diff --git a/packages/nc-gui/composables/useGlobal/actions.ts b/packages/nc-gui/composables/useGlobal/actions.ts index 8b62ac9ead..34c840cda1 100644 --- a/packages/nc-gui/composables/useGlobal/actions.ts +++ b/packages/nc-gui/composables/useGlobal/actions.ts @@ -8,12 +8,14 @@ export function useGlobalActions(state: State): Actions { /** Sign out by deleting the token from localStorage */ const signOut: Actions['signOut'] = async () => { - state.token.value = null - state.user.value = null try { const nuxtApp = useNuxtApp() await nuxtApp.$api.auth.signout() - } catch {} + } catch { + } finally { + state.token.value = null + state.user.value = null + } } /** Sign in by setting the token in localStorage */ diff --git a/packages/nocodb/src/controllers/users/users.controller.ts b/packages/nocodb/src/controllers/users/users.controller.ts index 0c8f153c78..ec94567d43 100644 --- a/packages/nocodb/src/controllers/users/users.controller.ts +++ b/packages/nocodb/src/controllers/users/users.controller.ts @@ -73,11 +73,15 @@ export class UsersController { res.json(this.usersService.login(req.user)); } + @UseGuards(GlobalGuard) @Post('/api/v1/auth/user/signout') @HttpCode(200) - async signout(@Request() req, @Response() res): Promise { + async signOut(@Request() req, @Response() res): Promise { + if (!(req as any).isAuthenticated()) { + NcError.forbidden('Not allowed'); + } res.json( - await this.usersService.signout({ + await this.usersService.signOut({ req, res, }), diff --git a/packages/nocodb/src/services/users/users.service.ts b/packages/nocodb/src/services/users/users.service.ts index 6d1305173b..39bbdee38b 100644 --- a/packages/nocodb/src/services/users/users.service.ts +++ b/packages/nocodb/src/services/users/users.service.ts @@ -493,13 +493,14 @@ export class UsersService { }; } - async signout(param: { res: any; req: any }) { + async signOut(param: { res: any; req: any }) { try { param.res.clearCookie('refresh_token'); const user = (param.req as any).user; - if (user) { + if (user?.id) { await User.update(user.id, { refresh_token: null, + token_version: null, }); } return { msg: 'Signed out successfully' };