Reset local creds if access is denied (#9114)

2025-12-18 07:07:35 +01:00 · 2017-09-30 23:15:24 -05:00
parent e87c180e9b
commit 1f895fda44
2 changed files with 18 additions and 5 deletions
--- a/website/client/app.vue
+++ b/website/client/app.vue
@@ -144,6 +144,16 @@ export default {
      return response;
    }, (error) => {
      if (error.response.status >= 400) {
+        // Check for conditions to reset the user auth
+        const invalidUserMessage = [this.$t('invalidCredentials'), 'Missing authentication headers.'];
+        if (invalidUserMessage.indexOf(error.response.data.message) !== -1) {
+          localStorage.removeItem('habit-mobile-settings');
+          localStorage.removeItem('hello');
+          this.$store.state.isUserLoggedIn = false;
+          window.location.href = '/static/home';
+          return Promise.reject(error);
+        }
+
        // Don't show errors from getting user details. These users have delete their account,
        // but their chat message still exists.
        let configExists = Boolean(error.response) && Boolean(error.response.config);
--- a/website/client/store/index.js
+++ b/website/client/store/index.js
@@ -22,12 +22,15 @@ let AUTH_SETTINGS = localStorage.getItem('habit-mobile-settings');

 if (AUTH_SETTINGS) {
  AUTH_SETTINGS = JSON.parse(AUTH_SETTINGS);
-  axios.defaults.headers.common['x-api-user'] = AUTH_SETTINGS.auth.apiId;
-  axios.defaults.headers.common['x-api-key'] = AUTH_SETTINGS.auth.apiToken;

-  axios.defaults.headers.common['x-user-timezoneOffset'] = browserTimezoneOffset;
+  if (AUTH_SETTINGS.auth && AUTH_SETTINGS.auth.apiId && AUTH_SETTINGS.auth.apiToken) {
+    axios.defaults.headers.common['x-api-user'] = AUTH_SETTINGS.auth.apiId;
+    axios.defaults.headers.common['x-api-key'] = AUTH_SETTINGS.auth.apiToken;

-  isUserLoggedIn = true;
+    axios.defaults.headers.common['x-user-timezoneOffset'] = browserTimezoneOffset;
+
+    isUserLoggedIn = true;
+  }
 }

 const i18nData = window && window['habitica-i18n'];
@@ -57,7 +60,7 @@ export default function () {
      isUserLoaded: false, // Means the user and the user's tasks are ready
      isAmazonReady: false, // Whether the Amazon Payments lib can be used
      user: asyncResourceFactory(),
-      credentials: AUTH_SETTINGS ? {
+      credentials: isUserLoggedIn ? {
        API_ID: AUTH_SETTINGS.auth.apiId,
        API_TOKEN: AUTH_SETTINGS.auth.apiToken,
      } : {},