From efe9dfa5e3550d12abd34d06ab7f8fbcf2206cfa Mon Sep 17 00:00:00 2001
From: Timothy Carambat <rambat1010@gmail.com>
Date: Tue, 26 Mar 2024 16:47:25 -0700
Subject: [PATCH] handle expired token being null and prevent constant rerender
 (#956)

* handle expired token being null and prevent constant rerender

* reset defaults
---
 frontend/src/components/Modals/Password/index.jsx | 10 ++++++----
 frontend/src/components/PrivateRoute/index.jsx    |  2 +-
 frontend/src/pages/Login/index.jsx                |  4 +++-
 frontend/src/utils/paths.js                       |  4 ++--
 server/utils/middleware/validatedRequest.js       | 10 +++++++++-
 5 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/frontend/src/components/Modals/Password/index.jsx b/frontend/src/components/Modals/Password/index.jsx
index 00fefe4e..d31b80fd 100644
--- a/frontend/src/components/Modals/Password/index.jsx
+++ b/frontend/src/components/Modals/Password/index.jsx
@@ -34,7 +34,7 @@ export default function PasswordModal({ mode = "single" }) {
   );
 }
 
-export function usePasswordModal() {
+export function usePasswordModal(notry = false) {
   const [auth, setAuth] = useState({
     loading: true,
     requiresAuth: false,
@@ -47,7 +47,7 @@ export function usePasswordModal() {
 
       // If the last validity check is still valid
       // we can skip the loading.
-      if (!System.needsAuthCheck()) {
+      if (!System.needsAuthCheck() && notry === false) {
         setAuth({
           loading: false,
           requiresAuth: false,
@@ -60,7 +60,7 @@ export function usePasswordModal() {
       if (settings?.MultiUserMode) {
         const currentToken = window.localStorage.getItem(AUTH_TOKEN);
         if (!!currentToken) {
-          const valid = await System.checkAuth(currentToken);
+          const valid = notry ? false : await System.checkAuth(currentToken);
           if (!valid) {
             setAuth({
               loading: false,
@@ -102,7 +102,7 @@ export function usePasswordModal() {
 
         const currentToken = window.localStorage.getItem(AUTH_TOKEN);
         if (!!currentToken) {
-          const valid = await System.checkAuth(currentToken);
+          const valid = notry ? false : await System.checkAuth(currentToken);
           if (!valid) {
             setAuth({
               loading: false,
@@ -110,6 +110,8 @@ export function usePasswordModal() {
               mode: "single",
             });
             window.localStorage.removeItem(AUTH_TOKEN);
+            window.localStorage.removeItem(AUTH_USER);
+            window.localStorage.removeItem(AUTH_TIMESTAMP);
             return;
           } else {
             setAuth({
diff --git a/frontend/src/components/PrivateRoute/index.jsx b/frontend/src/components/PrivateRoute/index.jsx
index 165141bb..1b4c71fb 100644
--- a/frontend/src/components/PrivateRoute/index.jsx
+++ b/frontend/src/components/PrivateRoute/index.jsx
@@ -136,6 +136,6 @@ export default function PrivateRoute({ Component }) {
       <Component />
     </UserMenu>
   ) : (
-    <Navigate to={paths.login()} />
+    <Navigate to={paths.login(true)} />
   );
 }
diff --git a/frontend/src/pages/Login/index.jsx b/frontend/src/pages/Login/index.jsx
index cf8ab249..4e77a5c6 100644
--- a/frontend/src/pages/Login/index.jsx
+++ b/frontend/src/pages/Login/index.jsx
@@ -3,9 +3,11 @@ import PasswordModal, { usePasswordModal } from "@/components/Modals/Password";
 import { FullScreenLoader } from "@/components/Preloader";
 import { Navigate } from "react-router-dom";
 import paths from "@/utils/paths";
+import useQuery from "@/hooks/useQuery";
 
 export default function Login() {
-  const { loading, requiresAuth, mode } = usePasswordModal();
+  const query = useQuery();
+  const { loading, requiresAuth, mode } = usePasswordModal(!!query.get("nt"));
   if (loading) return <FullScreenLoader />;
   if (requiresAuth === false) return <Navigate to={paths.home()} />;
 
diff --git a/frontend/src/utils/paths.js b/frontend/src/utils/paths.js
index 0f42e223..5625fafb 100644
--- a/frontend/src/utils/paths.js
+++ b/frontend/src/utils/paths.js
@@ -4,8 +4,8 @@ export default {
   home: () => {
     return "/";
   },
-  login: () => {
-    return "/login";
+  login: (noTry = false) => {
+    return `/login${noTry ? "?nt=1" : ""}`;
   },
   onboarding: {
     home: () => {
diff --git a/server/utils/middleware/validatedRequest.js b/server/utils/middleware/validatedRequest.js
index 6f3df26d..551090a0 100644
--- a/server/utils/middleware/validatedRequest.js
+++ b/server/utils/middleware/validatedRequest.js
@@ -38,9 +38,17 @@ async function validatedRequest(request, response, next) {
 
   const bcrypt = require("bcrypt");
   const { p } = decodeJWT(token);
+
+  if (p === null) {
+    response.status(401).json({
+      error: "Token expired or failed validation.",
+    });
+    return;
+  }
+
   if (!bcrypt.compareSync(p, bcrypt.hashSync(process.env.AUTH_TOKEN, 10))) {
     response.status(401).json({
-      error: "Invalid auth token found.",
+      error: "Invalid auth credentials.",
     });
     return;
   }