From ed264a5389ae3c8fac9fc33fcd3c1fef01cb99da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Barth=C3=A9l=C3=A9my=20Ledoux?= Date: Fri, 13 Dec 2024 12:33:15 +0100 Subject: [PATCH] fix: avoid redirect loops when axios calls an unauthorized API (#6450) * fix: avoid redirect loops when axios calls an unauthorized API * use the proper structure for axios * protect against empty request data --- ui/src/utils/axios.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ui/src/utils/axios.js b/ui/src/utils/axios.js index 7436074e565..8d3fe4b197b 100644 --- a/ui/src/utils/axios.js +++ b/ui/src/utils/axios.js @@ -7,6 +7,8 @@ let requestsTotal = 0 let requestsCompleted = 0 let latencyThreshold = 0 +const JWT_REFRESHED_QUERY = "__jwt_refreshed__"; + const progressComplete = () => { requestsTotal = 0 requestsCompleted = 0 @@ -115,6 +117,14 @@ export default (callback, store, router) => { const originalRequest = errorResponse.config if (!refreshing) { + const originalRequestData = JSON.parse(originalRequest.data ?? "{}"); + + // if we already tried refreshing the token, + // the user simply does not have access to this feature + if(originalRequestData[JWT_REFRESHED_QUERY] === 1) { + return Promise.reject(errorResponse) + } + refreshing = true; try { await instance.post("/oauth/access_token?grant_type=refresh_token", null, {headers: {"Content-Type": "application/json"}}); @@ -124,8 +134,9 @@ export default (callback, store, router) => { toRefreshQueue = []; refreshing = false; + originalRequestData[JWT_REFRESHED_QUERY] = 1; + originalRequest.data = JSON.stringify(originalRequestData); return instance(originalRequest) - } catch { document.body.classList.add("login"); store.dispatch("core/isUnsaved", false);