fix: infinite refresh when unauthorized is used to ban account

annuaire-entreprises-data-gouv-fr · Jan 17, 2024 · 7cde289 · 7cde289
1 parent 86ef13e
commit 7cde289
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/src/utils/auth/api-rne/index.ts b/src/utils/auth/api-rne/index.ts
@@ -70,13 +70,21 @@ const authApiRneClient = async (
     }
     return await callback();
   } catch (e: any) {
-    console.log(e);
-    if (e instanceof HttpTooManyRequests) {
+    /**
+     * Either INPI returns too many requests or unauthorized
+     *
+     * Unauthorized can either be
+     * - token needs to be refresh
+     * - account is blocked
+     *
+     * In both case rotating account is safer
+     */
+    if (
+      e instanceof HttpTooManyRequests ||
+      e instanceof HttpUnauthorizedError
+    ) {
       const shouldRotateAccount = true;
       _token = await refreshToken(shouldRotateAccount);
-    }
-    if (e instanceof HttpUnauthorizedError) {
-      _token = await refreshToken();
       return await callback();
     } else {
       throw e;