Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

userSignedIn() returns true even with expired/invalid token #466

Open
1 task done
acegilz opened this issue Aug 25, 2018 · 11 comments
Open
1 task done

userSignedIn() returns true even with expired/invalid token #466

acegilz opened this issue Aug 25, 2018 · 11 comments

Comments

@acegilz
Copy link
Contributor

acegilz commented Aug 25, 2018

I'm submitting a...

  • Other... Please describe:

Current behavior

I use the UserSignedin() to detect if the user is signed in:

if (this.authTokenService.userSignedIn() == true) {
     //authenticated calls
}

However sometimes after several minutes of login/calls I start receiving 401 errors from the backend, and I conclude that somehow angular-token is assuming it's logged in but don't accepted on the backed.

I am pretty sure this is a bug, but I would like to know what am I doing wrong, and also what's the correct approach to verify it the token is valid and if the user is logged in? I used the validateToken() before but also run in similar issues that's why I switched to this approach

@arjenbrandenburgh
Copy link
Collaborator

arjenbrandenburgh commented Aug 26, 2018

You can try setting the option signOutFailedValidate to true.
This way, when a validateToken fails, the frontend will also assume it's not signed in

@acegilz
Copy link
Contributor Author

acegilz commented Aug 26, 2018

@arjenbrandenburgh thanks, that behavior should be perfect and IMO come by default, will try

@arjenbrandenburgh
Copy link
Collaborator

Closing this issue.
If this issue still persists, feel free to re-open.

@acegilz
Copy link
Contributor Author

acegilz commented Aug 31, 2018

@arjenbrandenburgh This solution is not working, it returns 401 and still don't officially logout (clear localstorage things etc)
The reason why it logs out it's also uncertain, I think it may be related with this issue: #457

@acegilz
Copy link
Contributor Author

acegilz commented Aug 31, 2018

screenshot 2018-08-31 04 14 22

screenshot 2018-08-31 04 13 57

@neroniaky neroniaky reopened this Aug 31, 2018
@Grafexy
Copy link
Contributor

Grafexy commented Aug 31, 2018

it's not signing out because of

https://github.com/neroniaky/angular-token/blob/master/projects/angular-token/src/lib/angular-token.service.ts#L251

it is calling signOut function, but signOut will return observer and it will not run because nothing is subscribed to it

@acegilz
Copy link
Contributor Author

acegilz commented Aug 31, 2018

Yes, it makes sense now...

I'll try to find another way to fix this issue and also why it logs out in the first place

@neroniaky
Copy link
Owner

@Grafexy Good catch 👍

@zinderud
Copy link

zinderud commented Sep 1, 2018

my solution

  getToken(): string {
    return localStorage.getItem("accessToken");
  }
  getTokenExpirationDate(token: string): Date {
    if (!token) token = this.getToken();
    if (localStorage.getItem("expiry") === undefined) return null;
    const date = new Date(0);
    date.setUTCSeconds(+localStorage.getItem("expiry"));
    return date;
  }
  isTokenExpired(token?: string): boolean {
    const date = this.getTokenExpirationDate(token);
    console.log("date", date, date.valueOf(), new Date().valueOf());
    if (date === undefined) return false;
    return !(date.valueOf() > new Date().valueOf());
  }

@acegilz
Copy link
Contributor Author

acegilz commented Sep 1, 2018

@zinderud where / when / what frequency do you call that isTokenExpired() ?

@zinderud
Copy link

zinderud commented Sep 1, 2018

my usage

import { Injectable } from '@angular/core';
import { CanActivate, Router } from '@angular/router';
import { Angular2TokenService } from './angular2-token.service';
import { AuthService } from './auth.service';

@Injectable()
export class AuthGuard implements CanActivate {

  constructor (
    private authService: AuthService,
    public aService: Angular2TokenService,
    private router: Router
  ) {}

  public canActivate() {

    if (!this.authService.isTokenExpired() && this.aService.userSignedIn()) {
      return true;
    } else {
      this.router.navigate(['/']);
      return false;
    }
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants