auth).user, ...fields } const newUser = { ...get(auth).user, ...fields }