Fix OAuth2 token lingering after revocation

2023-08-14 16:21:43 +03:00 · 2023-08-14 16:21:43 +03:00 · ac78f80194
parent a1641193b5
commit ac78f80194
2 changed files with 7 additions and 0 deletions
--- a/changelog.d/oauth2-token-linger.fix
+++ b/changelog.d/oauth2-token-linger.fix
@ -0,0 +1 @@
+Fix OAuth2 token lingering after revocation
--- a/src/modules/users.js
+++ b/src/modules/users.js
@ -651,6 +651,12 @@ const users = {
              const response = data.error
              // Authentication failed
              commit('endLogin')
+
+              // remove authentication token on client/authentication errors
+              if ([400, 401, 403, 422].includes(response.status)) {
+                commit('clearToken')
+              }
+
              if (response.status === 401) {
                reject(new Error('Wrong username or password'))
              } else {