-
Notifications
You must be signed in to change notification settings - Fork 10
Gracefully handle a user revoking their refresh token #60
Comments
remove them from the waitlist as well. |
This seems to be happening more often now, this direly needs to be handled gracefully as the only fix currently is manually remove them from the db.
Also, it's the same fucking person doing it. |
I thought I fixed this but apparently I didn't - Let's maybe check the status on each token before we allow people to join the WL, so we aren't dealing with kicking people while we're in the middle of that. |
We now non-gracefully handle revoking by erroring a shitton instead of crashing, but that's a mild improvement. The previous method of fixing this was to simply delete the persons user account and the session would reset on next load, but due to req-flash this now isn't possible and the WL panics and crashes now. Short explanation:
We need to gracefully handle a revoked token by using the session to log out the user (session.logout() or something - We should also check the waitlist for them, maybe a 'disabled' field?). On next login, the refresh token should be updated like normal and their account should be reactivated, with all user data left intact. |
Once #47 has been completed I am going to add a check in the globalwaitlist.js to make sure users are online. This is the script where things tend to die when people like Alyss revoke their tokens. If their token is revoked at this point I will flag them for a logout on next page refresh. This should stop people from getting stuck.. This script currently runs every 10 seconds so that should be enough. |
A user revoking their refresh token while logged in kills the app when they try and do anything with the ESI. If any ESI request comes back with 'invalid token' we should forcefully log the user out and delete their session.
2018-02-22T12:58:14.585Z [error] getLocation: Error for requestNewAccessToken {"err":{"statusCode":400,"data":"{\"error\":\"invalid_token\",\"error_description\":\"The refresh token is expired.\"}"},"characterID":96099470}
The text was updated successfully, but these errors were encountered: