Fix inactivity detection followed by logout - Fixes #267

2025-01-11 16:58:58 +01:00 · 2024-03-06 08:40:29 +01:00 · 2024-03-06 08:40:29 +01:00 · 9519d5838c
commit 9519d5838c
parent 214c1c2349
3 changed files with 11 additions and 14 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -48,8 +48,8 @@ class Kernel extends HttpKernel
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \App\Http\Middleware\Authenticate::class,
-            \App\Http\Middleware\LogUserLastSeen::class,
            \App\Http\Middleware\KickOutInactiveUser::class,
+            \App\Http\Middleware\LogUserLastSeen::class,
            \App\Http\Middleware\SetLanguage::class,
            \App\Http\Middleware\CustomCreateFreshApiToken::class,
        ],
--- a/app/Http/Middleware/KickOutInactiveUser.php
+++ b/app/Http/Middleware/KickOutInactiveUser.php
@ -38,11 +38,8 @@ public function handle($request, Closure $next, ...$guards)
        if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
            $user->last_seen_at = $now->format('Y-m-d H:i:s');
            $user->save();
-
            Log::info(sprintf('User ID #%s detected as inactive, authentication rejected', $user->id));
-            if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) {
-                Auth::logout();
-            }
+            Auth::guard('web-guard')->logout();

            return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT);
        }
--- a/resources/js/services/httpClientFactory.js
+++ b/resources/js/services/httpClientFactory.js
@ -51,6 +51,15 @@ export const httpClientFactory = (endpoint = 'api') => {
                await axios.get('/refresh-csrf')
                return httpClient.request(originalRequestConfig)
            }
+
+            // api calls are stateless so when user inactivity is detected
+            // by the backend middleware, it cannot logout the user directly
+            // so it returns a 418 response.
+            // We catch the 418 response and log the user out
+            if (error.response.status === 418) {
+                const user = useUserStore()
+                user.logout({ kicked: true})
+            }
            
            if (error.response && [407].includes(error.response.status)) {
                useNotifyStore().error(error)
@ -78,15 +87,6 @@ export const httpClientFactory = (endpoint = 'api') => {
                return new Promise(() => {})
            }

-            // api calls are stateless so when user inactivity is detected
-            // by the backend middleware, it cannot logout the user directly
-            // so it returns a 418 response.
-            // We catch the 418 response and log the user out
-            if (error.response.status === 418) {
-                const user = useUserStore()
-                user.logout({ kicked: true})
-            }
-
            useNotifyStore().error(error)
            return new Promise(() => {})
        }