From 581a2cd6e8057794f02063ce8f71292f7ed8af49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mih=C3=A1ly=20Lengyel?= Date: Fri, 24 May 2024 19:18:47 +0200 Subject: [PATCH] fix: refresh loop in axios interceptor (#123) --- CHANGELOG.md | 6 ++++++ lib/build/axios.js | 3 ++- lib/build/version.d.ts | 2 +- lib/build/version.js | 2 +- lib/ts/axios.ts | 3 ++- lib/ts/version.ts | 2 +- package-lock.json | 6 +++--- package.json | 2 +- 8 files changed, 17 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a61996..2605f0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [unreleased] +## [5.0.1] - 2024-05-24 + +### Fixes + +- Fix a possible refresh loop in the axios interceptor + ## [5.0.0] - 2024-05-08 ### Breaking changes diff --git a/lib/build/axios.js b/lib/build/axios.js index 599cee4..e7c0061 100644 --- a/lib/build/axios.js +++ b/lib/build/axios.js @@ -448,6 +448,7 @@ function setAuthorizationHeaderIfRequired(requestConfig) { requestConfig.headers = Object.assign(Object.assign({}, requestConfig.headers), { Authorization: `Bearer ${accessToken}` }); + requestConfig.__supertokensAddedAuthHeader = true; } } else { logDebugMessage("setAuthorizationHeaderIfRequired: token for header based auth not found"); @@ -460,7 +461,7 @@ function removeAuthHeaderIfMatchesLocalToken(config) { const refreshToken = yield getTokenForHeaderAuth("refresh"); const authHeader = config.headers.Authorization || config.headers.authorization; if (accessToken !== undefined && refreshToken !== undefined) { - if (authHeader === `Bearer ${accessToken}`) { + if (authHeader === `Bearer ${accessToken}` || "__supertokensAddedAuthHeader" in config) { // We are ignoring the Authorization header set by the user in this case, because it would cause issues // If we do not ignore this, then this header would be used even if the request is being retried after a refresh, even though it contains an outdated access token. // This causes an infinite refresh loop. diff --git a/lib/build/version.d.ts b/lib/build/version.d.ts index e434343..5cd1c3d 100644 --- a/lib/build/version.d.ts +++ b/lib/build/version.d.ts @@ -1,2 +1,2 @@ -export declare const package_version = "5.0.0"; +export declare const package_version = "5.0.1"; export declare const supported_fdi: string[]; diff --git a/lib/build/version.js b/lib/build/version.js index 390c7f9..b105ec6 100644 --- a/lib/build/version.js +++ b/lib/build/version.js @@ -12,5 +12,5 @@ * License for the specific language governing permissions and limitations * under the License. */ -export const package_version = "5.0.0"; +export const package_version = "5.0.1"; export const supported_fdi = ["1.16", "1.17", "1.18", "1.19"]; diff --git a/lib/ts/axios.ts b/lib/ts/axios.ts index 6fa9f1f..0f8492c 100644 --- a/lib/ts/axios.ts +++ b/lib/ts/axios.ts @@ -498,6 +498,7 @@ async function setAuthorizationHeaderIfRequired(requestConfig: AxiosRequestConfi ...requestConfig.headers, Authorization: `Bearer ${accessToken}` }; + (requestConfig as any).__supertokensAddedAuthHeader = true; } } else { logDebugMessage("setAuthorizationHeaderIfRequired: token for header based auth not found"); @@ -510,7 +511,7 @@ async function removeAuthHeaderIfMatchesLocalToken(config: AxiosRequestConfig) { const authHeader = config.headers!.Authorization || config.headers!.authorization; if (accessToken !== undefined && refreshToken !== undefined) { - if (authHeader === `Bearer ${accessToken}`) { + if (authHeader === `Bearer ${accessToken}` || "__supertokensAddedAuthHeader" in config) { // We are ignoring the Authorization header set by the user in this case, because it would cause issues // If we do not ignore this, then this header would be used even if the request is being retried after a refresh, even though it contains an outdated access token. // This causes an infinite refresh loop. diff --git a/lib/ts/version.ts b/lib/ts/version.ts index f23310f..4088e18 100644 --- a/lib/ts/version.ts +++ b/lib/ts/version.ts @@ -12,6 +12,6 @@ * License for the specific language governing permissions and limitations * under the License. */ -export const package_version = "5.0.0"; +export const package_version = "5.0.1"; export const supported_fdi = ["1.16", "1.17", "1.18", "1.19"]; diff --git a/package-lock.json b/package-lock.json index 2d36a4a..b1cc1fd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "supertokens-react-native", - "version": "5.0.0", + "version": "5.0.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "supertokens-react-native", - "version": "5.0.0", + "version": "5.0.1", "license": "Apache 2.0", "dependencies": { "base-64": "^1.0.0", @@ -18970,4 +18970,4 @@ "dev": true } } -} \ No newline at end of file +} diff --git a/package.json b/package.json index 9d2e799..b83e979 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "supertokens-react-native", - "version": "5.0.0", + "version": "5.0.1", "description": "React Native SDK for SuperTokens", "main": "index.js", "scripts": {