Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout does not clear localStorage (AngularJS) when backend logout fails #1081

Closed
thovden opened this issue Feb 9, 2015 · 6 comments
Closed

Logout does not clear localStorage (AngularJS) when backend logout fails #1081

thovden opened this issue Feb 9, 2015 · 6 comments
Labels
triaging

Comments

@thovden
Copy link

thovden commented Feb 9, 2015

This happens e.g., when the client presents an invalid authorization token to the REST API, which will respond 500, and the interceptor that clears localStorage will not run.

To reproduce (using angularJS-generated model bindings)

  1. Log in using the AngularJS SDK-generated support code
  2. Edit the authorization token in the client browser - e.g., localStorage.$LoopBack$accessTokenId = "foo"
  3. Try to Log out in the client. The server will now respond 500 "invalid token" (or similar)

The interceptor code will not run, leaving the invalid token in localStorage, meaning we're stuck. User.isAuthenticated() will respond true, but calls will not be authorized. We need the interceptor to run even if the server presents a 500 invalid token. For the AngularJS SDK code:

        "logout": {
          interceptor: {
            response: function(response) {
              LoopBackAuth.clearUser();
              LoopBackAuth.clearStorage();
              return response.resource;
            }
          },
@superkhau
Copy link
Contributor

Can you provide a repo with steps-to-reproduce? See https://github.com/strongloop/loopback/wiki/Reporting-issues#bug-report

@barocsi barocsi mentioned this issue Oct 29, 2015
Closed
@loay
Copy link
Contributor

loay commented Feb 11, 2016

Hi @thovden
There were couple of fixes in that issue: #1669
Any luck with those?
Thanks.

@thovden
Copy link
Author

thovden commented Feb 12, 2016

Thanks for the update - haven't tried those fixes - will do.

On Thu, Feb 11, 2016 at 8:02 PM, Loay notifications@github.com wrote:

Hi @thovden https://github.com/thovden
There were couple of fixes in that issue: #1669
#1669
Any luck with those?
Thanks.


Reply to this email directly or view it on GitHub
#1081 (comment)
.

@bradwbradw
Copy link

My workaround is to use the $promise.catch block to manually remove the local storage item if a token has expired. Ideally Loopback could handle this, though, because then I could test properly. The test environment won't be able to access window functions. (User in this code is the Loopback User model)


      logoutTheUser: function () {
        return User.logout().$promise
          .then(function(){
                $state.go('base', {}, {reload: true});
          })
          .catch(function(){
                $log.error('token expired, cannot call logout because of loopback bug');
                window.localStorage.removeItem('$LoopBack$accessTokenId');
                window.localStorage.removeItem('$LoopBack$currentUserId');
                $state.go('base', {}, {reload: true});
            });
      },

@mrbatista
Copy link

See this PR that solve the problem.

@richardpringle
Copy link
Contributor

Looks like this has been solved: closing. If the issue persists, please re-open this issue and mention me in a comment so I can take a look right away.

@mrbatista, thanks for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@thovden @superkhau @loay @richardpringle @bradwbradw @mrbatista