diff options
| author | Alexander Tumin <iamtakingiteasy@eientei.org> | 2023-08-14 16:21:43 +0300 |
|---|---|---|
| committer | Alexander Tumin <iamtakingiteasy@eientei.org> | 2023-08-20 15:51:19 +0300 |
| commit | ac78f801943f22c27cc6e7e9eac7ececb9fa2a5a (patch) | |
| tree | 05d7b37719222bf89e61f1bc97ff48d7b9c36aec | |
| parent | a1641193b5b7c72e919b9848b167bc4d4a40444b (diff) | |
Fix OAuth2 token lingering after revocation
| -rw-r--r-- | changelog.d/oauth2-token-linger.fix | 1 | ||||
| -rw-r--r-- | src/modules/users.js | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/changelog.d/oauth2-token-linger.fix b/changelog.d/oauth2-token-linger.fix new file mode 100644 index 00000000..da4e4631 --- /dev/null +++ b/changelog.d/oauth2-token-linger.fix @@ -0,0 +1 @@ +Fix OAuth2 token lingering after revocation diff --git a/src/modules/users.js b/src/modules/users.js index e976d875..50b4cb84 100644 --- a/src/modules/users.js +++ b/src/modules/users.js @@ -651,6 +651,12 @@ const users = { const response = data.error // Authentication failed commit('endLogin') + + // remove authentication token on client/authentication errors + if ([400, 401, 403, 422].includes(response.status)) { + commit('clearToken') + } + if (response.status === 401) { reject(new Error('Wrong username or password')) } else { |