When a session expires in the web UI, the login flow doesn't work until I clear local storage. Specifically, after the login flow completes and I'm sent back to the Verdaccio landing page, it still says "Login" and I can't access anything. If I clear local storage manually and then go through the login flow, it works as expected.
Expected behavior
Going through the login flow again after a session expires should work.
Steps to reproduce
Login on the web UI
Wait an hour for the token to expire
You should now see a "Login" button again as the UI detects your session is expired
Click "Login" and go through the auth flow
When you return to the landing page, you'll still see the "Login" button and are unable to access content
Additional context
I did some investigating and found a few things that might help:
When your session expires, the token value remains in local storage. The only code path I found that removes this value is clicking the "Logout" button, but unfortunately this button isn't visible on the page when your session has expired.
Upon completing the login flow, the saveCredentials call that would save the new values into local storage does not get invoked. This is because the isLoggedIn function returns true a few lines before.
As mentioned in the previous line, isLoggedIn returns true when a session has expired. It doesn't seem to check the expiry date in the JWT token, it simply checks that the token exists.
Bug Report
Versions
Environment
Observed behavior
When a session expires in the web UI, the login flow doesn't work until I clear local storage. Specifically, after the login flow completes and I'm sent back to the Verdaccio landing page, it still says "Login" and I can't access anything. If I clear local storage manually and then go through the login flow, it works as expected.
Expected behavior
Going through the login flow again after a session expires should work.
Steps to reproduce
Additional context
I did some investigating and found a few things that might help:
token
value remains in local storage. The only code path I found that removes this value is clicking the "Logout" button, but unfortunately this button isn't visible on the page when your session has expired.saveCredentials
call that would save the new values into local storage does not get invoked. This is because theisLoggedIn
function returns true a few lines before.isLoggedIn
returns true when a session has expired. It doesn't seem to check the expiry date in the JWT token, it simply checks that the token exists.