Login flow broken when sessions expire
thecodeboss opened this issue · 1 comments
thecodeboss commented
Bug Report
Versions
Version | |
---|---|
Verdaccio | 5.29.0 |
This plugin | 6.0.8 |
Node | 20.10.0 |
Environment
Name | Version | |
---|---|---|
Package manager | helm | |
Browser | chrome | |
Operating system | Windows |
Observed behavior
When a session expires in the web UI, the login flow doesn't work until I clear local storage. Specifically, after the login flow completes and I'm sent back to the Verdaccio landing page, it still says "Login" and I can't access anything. If I clear local storage manually and then go through the login flow, it works as expected.
Expected behavior
Going through the login flow again after a session expires should work.
Steps to reproduce
- Login on the web UI
- Wait an hour for the token to expire
- You should now see a "Login" button again as the UI detects your session is expired
- Click "Login" and go through the auth flow
- When you return to the landing page, you'll still see the "Login" button and are unable to access content
Additional context
I did some investigating and found a few things that might help:
- When your session expires, the
token
value remains in local storage. The only code path I found that removes this value is clicking the "Logout" button, but unfortunately this button isn't visible on the page when your session has expired. - Upon completing the login flow, the
saveCredentials
call that would save the new values into local storage does not get invoked. This is because theisLoggedIn
function returns true a few lines before. - As mentioned in the previous line,
isLoggedIn
returns true when a session has expired. It doesn't seem to check the expiry date in the JWT token, it simply checks that the token exists.