Gracefully Handle Session Secret Changes for Seamless User Experience (…

…#1869) * handle decrypt error * Router Error page for code 401
gardener · May 14, 2024 · a14d452 · a14d452
1 parent 4c5d1a6
commit a14d452
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 5 deletions.
diff --git a/backend/lib/security/index.js b/backend/lib/security/index.js
@@ -355,7 +355,16 @@ async function getTokenSet (cookies) {
   if (!encryptedValues) {
     throw createError(401, 'No bearer token found in request', { code: 'ERR_JWE_NOT_FOUND' })
   }
-  const values = await decrypt(encryptedValues)
+  let values = ''
+  try {
+    values = await decrypt(encryptedValues)
+  } catch (err) {
+    const {
+      message,
+      code = 'ERR_JWE_DECRYPTION_FAILED'
+    } = err
+    throw createError(401, message, { code })
+  }
   if (!values) {
     throw createError(401, 'The decrypted bearer token must not be empty', { code: 'ERR_JWE_DECRYPTION_FAILED' })
   }

diff --git a/frontend/src/layouts/GDefault.vue b/frontend/src/layouts/GDefault.vue
@@ -11,8 +11,8 @@ SPDX-License-Identifier: Apache-2.0
         :code="routerErrorCode"
         :text="routerErrorText"
         :message="routerErrorMessage"
-        button-text="Reload this page"
-        @click="reload"
+        :button-text="buttonText"
+        @click="onClick"
       />
     </v-main>
     <template v-else>
@@ -34,6 +34,7 @@ import {
 import { onBeforeRouteUpdate } from 'vue-router'
 
 import { useAppStore } from '@/store/app'
+import { useAuthnStore } from '@/store/authn'
 
 import GError from '@/components/GError.vue'
 import GLoading from '@/components/GLoading.vue'
@@ -48,6 +49,7 @@ import { get } from '@/lodash'
 
 const logger = useLogger()
 const appStore = useAppStore()
+const authnStore = useAuthnStore()
 
 // refs
 const app = ref(null)
@@ -73,15 +75,25 @@ const routerErrorMessage = computed(() => {
   return get(err, 'response.data.message', get(err, 'message'))
 })
 
+const buttonText = computed(() => {
+  return routerErrorCode.value === 401
+    ? 'Reset Session'
+    : 'Reload this page'
+})
+
 // methods
 function setElementOverflowY (element, value) {
   if (element) {
     element.style.overflowY = value
   }
 }
 
-function reload () {
-  window.location.reload()
+function onClick () {
+  if (routerErrorCode.value === 401) {
+    authnStore.signout()
+  } else {
+    window.location.reload()
+  }
 }
 
 // hooks