From d498050a14052d802fe2d206ceb115e5fdda22e2 Mon Sep 17 00:00:00 2001 From: dshukertjr Date: Sat, 8 Jun 2024 12:47:39 +0900 Subject: [PATCH 1/3] fix: signing in does not remove the session unless the operation succedes. --- packages/gotrue/lib/src/gotrue_client.dart | 27 ---------------------- 1 file changed, 27 deletions(-) diff --git a/packages/gotrue/lib/src/gotrue_client.dart b/packages/gotrue/lib/src/gotrue_client.dart index 7de0f619..170e4e0c 100644 --- a/packages/gotrue/lib/src/gotrue_client.dart +++ b/packages/gotrue/lib/src/gotrue_client.dart @@ -140,8 +140,6 @@ class GoTrueClient { Map? data, String? captchaToken, }) async { - _removeSession(); - final response = await _fetch.request( '$_url/signup', RequestMethodType.post, @@ -194,8 +192,6 @@ class GoTrueClient { assert((email != null && phone == null) || (email == null && phone != null), 'You must provide either an email or phone number'); - _removeSession(); - late final Map response; if (email != null) { @@ -261,8 +257,6 @@ class GoTrueClient { required String password, String? captchaToken, }) async { - _removeSession(); - late final Map response; if (email != null) { @@ -315,7 +309,6 @@ class GoTrueClient { String? scopes, Map? queryParams, }) async { - _removeSession(); return _getUrlForProvider( provider, url: '$_url/authorize', @@ -393,8 +386,6 @@ class GoTrueClient { String? nonce, String? captchaToken, }) async { - _removeSession(); - if (provider != OAuthProvider.google && provider != OAuthProvider.apple && provider != OAuthProvider.kakao) { @@ -458,8 +449,6 @@ class GoTrueClient { String? captchaToken, OtpChannel channel = OtpChannel.sms, }) async { - _removeSession(); - if (email != null) { String? codeChallenge; if (_flowType == AuthFlowType.pkce) { @@ -530,10 +519,6 @@ class GoTrueClient { assert((email != null && phone == null) || (email == null && phone != null), '`email` or `phone` needs to be specified.'); - if (type != OtpType.emailChange && type != OtpType.phoneChange) { - _removeSession(); - } - final body = { if (email != null) 'email': email, if (phone != null) 'phone': phone, @@ -584,7 +569,6 @@ class GoTrueClient { 'providerId or domain has to be provided.', ); - _removeSession(); String? codeChallenge; String? codeChallengeMethod; if (_flowType == AuthFlowType.pkce) { @@ -676,10 +660,6 @@ class GoTrueClient { 'phone must be provided for type ${type.name}'); } - if (type != OtpType.emailChange && type != OtpType.phoneChange) { - _removeSession(); - } - final body = { if (email != null) 'email': email, if (phone != null) 'phone': phone, @@ -847,7 +827,6 @@ class GoTrueClient { final accessToken = currentSession?.accessToken; if (scope != SignOutScope.others) { - _removeSession(); await _asyncStorage?.removeItem( key: '${Constants.defaultStorageKey}-code-verifier'); notifyAllSubscribers(AuthChangeEvent.signedOut); @@ -1135,11 +1114,6 @@ class GoTrueClient { _currentUser = session.user; } - void _removeSession() { - _currentSession = null; - _currentUser = null; - } - /// Generates a new JWT. /// /// To prevent multiple simultaneous requests it catches an already ongoing request by using the global [_refreshTokenCompleter]. @@ -1174,7 +1148,6 @@ class GoTrueClient { return data; } on AuthException catch (error, stack) { if (error is! AuthRetryableFetchException) { - _removeSession(); notifyAllSubscribers(AuthChangeEvent.signedOut); } else { _onAuthStateChangeController.addError(error, stack); From cfc695091d52c9e2ce58c1c78b26f062d6f8f76d Mon Sep 17 00:00:00 2001 From: dshukertjr Date: Mon, 10 Jun 2024 14:10:31 +0900 Subject: [PATCH 2/3] set local session and user to null within signout --- packages/gotrue/lib/src/gotrue_client.dart | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/gotrue/lib/src/gotrue_client.dart b/packages/gotrue/lib/src/gotrue_client.dart index 170e4e0c..87633c4d 100644 --- a/packages/gotrue/lib/src/gotrue_client.dart +++ b/packages/gotrue/lib/src/gotrue_client.dart @@ -827,6 +827,8 @@ class GoTrueClient { final accessToken = currentSession?.accessToken; if (scope != SignOutScope.others) { + _currentSession = null; + _currentUser = null; await _asyncStorage?.removeItem( key: '${Constants.defaultStorageKey}-code-verifier'); notifyAllSubscribers(AuthChangeEvent.signedOut); From 476307f4a97b0f2b209fffd751de5f5372ec8e16 Mon Sep 17 00:00:00 2001 From: dshukertjr Date: Mon, 10 Jun 2024 14:16:00 +0900 Subject: [PATCH 3/3] add remove session to call refresh token --- packages/gotrue/lib/src/gotrue_client.dart | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/gotrue/lib/src/gotrue_client.dart b/packages/gotrue/lib/src/gotrue_client.dart index 87633c4d..20501ff5 100644 --- a/packages/gotrue/lib/src/gotrue_client.dart +++ b/packages/gotrue/lib/src/gotrue_client.dart @@ -827,8 +827,7 @@ class GoTrueClient { final accessToken = currentSession?.accessToken; if (scope != SignOutScope.others) { - _currentSession = null; - _currentUser = null; + _removeSession(); await _asyncStorage?.removeItem( key: '${Constants.defaultStorageKey}-code-verifier'); notifyAllSubscribers(AuthChangeEvent.signedOut); @@ -1116,6 +1115,11 @@ class GoTrueClient { _currentUser = session.user; } + void _removeSession() { + _currentSession = null; + _currentUser = null; + } + /// Generates a new JWT. /// /// To prevent multiple simultaneous requests it catches an already ongoing request by using the global [_refreshTokenCompleter]. @@ -1150,6 +1154,7 @@ class GoTrueClient { return data; } on AuthException catch (error, stack) { if (error is! AuthRetryableFetchException) { + _removeSession(); notifyAllSubscribers(AuthChangeEvent.signedOut); } else { _onAuthStateChangeController.addError(error, stack);