From 9519d5838cc6c8eea2a0402b035608f4d7828c66 Mon Sep 17 00:00:00 2001
From: Bubka <858858+Bubka@users.noreply.github.com>
Date: Wed, 6 Mar 2024 08:40:29 +0100
Subject: [PATCH] Fix inactivity detection followed by logout - Fixes #267

---
 app/Http/Kernel.php                         |  2 +-
 app/Http/Middleware/KickOutInactiveUser.php |  5 +----
 resources/js/services/httpClientFactory.js  | 18 +++++++++---------
 3 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 95dfb410..ad7a0c25 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -48,8 +48,8 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
             \App\Http\Middleware\Authenticate::class,
-            \App\Http\Middleware\LogUserLastSeen::class,
             \App\Http\Middleware\KickOutInactiveUser::class,
+            \App\Http\Middleware\LogUserLastSeen::class,
             \App\Http\Middleware\SetLanguage::class,
             \App\Http\Middleware\CustomCreateFreshApiToken::class,
         ],
diff --git a/app/Http/Middleware/KickOutInactiveUser.php b/app/Http/Middleware/KickOutInactiveUser.php
index 510fc9be..2d3f36d3 100644
--- a/app/Http/Middleware/KickOutInactiveUser.php
+++ b/app/Http/Middleware/KickOutInactiveUser.php
@@ -38,11 +38,8 @@ public function handle($request, Closure $next, ...$guards)
         if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
             $user->last_seen_at = $now->format('Y-m-d H:i:s');
             $user->save();
-
             Log::info(sprintf('User ID #%s detected as inactive, authentication rejected', $user->id));
-            if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) {
-                Auth::logout();
-            }
+            Auth::guard('web-guard')->logout();
 
             return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT);
         }
diff --git a/resources/js/services/httpClientFactory.js b/resources/js/services/httpClientFactory.js
index 0b573ae7..f88db7dc 100644
--- a/resources/js/services/httpClientFactory.js
+++ b/resources/js/services/httpClientFactory.js
@@ -51,6 +51,15 @@ export const httpClientFactory = (endpoint = 'api') => {
                 await axios.get('/refresh-csrf')
                 return httpClient.request(originalRequestConfig)
             }
+
+            // api calls are stateless so when user inactivity is detected
+            // by the backend middleware, it cannot logout the user directly
+            // so it returns a 418 response.
+            // We catch the 418 response and log the user out
+            if (error.response.status === 418) {
+                const user = useUserStore()
+                user.logout({ kicked: true})
+            }
             
             if (error.response && [407].includes(error.response.status)) {
                 useNotifyStore().error(error)
@@ -78,15 +87,6 @@ export const httpClientFactory = (endpoint = 'api') => {
                 return new Promise(() => {})
             }
 
-            // api calls are stateless so when user inactivity is detected
-            // by the backend middleware, it cannot logout the user directly
-            // so it returns a 418 response.
-            // We catch the 418 response and log the user out
-            if (error.response.status === 418) {
-                const user = useUserStore()
-                user.logout({ kicked: true})
-            }
-
             useNotifyStore().error(error)
             return new Promise(() => {})
         }