QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-07 21:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
04c7682e73faf64974aa0f964eff9e413fd04e35
InvoiceShelf/resources/scripts/admin/stores/auth.js
Darko Gjorgjijoski 0d7059fcf6 Fix logout/re-login CSRF mismatch and stale token issues 
Cherry-picked from v3.0 branch. Three fixes:
1. Refresh CSRF cookie after logout (auth.js)
2. Clear auth.token and selectedCompany from localStorage on logout (auth.js)
3. Invalidate session and regenerate CSRF token on server-side logout (web.php)

Without these, logging out and back in as a different user would fail
with CSRF token mismatch and 401 Unauthenticated errors because the
browser held stale session cookies and localStorage tokens.
2026-04-03 23:53:56 +02:00

78 lines
2.3 KiB
JavaScript
Vendored
Raw Blame History

import http from '@/scripts/http'
import { defineStore } from 'pinia'
import { useNotificationStore } from '@/scripts/stores/notification'
import { handleError } from '@/scripts/helpers/error-handling'
export const useAuthStore = (useWindow = false) => {
const defineStoreFunc = useWindow ? window.pinia.defineStore : defineStore
const { global } = window.i18n
return defineStoreFunc('auth', {
state: () => ({
status: '',
loginData: {
email: '',
password: '',
remember: '',
},
}),
actions: {
login(data) {
return new Promise((resolve, reject) => {
http.get('/sanctum/csrf-cookie').then((response) => {
if (response) {
http
.post('/login', data)
.then((response) => {
resolve(response)
setTimeout(() => {
this.loginData.email = ''
this.loginData.password = ''
}, 1000)
})
.catch((err) => {
handleError(err)
reject(err)
})
}
})
})
},
logout() {
return new Promise((resolve, reject) => {
http
.post('/auth/logout')
.then(async (response) => {
const notificationStore = useNotificationStore()
notificationStore.showNotification({
type: 'success',
message: 'Logged out successfully.',
})
// Clear stored auth data so next login doesn't send stale tokens
window.Ls.remove('auth.token')
window.Ls.remove('selectedCompany')
// Refresh CSRF token so next login works cleanly
await http.get('/sanctum/csrf-cookie').catch(() => {})
window.router.push('/login')
resolve(response)
})
.catch((err) => {
handleError(err)
window.Ls.remove('auth.token')
window.Ls.remove('selectedCompany')
http.get('/sanctum/csrf-cookie').catch(() => {})
window.router.push('/login')
reject(err)
})
})
},
},
})()
}
Reference in New Issue View Git Blame Copy Permalink