From ac78f801943f22c27cc6e7e9eac7ececb9fa2a5a Mon Sep 17 00:00:00 2001
From: Alexander Tumin <iamtakingiteasy@eientei.org>
Date: Mon, 14 Aug 2023 16:21:43 +0300
Subject: [PATCH] Fix OAuth2 token lingering after revocation

---
 changelog.d/oauth2-token-linger.fix | 1 +
 src/modules/users.js                | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 changelog.d/oauth2-token-linger.fix

diff --git a/changelog.d/oauth2-token-linger.fix b/changelog.d/oauth2-token-linger.fix
new file mode 100644
index 0000000000..da4e46316b
--- /dev/null
+++ b/changelog.d/oauth2-token-linger.fix
@@ -0,0 +1 @@
+Fix OAuth2 token lingering after revocation
diff --git a/src/modules/users.js b/src/modules/users.js
index e976d87536..50b4cb84d4 100644
--- a/src/modules/users.js
+++ b/src/modules/users.js
@@ -651,6 +651,12 @@ const users = {
               const response = data.error
               // Authentication failed
               commit('endLogin')
+
+              // remove authentication token on client/authentication errors
+              if ([400, 401, 403, 422].includes(response.status)) {
+                commit('clearToken')
+              }
+
               if (response.status === 401) {
                 reject(new Error('Wrong username or password'))
               } else {