Fix infinite refresh loop

2026-04-03 03:00:39 -04:00 · 2020-07-31 10:15:24 -04:00
parent 403428356a
commit f5096fc3cd
3 changed files with 33 additions and 5 deletions
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -63,9 +63,10 @@ app.get('/', (req, res) => res.redirect('/admin/'))
 	.use('/admin', express.static(path.join(__dirname, 'admin')))
 	.use('/admin/*', (req, res) => res.sendFile(path.join(__dirname, 'admin/index.html')))

+	.use('/auth', authRouter)
+
 	.use(authenticate)

-	.use('/auth', authRouter)
 	.use('/activity', activityRouter)
 	.use('/assets', assetsRouter)
 	.use('/collections', collectionsRouter)
--- a/api/src/routes/auth.ts
+++ b/api/src/routes/auth.ts
@@ -21,8 +21,14 @@ const loginSchema = Joi.object({
 router.post(
 	'/login',
 	asyncHandler(async (req, res) => {
+		const accountability = {
+			ip: req.ip,
+			userAgent: req.get('user-agent'),
+			role: null,
+		};
+
 		const authenticationService = new AuthenticationService({
-			accountability: req.accountability,
+			accountability: accountability,
 		});

 		const { error } = loginSchema.validate(req.body);
@@ -71,9 +77,16 @@ router.post(
 	'/refresh',
 	cookieParser(),
 	asyncHandler(async (req, res) => {
+		const accountability = {
+			ip: req.ip,
+			userAgent: req.get('user-agent'),
+			role: null,
+		};
+
 		const authenticationService = new AuthenticationService({
-			accountability: req.accountability,
+			accountability: accountability,
 		});
+
 		const currentRefreshToken = req.body.refresh_token || req.cookies.directus_refresh_token;

 		if (!currentRefreshToken) {
@@ -115,8 +128,14 @@ router.post(
 	'/logout',
 	cookieParser(),
 	asyncHandler(async (req, res) => {
+		const accountability = {
+			ip: req.ip,
+			userAgent: req.get('user-agent'),
+			role: null,
+		};
+
 		const authenticationService = new AuthenticationService({
-			accountability: req.accountability,
+			accountability: accountability,
 		});

 		const currentRefreshToken = req.body.refresh_token || req.cookies.directus_refresh_token;
@@ -146,8 +165,14 @@ router.use(grant.express()(getGrantConfig()));
 router.get(
 	'/sso/:provider/callback',
 	asyncHandler(async (req, res) => {
+		const accountability = {
+			ip: req.ip,
+			userAgent: req.get('user-agent'),
+			role: null,
+		};
+
 		const authenticationService = new AuthenticationService({
-			accountability: req.accountability,
+			accountability: accountability,
 		});

 		const email = getEmailFromProfile(req.params.provider, req.session!.grant.response.profile);
--- a/app/src/auth.ts
+++ b/app/src/auth.ts
@@ -72,6 +72,8 @@ export async function logout(optionsRaw: LogoutOptions = {}) {
 		reason: LogoutReason.SIGN_OUT,
 	};

+	delete api.defaults.headers.Authorization;
+
 	const options = { ...defaultOptions, ...optionsRaw };

 	// Only if the user manually signed out should we kill the session by hitting the logout endpoint