From 284740a6f6d3d660d6a085ce56c0ac8225cd4cb3 Mon Sep 17 00:00:00 2001 From: Mikhala <122326421+imx-mikhala@users.noreply.github.com> Date: Thu, 19 Dec 2024 10:21:27 +0800 Subject: [PATCH] fix: ID-3129 Prevent Unknown or invalid refresh token requests from being triggered multiple times (#2479) --- packages/passport/sdk/src/authManager.test.ts | 2 +- packages/passport/sdk/src/authManager.ts | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/packages/passport/sdk/src/authManager.test.ts b/packages/passport/sdk/src/authManager.test.ts index 54f2c40f94..3bd7bc0ddd 100644 --- a/packages/passport/sdk/src/authManager.test.ts +++ b/packages/passport/sdk/src/authManager.test.ts @@ -460,7 +460,7 @@ describe('AuthManager', () => { await expect(() => authManager.getUser()).rejects.toThrow( new PassportError( - 'Failed to refresh token: oops', + 'Failed to refresh token: oops: Failed to remove user: this.userManager.removeUser is not a function', PassportErrorType.AUTHENTICATION_ERROR, ), ); diff --git a/packages/passport/sdk/src/authManager.ts b/packages/passport/sdk/src/authManager.ts index f1fafab3ef..fc3edc4aba 100644 --- a/packages/passport/sdk/src/authManager.ts +++ b/packages/passport/sdk/src/authManager.ts @@ -481,18 +481,31 @@ export default class AuthManager { } catch (err) { let passportErrorType = PassportErrorType.AUTHENTICATION_ERROR; let errorMessage = 'Failed to refresh token'; + let removeUser = true; if (err instanceof ErrorTimeout) { passportErrorType = PassportErrorType.SILENT_LOGIN_ERROR; + errorMessage = `${errorMessage}: ${err.message}`; + removeUser = false; } else if (err instanceof ErrorResponse) { passportErrorType = PassportErrorType.NOT_LOGGED_IN_ERROR; - errorMessage = `${err.message}: ${err.error_description}`; + errorMessage = `${errorMessage}: ${err.message || err.error_description}`; } else if (err instanceof Error) { - errorMessage = err.message; + errorMessage = `${errorMessage}: ${err.message}`; } else if (typeof err === 'string') { errorMessage = `${errorMessage}: ${err}`; } + if (removeUser) { + try { + await this.userManager.removeUser(); + } catch (removeUserError) { + if (removeUserError instanceof Error) { + errorMessage = `${errorMessage}: Failed to remove user: ${removeUserError.message}`; + } + } + } + reject(new PassportError(errorMessage, passportErrorType)); } finally { this.refreshingPromise = null; // Reset the promise after completion