User always displayed as authenticated, even if token expired

[Ku3mi41]

Your Environment

• verdaccio version: 5.15.4
• node version: 16.15.0
• package manager: pnpm@6
• os: windows@11
• platform: npm

Describe the bug

Header menu shows user as authenticated even token is expired. Уou need to logout/login for view packages.

To Reproduce

• Login
• Wait for token expiration (1h by default)
• Open verdaccio again / press F5, doesn't matter
• Name on the screen and logout button, but no packages

Expected behavior

Display login button only if token expired. Because no packages will be visible anyway.

Screenshots, server logs, package manager log

Configuration File (cat ~/.config/verdaccio/config.yaml)

plugins: /verdaccio/plugins
storage: /verdaccio/storage/data
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  "@*/*":
    access: $authenticated
    publish: $authenticated
    proxy: npmjs
  "**":
    access: $all
    publish: $authenticated
    proxy: npmjs
web:
  title: NPM Registry
  showInfo: false	
logs:
  - { type: stdout, format: pretty, level: debug }

Contribute to Verdaccio

• I'm willing to fix this bug 🥇

Should I just fix defaultUserState in store value, depending on isTokenExpire? Maybe I missed something about JWTVerifyOptions.ignoreExpiration?

const defaultUserState: LoginBody = isTokenExpire(token)
  ? { token: null, username: null }
  : { token, username };

[juanpicado]

small question, What's the context of isTokenExpire ? where it comes from?

[Ku3mi41]

import { isTokenExpire } from 'verdaccio-ui/utils/login';

Simple token expiration and format checking function.

[mrcego]

Related to: #3163