From ebe5a46b57bcfca686fe1f15bc7fb59ed17cbc6e Mon Sep 17 00:00:00 2001 From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Date: Thu, 28 Mar 2024 16:56:02 -0400 Subject: [PATCH] PM-5263 - Clear all tokens on logout (#8536) --- libs/common/src/auth/services/token.state.ts | 4 ++++ libs/common/src/platform/services/state.service.ts | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libs/common/src/auth/services/token.state.ts b/libs/common/src/auth/services/token.state.ts index 55471e1627a..368f3c4ca29 100644 --- a/libs/common/src/auth/services/token.state.ts +++ b/libs/common/src/auth/services/token.state.ts @@ -1,5 +1,9 @@ import { KeyDefinition, TOKEN_DISK, TOKEN_DISK_LOCAL, TOKEN_MEMORY } from "../../platform/state"; +// Note: all tokens / API key information must be cleared on logout. +// because we are using secure storage, we must manually call to clean up our tokens. +// See stateService.deAuthenticateAccount for where we call clearTokens(...) + export const ACCESS_TOKEN_DISK = new KeyDefinition(TOKEN_DISK, "accessToken", { deserializer: (accessToken) => accessToken, }); diff --git a/libs/common/src/platform/services/state.service.ts b/libs/common/src/platform/services/state.service.ts index 8c98cc346f0..d4297ecf94e 100644 --- a/libs/common/src/platform/services/state.service.ts +++ b/libs/common/src/platform/services/state.service.ts @@ -1729,7 +1729,9 @@ export class StateService< } protected async deAuthenticateAccount(userId: string): Promise { - await this.tokenService.clearAccessToken(userId as UserId); + // We must have a manual call to clear tokens as we can't leverage state provider to clean + // up our data as we have secure storage in the mix. + await this.tokenService.clearTokens(userId as UserId); await this.setLastActive(null, { userId: userId }); await this.updateState(async (state) => { state.authenticatedAccounts = state.authenticatedAccounts.filter((id) => id !== userId);