search

payloadcms / payload

Payload is the open-source, fullstack Next.js framework, giving you instant backend superpowers. Get a full TypeScript backend and admin panel instantly. Use Payload as a headless CMS or for building powerful applications.
https://payloadcms.com
MIT License
25.67k stars 1.63k forks source link

Automatic Logout results in: "APIError: No User" #5292

Open pmeske opened 8 months ago

pmeske commented 8 months ago

Link to reproduction

https://github.com/pmeske/payload/tree/issue/token-expiration

Describe the Bug

When I define a tokenExpiration and wait for the User to get logged out automatically, I always see an Exception in the Server-Logs:

[10:35:59] ERROR (payload): APIError: No User
    at logout (C:\Projekte\playground\inclusiveTest\node_modules\payload\src\auth\operations\logout.ts:29:20)
    at logoutHandler (C:\Projekte\playground\inclusiveTest\node_modules\payload\src\auth\requestHandlers\logout.ts:15:33)
    at Layer.handle [as handle_request] (C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\route.js:144:13)
    at Route.dispatch (C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\route.js:114:3)
    at Layer.handle [as handle_request] (C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\layer.js:95:5)
    at C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\index.js:284:15
    at Function.process_params (C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\index.js:346:12)
    at next (C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\index.js:280:10)
    at next (C:\Projekte\playground\inclusiveTest\node_modules\payload\node_modules\express\lib\router\route.js:136:14)

I think the Issue is the timing of the Logout. The User gets logged out when the Token / Cookie is already expired. Therefore there is no User to Logout in the payload\src\auth\operations\logout.ts:29.

To Reproduce

Open the Backend and wait for ~2 Minutes to get logged out automatically. Unfortunally I could not reduce that time to something lower than 2 Minutes, because then the application ends in a kind of infinite loop, always refreshing the current Token.

Payload Version

2.11.2

Adapters and Plugins

No response

ringge commented 6 months ago

I also got this error

immotus commented 3 months ago

I have a somewhat similar error on v2.25.0.

Clicking Logout in the Admin UI throws the same error, showing the "You have been logged out successfully" page but throwing the exact same error on the server console. In Chrome, I can also see it in the Network Inspector. However, the fact is that I don't get logged out at all. If I click the back button, I am still perfectly logged in.

The weird stuff is that the exact same codebase behaves fine on a different machine.

shadow5og commented 4 days ago

I have a somewhat similar error on v2.25.0.

Clicking Logout in the Admin UI throws the same error, showing the "You have been logged out successfully" page but throwing the exact same error on the server console. In Chrome, I can also see it in the Network Inspector. However, the fact is that I don't get logged out at all. If I click the back button, I am still perfectly logged in.

The weird stuff is that the exact same codebase behaves fine on a different machine.

I am getting the same error as PavelGolodoniuc on v3

immotus commented 4 days ago

@shadow5og, I have actually resolved the issue now. The problem was in the incorrect CORS setting. I fixed it with the following configuration option:

export default buildConfig({
    ...
    cors: HOSTS_WHITELIST,
    csrf: HOSTS_WHITELIST,
});

Where:

const HOSTS_WHITELIST = [ "http://localhost:3000", "http://localhost:4200", "https://cms.site.com" ]