Merge branch 'fix-oauth2-token-linger' into 'develop'

Fix OAuth2 token lingering after revocation See merge request !1852

Merge branch 'fix-oauth2-token-linger' into 'develop'
b1670255 · tusooa · 3c041b2b · ac78f801 · b1670255 · b1670255
Commit b1670255 authored 1 year ago by tusooa
--- a/changelog.d/oauth2-token-linger.fix
+++ b/changelog.d/oauth2-token-linger.fix
+Fix OAuth2 token lingering after revocation
--- a/src/modules/users.js
+++ b/src/modules/users.js
@@ -651,6 +651,12 @@ const users = {
              const response = data.error
              // Authentication failed
              commit('endLogin')
+              // remove authentication token on client/authentication errors
+              if ([400, 401, 403, 422].includes(response.status)) {
+                commit('clearToken')
+              }
              if (response.status === 401) {
                reject(new Error('Wrong username or password'))
              } else {