Failed refreshToken in jwt should be considered as the same as invalid JWT token #1329

New issue

Open

opened 2026-02-20 15:31:32 -05:00 by deekerman · 0 comments

deekerman commented 2026-02-20 15:31:32 -05:00

Owner

Copy link

Originally created by @quangld on GitHub (Apr 16, 2020).

Originally assigned to: @NGPixel on GitHub.

if the refreshToken fails in this below code, it throws new WIKI.Error.AuthGenericError(). This will show the internal error on user's screen.

function authenticate in server\core\auth.js

// Expired but still valid within N days, just renew
...
    try {
        const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
...
    } catch (errc) {
        WIKI.logger.warn(errc)
        **return next()**
    }
}
// JWT is NOT valid, set as guest
if (!user) {
...
}

My suggestion is to set user to null, skip next(). That means the token is considered invalid.

// Expired but still valid within N days, just renew
...
    try {
        const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
...
    } catch (errc) {
        WIKI.logger.warn(errc)
        // return next()
        user = null // JWT token is invalid, continue with no user is set
    }
}
// JWT is NOT valid, set as guest
if (!user) {
...
}

Edited: fix formatting

Originally created by @quangld on GitHub (Apr 16, 2020). Originally assigned to: @NGPixel on GitHub. if the refreshToken fails in this below code, it throws new WIKI.Error.AuthGenericError(). This will show the internal error on user's screen. function **authenticate** in server\core\auth.js // Expired but still valid within N days, just renew ... try { const newToken = await WIKI.models.users.refreshToken(jwtPayload.id) ... } catch (errc) { WIKI.logger.warn(errc) **return next()** } } // JWT is NOT valid, set as guest if (!user) { ... } My suggestion is to set user to null, skip next(). That means the token is considered invalid. // Expired but still valid within N days, just renew ... try { const newToken = await WIKI.models.users.refreshToken(jwtPayload.id) ... } catch (errc) { WIKI.logger.warn(errc) // return next() user = null // JWT token is invalid, continue with no user is set } } // JWT is NOT valid, set as guest if (!user) { ... } Edited: fix formatting

deekerman added the

enhancement

label 2026-02-20 15:31:32 -05:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

scarlett

vega

feat-toc

v2.5.312

v2.5.311

v2.5.310

v2.5.309

v2.5.308

v2.5.307

v2.5.306

v2.5.305

v2.5.304

v2.5.303

v2.5.302

v2.5.301

v2.5.300

v2.5.299

v2.5.298

v2.5.297

v2.5.296

v2.5.295

v2.5.294

v2.5.293

v2.5.292

v2.5.291

v2.5.290

v2.5.289

v2.5.288

v2.5.287

v2.5.286

v2.5.285

v2.5.284

v2.5.283

v2.5.282

v2.5.281

v2.5.280

v2.5.279

v2.5.278

v2.5.277

v2.5.276

v2.5.275

2.5.274

2.5.272

2.5.268

2.5.264

2.5.260

2.5.255

2.5.254

2.5.219

2.5.214

2.5.201

2.5.197

2.5.191

2.5.170

2.5.159

2.5.144

2.5.136

2.5.132

2.5.126

2.5.121

2.5.117

2.5.105

2.4.107

2.4.105

2.4.75

2.3.81

2.3.77

2.3.72

2.3.71

2.2.51

2.2.50

2.1.113

2.0.12

2.0.1

2.0.0-rc.17

2.0.0-rc.1

2.0.0-beta.303

2.0.0-beta.275

2.0.0-beta.268

2.0.0-beta.267

2.0.0-beta.241

2.0.0-beta.230

2.0.0-beta.208

2.0.0-beta.203

2.0.0-beta.180

2.0.0-beta.174

2.0.0-beta.148

2.0.0-beta.147

2.0.0-beta.115

2.0.0-beta.91

2.0.0-beta.84

2.0.0-beta.68

2.0.0-beta.42

2.0.0-beta.11

v1.0.102

v1.0.78

v1.0.76

v1.0.68

v1.0.66

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.1

v1.0.0-beta.13

v1.0.0-beta.12

v1.0.0-beta.11

v1.0.0-beta.10

v1.0.0-beta.9

v1.0.0-beta.8

v1.0.0-beta.7

v1.0.0-beta.6

v1.0-beta.5

v1.0-beta.4

v1.0-beta.3

v1.0-beta.2

v1.0-beta.1

v1.0-alpha.7

v1.0-alpha.6

v1.0-alpha.5

v1.0-alpha.4

v1.0-alpha.3

v1.0-alpha.2

v1.0-alpha.1

Labels

Clear labels   

BETA

  

BETA

  

accessibility

  

backlog

  

bug

  

can't replicate

  

contrib-easy

  

contrib-hard

  

contrib-medium

  

deferred

  

documentation

  

duplicate

  

duplicate

  

editors

  

enhancement

  

invalid

  

localization

  

migrate

  

ui

  

under review

  

v3

No labels

BETA

BETA

accessibility

backlog

bug

can't replicate

contrib-easy

contrib-hard

contrib-medium

deferred

documentation

duplicate

duplicate

editors

enhancement

invalid

localization

migrate

ui

under review

v3

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/wiki#1329

No description provided.