Fixing bug with expired token cookie.

Author: krulis-martin

src/redux/middleware/authMiddleware.js

@@ -8,6 +8,7 @@ import { setLang } from '../modules/app.js';
 import { CALL_API } from './apiMiddleware.js';
 import { safeGet, canUseDOM } from '../../helpers/common.js';
 import { getConfigVar } from '../../helpers/config.js';
+import { decode, isTokenValid } from '../helpers/token';
 
 const PERSISTENT_TOKENS_KEY_PREFIX = getConfigVar('PERSISTENT_TOKENS_KEY_PREFIX') || 'recodex';
 
@@ -67,6 +68,19 @@ export const getToken = () => {
   return null;
 };
 
+const checkAccessTokenCookie = token => {
+  const cookieToken = cookies.get(TOKEN_COOKIES_KEY);
+  const decodedCookieToken = cookieToken && decode(cookieToken);
+  if (!decodedCookieToken || !isTokenValid(decodedCookieToken)) {
+    const decodedToken = token && decode(token);
+    if (decodedToken && isTokenValid(decodedToken)) {
+      storeToken(token);
+    } else {
+      removeToken();
+    }
+  }
+};
+
 /**
  * Store instance ID to both local storage and cookies.
  */
@@ -155,6 +169,8 @@ const middleware = store => next => action => {
         }
       }
 
+      checkAccessTokenCookie(action.request.accessToken);
+
       break;
   }
 

src/redux/modules/auth.js

@@ -139,8 +139,8 @@ export const selectInstance = createAction(actionTypes.SELECT_INSTANCE, instance
 
 /**
  * Authentication reducer.
- * @param  {string} accessToken An access token to initialise the reducer
- * @return {function} The initialised reducer
+ * @param  {string} accessToken An access token to initialize the reducer
+ * @return {function} The initialized reducer
  */
 const auth = (accessToken, instanceId, now = Date.now()) => {
   const decodedToken = decodeAndValidateAccessToken(accessToken, now);
@@ -168,7 +168,7 @@ const auth = (accessToken, instanceId, now = Date.now()) => {
 
       [actionTypes.LOGIN_FULFILLED]: (state, { payload: { accessToken, user }, meta: { service, popupWindow } }) => {
         closeAuthPopupWindow(popupWindow);
-        return state.getIn(['status', service]) === statusTypes.LOGGING_IN // this should prevent re-login, when explicit logout ocurred whilst refreshing token
+        return state.getIn(['status', service]) === statusTypes.LOGGING_IN // this should prevent re-login, when explicit logout occurred whilst refreshing token
           ? state
               .setIn(['status', service], statusTypes.LOGGED_IN)
               .deleteIn(['errors', service])