mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-21 16:18:28 +01:00
PM-5263 - Clear all tokens on logout (#8536)
This commit is contained in:
parent
7021e94475
commit
ebe5a46b57
@ -1,5 +1,9 @@
|
||||
import { KeyDefinition, TOKEN_DISK, TOKEN_DISK_LOCAL, TOKEN_MEMORY } from "../../platform/state";
|
||||
|
||||
// Note: all tokens / API key information must be cleared on logout.
|
||||
// because we are using secure storage, we must manually call to clean up our tokens.
|
||||
// See stateService.deAuthenticateAccount for where we call clearTokens(...)
|
||||
|
||||
export const ACCESS_TOKEN_DISK = new KeyDefinition<string>(TOKEN_DISK, "accessToken", {
|
||||
deserializer: (accessToken) => accessToken,
|
||||
});
|
||||
|
@ -1729,7 +1729,9 @@ export class StateService<
|
||||
}
|
||||
|
||||
protected async deAuthenticateAccount(userId: string): Promise<void> {
|
||||
await this.tokenService.clearAccessToken(userId as UserId);
|
||||
// We must have a manual call to clear tokens as we can't leverage state provider to clean
|
||||
// up our data as we have secure storage in the mix.
|
||||
await this.tokenService.clearTokens(userId as UserId);
|
||||
await this.setLastActive(null, { userId: userId });
|
||||
await this.updateState(async (state) => {
|
||||
state.authenticatedAccounts = state.authenticatedAccounts.filter((id) => id !== userId);
|
||||
|
Loading…
Reference in New Issue
Block a user