Fix JWT leak (#6815)

Should fix [cloud-v2#464](enso-org/cloud-v2#464). # Important Notes I'm not 100% clear on how to repro the issue so i'm partly just guessing the root cause. I have eliminated various other things from being potential causes though - e.g. `localStorage` indicates that the AWS libraries are clearing their entries as expected.
enso-org · May 26, 2023 · 245ff8d · 245ff8d
1 parent 89d5b11
commit 245ff8d
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/app/ide-desktop/lib/dashboard/src/authentication/src/authentication/providers/auth.tsx b/app/ide-desktop/lib/dashboard/src/authentication/src/authentication/providers/auth.tsx
@@ -31,7 +31,9 @@ const MESSAGES = {
     forgotPasswordSuccess: 'We have sent you an email with further instructions!',
     changePasswordSuccess: 'Successfully changed password!',
     resetPasswordSuccess: 'Successfully reset password!',
+    signOutLoading: 'Logging out...',
     signOutSuccess: 'Successfully logged out!',
+    signOutError: 'Error logging out, please try again.',
     pleaseWait: 'Please wait...',
 } as const
 
@@ -149,7 +151,7 @@ export interface AuthProviderProps {
 export function AuthProvider(props: AuthProviderProps) {
     const { authService, onAuthenticated, children } = props
     const { cognito } = authService
-    const { session } = sessionProvider.useSession()
+    const { session, deinitializeSession } = sessionProvider.useSession()
     const { setBackend } = backendProvider.useSetBackend()
     const logger = loggerProvider.useLogger()
     const navigate = router.useNavigate()
@@ -326,9 +328,14 @@ export function AuthProvider(props: AuthProviderProps) {
     }
 
     const signOut = async () => {
+        deinitializeSession()
         setInitialized(false)
-        await cognito.signOut()
-        toast.success(MESSAGES.signOutSuccess)
+        setUserSession(null)
+        await toast.promise(cognito.signOut(), {
+            success: MESSAGES.signOutSuccess,
+            error: MESSAGES.signOutError,
+            loading: MESSAGES.signOutLoading,
+        })
         return true
     }
 

diff --git a/app/ide-desktop/lib/dashboard/src/authentication/src/authentication/providers/session.tsx b/app/ide-desktop/lib/dashboard/src/authentication/src/authentication/providers/session.tsx
@@ -16,6 +16,8 @@ import * as listen from '../listen'
 /** State contained in a {@link SessionContext}. */
 interface SessionContextType {
     session: results.Option<cognito.UserSession>
+    /** Set `initialized` to false. Must be called when logging out. */
+    deinitializeSession: () => void
 }
 
 /** See `AuthContext` for safety details. */
@@ -58,7 +60,7 @@ export function SessionProvider(props: SessionProviderProps) {
     const [initialized, setInitialized] = react.useState(false)
 
     /** Register an async effect that will fetch the user's session whenever the `refresh` state is
-     * incremented. This is useful when a user has just logged in (as their cached credentials are
+     * set. This is useful when a user has just logged in (as their cached credentials are
      * out of date, so this will update them). */
     const session = hooks.useAsyncEffect(
         results.None,
@@ -112,10 +114,14 @@ export function SessionProvider(props: SessionProviderProps) {
         return cancel
     }, [registerAuthEventListener])
 
-    const value = { session }
+    const deinitializeSession = () => {
+        setInitialized(false)
+    }
 
     return (
-        <SessionContext.Provider value={value}>{initialized && children}</SessionContext.Provider>
+        <SessionContext.Provider value={{ session, deinitializeSession }}>
+            {initialized && children}
+        </SessionContext.Provider>
     )
 }