fix: avoid redirect loops when axios calls an unauthorized API (#6450)

* fix: avoid redirect loops when axios calls an unauthorized API * use the proper structure for axios * protect against empty request data
kestra-io · Dec 13, 2024 · ed264a5 · ed264a5
1 parent aae4e6b
commit ed264a5
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/ui/src/utils/axios.js b/ui/src/utils/axios.js
@@ -7,6 +7,8 @@ let requestsTotal = 0
 let requestsCompleted = 0
 let latencyThreshold = 0
 
+const JWT_REFRESHED_QUERY = "__jwt_refreshed__";
+
 const progressComplete = () => {
     requestsTotal = 0
     requestsCompleted = 0
@@ -115,6 +117,14 @@ export default (callback, store, router) => {
                 const originalRequest = errorResponse.config
 
                 if (!refreshing) {
+                    const originalRequestData = JSON.parse(originalRequest.data ?? "{}");
+
+                    // if we already tried refreshing the token,
+                    // the user simply does not have access to this feature
+                    if(originalRequestData[JWT_REFRESHED_QUERY] === 1) {
+                        return Promise.reject(errorResponse)
+                    }
+
                     refreshing = true;
                     try {
                         await instance.post("/oauth/access_token?grant_type=refresh_token", null, {headers: {"Content-Type": "application/json"}});
@@ -124,8 +134,9 @@ export default (callback, store, router) => {
                         toRefreshQueue = [];
                         refreshing = false;
 
+                        originalRequestData[JWT_REFRESHED_QUERY] = 1;
+                        originalRequest.data = JSON.stringify(originalRequestData);
                         return instance(originalRequest)
-
                     } catch {
                         document.body.classList.add("login");
                         store.dispatch("core/isUnsaved", false);