search

neroniaky / angular-token

:key: Token based authentication service for Angular with interceptor and multi-user support. Works best with devise token auth for Rails. Example:
https://stackblitz.com/github/neroniaky/angular-token
MIT License
370 stars 188 forks source link

userSignedIn() returns true even with expired/invalid token #466

Open acegilz opened 6 years ago

acegilz commented 6 years ago

I'm submitting a...

Current behavior

I use the UserSignedin() to detect if the user is signed in:

if (this.authTokenService.userSignedIn() == true) {
     //authenticated calls
}

However sometimes after several minutes of login/calls I start receiving 401 errors from the backend, and I conclude that somehow angular-token is assuming it's logged in but don't accepted on the backed.

I am pretty sure this is a bug, but I would like to know what am I doing wrong, and also what's the correct approach to verify it the token is valid and if the user is logged in? I used the validateToken() before but also run in similar issues that's why I switched to this approach

arjenbrandenburgh commented 6 years ago

You can try setting the option signOutFailedValidate to true. This way, when a validateToken fails, the frontend will also assume it's not signed in

acegilz commented 6 years ago

@arjenbrandenburgh thanks, that behavior should be perfect and IMO come by default, will try

arjenbrandenburgh commented 6 years ago

Closing this issue. If this issue still persists, feel free to re-open.

acegilz commented 6 years ago

@arjenbrandenburgh This solution is not working, it returns 401 and still don't officially logout (clear localstorage things etc) The reason why it logs out it's also uncertain, I think it may be related with this issue: https://github.com/neroniaky/angular-token/issues/457

acegilz commented 6 years ago
screenshot 2018-08-31 04 14 22 screenshot 2018-08-31 04 13 57
Grafexy commented 6 years ago

it's not signing out because of

https://github.com/neroniaky/angular-token/blob/master/projects/angular-token/src/lib/angular-token.service.ts#L251

it is calling signOut function, but signOut will return observer and it will not run because nothing is subscribed to it

acegilz commented 6 years ago

Yes, it makes sense now...

I'll try to find another way to fix this issue and also why it logs out in the first place

neroniaky commented 6 years ago

@Grafexy Good catch 👍

zinderud commented 6 years ago

my solution 

  getToken(): string {
    return localStorage.getItem("accessToken");
  }
  getTokenExpirationDate(token: string): Date {
    if (!token) token = this.getToken();
    if (localStorage.getItem("expiry") === undefined) return null;
    const date = new Date(0);
    date.setUTCSeconds(+localStorage.getItem("expiry"));
    return date;
  }
  isTokenExpired(token?: string): boolean {
    const date = this.getTokenExpirationDate(token);
    console.log("date", date, date.valueOf(), new Date().valueOf());
    if (date === undefined) return false;
    return !(date.valueOf() > new Date().valueOf());
  }
acegilz commented 6 years ago

@zinderud where / when / what frequency do you call that isTokenExpired() ?

zinderud commented 6 years ago

my usage 

import { Injectable } from '@angular/core';
import { CanActivate, Router } from '@angular/router';
import { Angular2TokenService } from './angular2-token.service';
import { AuthService } from './auth.service';

@Injectable()
export class AuthGuard implements CanActivate {

  constructor (
    private authService: AuthService,
    public aService: Angular2TokenService,
    private router: Router
  ) {}

  public canActivate() {

    if (!this.authService.isTokenExpired() && this.aService.userSignedIn()) {
      return true;
    } else {
      this.router.navigate(['/']);
      return false;
    }
  }
}