From df7ee748c5d4af5960d83419f789190b2c0b4830 Mon Sep 17 00:00:00 2001
From: Wing-Kam Wong <wingkwong.code@gmail.com>
Date: Fri, 16 Jun 2023 11:18:28 +0800
Subject: [PATCH 1/3] fix(nc-gui): reset state token and user after signout

---
 packages/nc-gui/composables/useGlobal/actions.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/packages/nc-gui/composables/useGlobal/actions.ts b/packages/nc-gui/composables/useGlobal/actions.ts
index 8b62ac9ead..34c840cda1 100644
--- a/packages/nc-gui/composables/useGlobal/actions.ts
+++ b/packages/nc-gui/composables/useGlobal/actions.ts
@@ -8,12 +8,14 @@ export function useGlobalActions(state: State): Actions {
 
   /** Sign out by deleting the token from localStorage */
   const signOut: Actions['signOut'] = async () => {
-    state.token.value = null
-    state.user.value = null
     try {
       const nuxtApp = useNuxtApp()
       await nuxtApp.$api.auth.signout()
-    } catch {}
+    } catch {
+    } finally {
+      state.token.value = null
+      state.user.value = null
+    }
   }
 
   /** Sign in by setting the token in localStorage */

From 3408f642431db3dc2e3b6c3070017fd7203452bf Mon Sep 17 00:00:00 2001
From: Wing-Kam Wong <wingkwong.code@gmail.com>
Date: Fri, 16 Jun 2023 11:18:58 +0800
Subject: [PATCH 2/3] fix(nocodb): add missing GlobalGuard on signout

---
 packages/nocodb/src/controllers/users/users.controller.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/nocodb/src/controllers/users/users.controller.ts b/packages/nocodb/src/controllers/users/users.controller.ts
index 0c8f153c78..ec94567d43 100644
--- a/packages/nocodb/src/controllers/users/users.controller.ts
+++ b/packages/nocodb/src/controllers/users/users.controller.ts
@@ -73,11 +73,15 @@ export class UsersController {
     res.json(this.usersService.login(req.user));
   }
 
+  @UseGuards(GlobalGuard)
   @Post('/api/v1/auth/user/signout')
   @HttpCode(200)
-  async signout(@Request() req, @Response() res): Promise<any> {
+  async signOut(@Request() req, @Response() res): Promise<any> {
+    if (!(req as any).isAuthenticated()) {
+      NcError.forbidden('Not allowed');
+    }
     res.json(
-      await this.usersService.signout({
+      await this.usersService.signOut({
         req,
         res,
       }),

From 01b81f53bca3bd617a229e39a451dc32103d3d4a Mon Sep 17 00:00:00 2001
From: Wing-Kam Wong <wingkwong.code@gmail.com>
Date: Fri, 16 Jun 2023 11:19:26 +0800
Subject: [PATCH 3/3] fix(nocodb): update user only if user id is given and
 reset token_version

---
 packages/nocodb/src/services/users/users.service.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packages/nocodb/src/services/users/users.service.ts b/packages/nocodb/src/services/users/users.service.ts
index 6d1305173b..39bbdee38b 100644
--- a/packages/nocodb/src/services/users/users.service.ts
+++ b/packages/nocodb/src/services/users/users.service.ts
@@ -493,13 +493,14 @@ export class UsersService {
     };
   }
 
-  async signout(param: { res: any; req: any }) {
+  async signOut(param: { res: any; req: any }) {
     try {
       param.res.clearCookie('refresh_token');
       const user = (param.req as any).user;
-      if (user) {
+      if (user?.id) {
         await User.update(user.id, {
           refresh_token: null,
+          token_version: null,
         });
       }
       return { msg: 'Signed out successfully' };