vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

PM-5263 - Clear all tokens on logout (#8536)

This commit is contained in:
Jared Snider 2024-03-28 16:56:02 -04:00 committed by GitHub
parent 7021e94475
commit ebe5a46b57
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libs/common/src/auth/services/token.state.ts
View File

@ -1,5 +1,9 @@
import { KeyDefinition, TOKEN_DISK, TOKEN_DISK_LOCAL, TOKEN_MEMORY } from "../../platform/state";
// Note: all tokens / API key information must be cleared on logout.
// because we are using secure storage, we must manually call to clean up our tokens.
// See stateService.deAuthenticateAccount for where we call clearTokens(...)
export const ACCESS_TOKEN_DISK = new KeyDefinition<string>(TOKEN_DISK, "accessToken", {
deserializer: (accessToken) => accessToken,
});

4
libs/common/src/platform/services/state.service.ts
View File

@ -1729,7 +1729,9 @@ export class StateService<
}
protected async deAuthenticateAccount(userId: string): Promise<void> {
await this.tokenService.clearAccessToken(userId as UserId);
// We must have a manual call to clear tokens as we can't leverage state provider to clean
// up our data as we have secure storage in the mix.
await this.tokenService.clearTokens(userId as UserId);
await this.setLastActive(null, { userId: userId });
await this.updateState(async (state) => {
state.authenticatedAccounts = state.authenticatedAccounts.filter((id) => id !== userId);