From e5b50f855c02aa4b5c9ee873dd5a7ab25759972d Mon Sep 17 00:00:00 2001 From: Elias Schneider Date: Mon, 26 Dec 2022 12:57:54 +0100 Subject: [PATCH] fix: refresh token gets deleted on session end --- backend/src/auth/dto/enableTotp.dto.ts | 1 - backend/src/auth/dto/verifyTotp.dto.ts | 2 +- frontend/src/components/auth/SignInForm.tsx | 9 +------ frontend/src/components/auth/SignUpForm.tsx | 7 +----- frontend/src/services/auth.service.ts | 27 +++++++++++++++------ 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/backend/src/auth/dto/enableTotp.dto.ts b/backend/src/auth/dto/enableTotp.dto.ts index b1b49ddb..d3db7dba 100644 --- a/backend/src/auth/dto/enableTotp.dto.ts +++ b/backend/src/auth/dto/enableTotp.dto.ts @@ -1,5 +1,4 @@ import { PickType } from "@nestjs/mapped-types"; -import { IsEmail, IsOptional, IsString } from "class-validator"; import { UserDTO } from "src/user/dto/user.dto"; export class EnableTotpDTO extends PickType(UserDTO, ["password"] as const) {} diff --git a/backend/src/auth/dto/verifyTotp.dto.ts b/backend/src/auth/dto/verifyTotp.dto.ts index 3709fc85..d1c7729c 100644 --- a/backend/src/auth/dto/verifyTotp.dto.ts +++ b/backend/src/auth/dto/verifyTotp.dto.ts @@ -1,5 +1,5 @@ import { PickType } from "@nestjs/mapped-types"; -import { IsEmail, IsOptional, IsString } from "class-validator"; +import { IsString } from "class-validator"; import { UserDTO } from "src/user/dto/user.dto"; export class VerifyTotpDTO extends PickType(UserDTO, ["password"] as const) { diff --git a/frontend/src/components/auth/SignInForm.tsx b/frontend/src/components/auth/SignInForm.tsx index e111d7d9..623d2821 100644 --- a/frontend/src/components/auth/SignInForm.tsx +++ b/frontend/src/components/auth/SignInForm.tsx @@ -10,7 +10,6 @@ import { } from "@mantine/core"; import { useForm, yupResolver } from "@mantine/form"; import { showNotification } from "@mantine/notifications"; -import { setCookie } from "cookies-next"; import Link from "next/link"; import React from "react"; import { TbInfoCircle } from "react-icons/tb"; @@ -59,8 +58,6 @@ const SignInForm = () => { }); setLoginToken(response.data["loginToken"]); } else { - setCookie("access_token", response.data.accessToken); - setCookie("refresh_token", response.data.refreshToken); window.location.replace("/"); } }) @@ -70,11 +67,7 @@ const SignInForm = () => { const signInTotp = (email: string, password: string, totp: string) => { authService .signInTotp(email, password, totp, loginToken) - .then((response) => { - setCookie("access_token", response.data.accessToken); - setCookie("refresh_token", response.data.refreshToken); - window.location.replace("/"); - }) + .then(() => window.location.replace("/")) .catch((error) => { if (error?.response?.data?.message == "Login token expired") { toast.error("Login token expired"); diff --git a/frontend/src/components/auth/SignUpForm.tsx b/frontend/src/components/auth/SignUpForm.tsx index 42713bc2..bfe5ed15 100644 --- a/frontend/src/components/auth/SignUpForm.tsx +++ b/frontend/src/components/auth/SignUpForm.tsx @@ -9,7 +9,6 @@ import { Title, } from "@mantine/core"; import { useForm, yupResolver } from "@mantine/form"; -import { setCookie } from "cookies-next"; import Link from "next/link"; import * as yup from "yup"; import useConfig from "../../hooks/config.hook"; @@ -37,11 +36,7 @@ const SignUpForm = () => { const signUp = (email: string, username: string, password: string) => { authService .signUp(email, username, password) - .then((response) => { - setCookie("access_token", response.data.accessToken); - setCookie("refresh_token", response.data.refreshToken); - window.location.replace("/"); - }) + .then(() => window.location.replace("/")) .catch(toast.axiosError); }; diff --git a/frontend/src/services/auth.service.ts b/frontend/src/services/auth.service.ts index 77bf5d7f..a6f462a8 100644 --- a/frontend/src/services/auth.service.ts +++ b/frontend/src/services/auth.service.ts @@ -11,6 +11,12 @@ const signIn = async (emailOrUsername: string, password: string) => { ...emailOrUsernameBody, password, }); + + setCookie("access_token", response.data.accessToken); + setCookie("refresh_token", response.data.refreshToken, { + maxAge: 60 * 60 * 24 * 30 * 3, + }); + return response; }; @@ -34,7 +40,14 @@ const signInTotp = async ( }; const signUp = async (email: string, username: string, password: string) => { - return await api.post("auth/signUp", { email, username, password }); + const response = await api.post("auth/signUp", { email, username, password }); + + setCookie("access_token", response.data.accessToken); + setCookie("refresh_token", response.data.refreshToken, { + maxAge: 60 * 60 * 24 * 30 * 3, + }); + + return response; }; const signOut = () => { @@ -45,14 +58,14 @@ const signOut = () => { const refreshAccessToken = async () => { try { - const currentAccessToken = getCookie("access_token") as string; + const accessToken = getCookie("access_token") as string; + const refreshToken = getCookie("refresh_token"); if ( - currentAccessToken && - (jose.decodeJwt(currentAccessToken).exp ?? 0) * 1000 < - Date.now() + 2 * 60 * 1000 + (accessToken && + (jose.decodeJwt(accessToken).exp ?? 0) * 1000 < + Date.now() + 2 * 60 * 1000) || + (refreshToken && !accessToken) ) { - const refreshToken = getCookie("refresh_token"); - const response = await api.post("auth/token", { refreshToken }); setCookie("access_token", response.data.accessToken); }