QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 09:14:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
acce67f51441c03a2a2eff372e3f069f5b6fc3bf
InvoiceShelf/resources/scripts/admin/stores/auth.js
Darko Gjorgjijoski acce67f514 Fix CSRF token mismatch after logout by refreshing cookie 
After logout invalidates the session, the SPA still holds the old CSRF
cookie. Subsequent login attempts succeed but bootstrap/API calls fail
with CSRF mismatch, causing redirect back to login. Fix: fetch a fresh
CSRF cookie via /sanctum/csrf-cookie after logout completes.
2026-04-03 23:46:07 +02:00

73 lines
2.0 KiB
JavaScript
Vendored
Raw Blame History

import http from '@/scripts/http'
import { defineStore } from 'pinia'
import { useNotificationStore } from '@/scripts/stores/notification'
import { handleError } from '@/scripts/helpers/error-handling'
export const useAuthStore = (useWindow = false) => {
const defineStoreFunc = useWindow ? window.pinia.defineStore : defineStore
const { global } = window.i18n
return defineStoreFunc('auth', {
state: () => ({
status: '',
loginData: {
email: '',
password: '',
remember: '',
},
}),
actions: {
login(data) {
return new Promise((resolve, reject) => {
http.get('/sanctum/csrf-cookie').then((response) => {
if (response) {
http
.post('/login', data)
.then((response) => {
resolve(response)
setTimeout(() => {
this.loginData.email = ''
this.loginData.password = ''
}, 1000)
})
.catch((err) => {
handleError(err)
reject(err)
})
}
})
})
},
logout() {
return new Promise((resolve, reject) => {
http
.post('/auth/logout')
.then(async (response) => {
const notificationStore = useNotificationStore()
notificationStore.showNotification({
type: 'success',
message: 'Logged out successfully.',
})
// Refresh CSRF token so next login works cleanly
await http.get('/sanctum/csrf-cookie').catch(() => {})
window.router.push('/login')
resolve(response)
})
.catch((err) => {
handleError(err)
// Still refresh CSRF and redirect on error
http.get('/sanctum/csrf-cookie').catch(() => {})
window.router.push('/login')
reject(err)
})
})
},
},
})()
}
Reference in New Issue View Git Blame Copy Permalink