Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: return a rejected promise when inner token is null or undefined #83

Merged
merged 1 commit into from
Jun 4, 2020
Merged

fix: return a rejected promise when inner token is null or undefined #83

merged 1 commit into from
Jun 4, 2020

Conversation

erezrokah
Copy link
Contributor

Related to decaporg/decap-cms#941, specifically decaporg/decap-cms#941 (comment)

When a call to _refreshToken inside the jwt methods fails, the inner token property is set to null here:

gotrue-js/src/user.js

Line 95 in 7f85187

this.clearSession();

That can happen when the refresh token is no longer valid as specified here netlify/netlify-identity-widget#142 (comment)

Subsequence calls to jwt will fail when trying to access a null token, but won't return a rejected promise thus breaking catch clauses like these ones:

gotrue-js/src/user.js

Line 72 in 7f85187

return this._request("/logout", { method: "POST" })

https://github.com/netlify/netlify-identity-widget/blob/c104dd18bb3b87d2a66936e15f064d5659259686/src/state/store.js#L146

since jwt is called on each _request that makes error handling very problematic once a refresh operation fails.

The fix is to return a rejected promise if the token is null or undefined

@erezrokah erezrokah added the type: bug code to address defects in shipped code label Jun 2, 2020
@erezrokah erezrokah mentioned this pull request Jun 2, 2020
Merged
@ehmicky ehmicky self-requested a review June 4, 2020 14:11
ehmicky
ehmicky approved these changes Jun 4, 2020
View reviewed changes
Copy link
Contributor

@ehmicky ehmicky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@erezrokah erezrokah merged commit 2ae4de5 into master Jun 4, 2020
@erezrokah erezrokah deleted the fix/reject_jwt_null_token branch June 4, 2020 14:28
erezrokah pushed a commit that referenced this pull request Jun 30, 2020
@semantic-release-bot
chore(release): 0.9.26 [skip ci]
8d4672a 
## [0.9.26](v0.9.25...v0.9.26) (2020-06-30)

### Bug Fixes

* **docs:** format readme file and add some missing arguments ([#110](#110)) ([738998e](738998e))
* return a rejected promise when inner token is null or undefined ([#83](#83)) ([2ae4de5](2ae4de5))
@erezrokah
Copy link
Contributor Author

🎉 This PR is included in version 0.9.26 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@dependabot dependabot bot mentioned this pull request Mar 12, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehmicky ehmicky ehmicky approved these changes

Assignees

@erezrokah erezrokah

Labels
released type: bug code to address defects in shipped code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erezrokah @ehmicky