From a14d452b3f59a5c4a20f8163df38f106904bbba0 Mon Sep 17 00:00:00 2001
From: Holger Koser <holger.koser@sap.com>
Date: Tue, 14 May 2024 16:44:45 +0200
Subject: [PATCH] Gracefully Handle Session Secret Changes for Seamless User
 Experience (#1869)

* handle decrypt error

* Router Error page for code 401
---
 backend/lib/security/index.js     | 11 ++++++++++-
 frontend/src/layouts/GDefault.vue | 20 ++++++++++++++++----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/backend/lib/security/index.js b/backend/lib/security/index.js
index 6671e07551..251916a85f 100644
--- a/backend/lib/security/index.js
+++ b/backend/lib/security/index.js
@@ -355,7 +355,16 @@ async function getTokenSet (cookies) {
   if (!encryptedValues) {
     throw createError(401, 'No bearer token found in request', { code: 'ERR_JWE_NOT_FOUND' })
   }
-  const values = await decrypt(encryptedValues)
+  let values = ''
+  try {
+    values = await decrypt(encryptedValues)
+  } catch (err) {
+    const {
+      message,
+      code = 'ERR_JWE_DECRYPTION_FAILED'
+    } = err
+    throw createError(401, message, { code })
+  }
   if (!values) {
     throw createError(401, 'The decrypted bearer token must not be empty', { code: 'ERR_JWE_DECRYPTION_FAILED' })
   }
diff --git a/frontend/src/layouts/GDefault.vue b/frontend/src/layouts/GDefault.vue
index 764fe43784..03eb497635 100644
--- a/frontend/src/layouts/GDefault.vue
+++ b/frontend/src/layouts/GDefault.vue
@@ -11,8 +11,8 @@ SPDX-License-Identifier: Apache-2.0
         :code="routerErrorCode"
         :text="routerErrorText"
         :message="routerErrorMessage"
-        button-text="Reload this page"
-        @click="reload"
+        :button-text="buttonText"
+        @click="onClick"
       />
     </v-main>
     <template v-else>
@@ -34,6 +34,7 @@ import {
 import { onBeforeRouteUpdate } from 'vue-router'
 
 import { useAppStore } from '@/store/app'
+import { useAuthnStore } from '@/store/authn'
 
 import GError from '@/components/GError.vue'
 import GLoading from '@/components/GLoading.vue'
@@ -48,6 +49,7 @@ import { get } from '@/lodash'
 
 const logger = useLogger()
 const appStore = useAppStore()
+const authnStore = useAuthnStore()
 
 // refs
 const app = ref(null)
@@ -73,6 +75,12 @@ const routerErrorMessage = computed(() => {
   return get(err, 'response.data.message', get(err, 'message'))
 })
 
+const buttonText = computed(() => {
+  return routerErrorCode.value === 401
+    ? 'Reset Session'
+    : 'Reload this page'
+})
+
 // methods
 function setElementOverflowY (element, value) {
   if (element) {
@@ -80,8 +88,12 @@ function setElementOverflowY (element, value) {
   }
 }
 
-function reload () {
-  window.location.reload()
+function onClick () {
+  if (routerErrorCode.value === 401) {
+    authnStore.signout()
+  } else {
+    window.location.reload()
+  }
 }
 
 // hooks