From 63f1df4015fbfa0a7f70f914f016708e27def9a6 Mon Sep 17 00:00:00 2001 From: Igor Serebryany Date: Fri, 6 Oct 2023 15:35:04 -0700 Subject: [PATCH] don't save proxy user's tokens in localstorage we still want those tokens, we will use them in the mobile app. but we don't want them client side, otherwise proxy users remain logged in. we centralize the logic around storing the token, and turn `setUser` into an action vs a mutation --- client/layouts/default.vue | 4 ++-- client/pages/account.vue | 5 +---- client/pages/login.vue | 2 +- client/store/user.js | 23 ++++++++++++++--------- server/Auth.js | 9 +-------- 5 files changed, 19 insertions(+), 24 deletions(-) diff --git a/client/layouts/default.vue b/client/layouts/default.vue index 2817f23f8..6b033e866 100644 --- a/client/layouts/default.vue +++ b/client/layouts/default.vue @@ -293,7 +293,7 @@ export default { }, userUpdated(user) { if (this.$store.state.user.user.id === user.id) { - this.$store.commit('user/setUser', user) + this.$store.dispatch('user/setUser', user) } }, userOnline(user) { @@ -656,4 +656,4 @@ export default { margin-left: 0px; } } - \ No newline at end of file + diff --git a/client/pages/account.vue b/client/pages/account.vue index beb13fc3f..624dcda17 100644 --- a/client/pages/account.vue +++ b/client/pages/account.vue @@ -98,10 +98,7 @@ export default { this.$axios.$post('/logout', logoutPayload).catch((error) => { console.error(error) }) - if (localStorage.getItem('token')) { - localStorage.removeItem('token') - } - this.$store.commit('user/setUser', null) + this.$store.dispatch('user/setUser', null) this.$store.commit('libraries/setUserPlaylists', []) this.$store.commit('libraries/setCollections', []) this.$router.push('/login') diff --git a/client/pages/login.vue b/client/pages/login.vue index 847059f72..e1ce28514 100644 --- a/client/pages/login.vue +++ b/client/pages/login.vue @@ -144,8 +144,8 @@ export default { } this.$store.commit('libraries/setCurrentLibrary', userDefaultLibraryId) - this.$store.commit('user/setUser', user) + this.$store.dispatch('user/setUser', user) this.$store.dispatch('user/loadUserSettings') }, async submitForm() { diff --git a/client/store/user.js b/client/store/user.js index 85babb09e..fcf003a91 100644 --- a/client/store/user.js +++ b/client/store/user.js @@ -131,21 +131,26 @@ export const actions = { } catch (error) { console.error('Failed to load userSettings from local storage', error) } - } + }, + setUser({ commit }, user) { + commit('setUser', user) + commit('setUserToken', user ? user.token : null) + }, } export const mutations = { setUser(state, user) { state.user = user - if (user) { - if (user.token) localStorage.setItem('token', user.token) - } else { - localStorage.removeItem('token') - } }, setUserToken(state, token) { - state.user.token = token - localStorage.setItem('token', user.token) + if (!token) { + localStorage.removeItem('token') + } else if (state.user && state.user.isFromProxy) { + localStorage.removeItem('token') + } else { + state.user.token = token + localStorage.setItem('token', token) + } }, updateMediaProgress(state, { id, data }) { if (!state.user) return @@ -165,4 +170,4 @@ export const mutations = { localStorage.setItem('userSettings', JSON.stringify(settings)) state.settings = settings } -} \ No newline at end of file +} diff --git a/server/Auth.js b/server/Auth.js index ede011c74..4f1ee3c5d 100644 --- a/server/Auth.js +++ b/server/Auth.js @@ -158,8 +158,6 @@ class Auth { email, type: 'user', isActive: true, - token: null, - isFromProxy: true, } return await this.createUser(account) @@ -179,12 +177,7 @@ class Auth { delete account.password account.pash = await this.hashPass(password) - - // proxy users don't get a token - if (!account.isFromProxy) { - account.token = await this.generateAccessToken({ userId: account.id, username }) - } - + account.token = await this.generateAccessToken({ userId: account.id, username }) account.createdAt = Date.now() const newUser = new User(account)