From 40fe4995e8208f3c6bb0bd0c1b11b7e7694edea5 Mon Sep 17 00:00:00 2001 From: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com> Date: Mon, 15 Sep 2025 16:11:01 +0200 Subject: [PATCH] V16: keepUserLoggedIn has no effect (#20123) * feat: exports all current-user config-related items * fix: observes the current-user config for the 'keepUserLoggedIn' value and simply try to refresh the token when the worker makes an attempt to log out the user * fix: moves current user config repository and related dependencies to the 'current-user' package previously, it was not exported, so is not a breaking change * chore: moves current-user-allow-mfa condition to the 'current-user' package to avoid circular dependencies (and because it naturally belongs there) * fix: checks for `keepUserLoggedIn` directly * Revert "chore: moves current-user-allow-mfa condition to the 'current-user' package to avoid circular dependencies (and because it naturally belongs there)" This reverts commit 17bebfba41f6996205f0649d70c0d210808f6081. * Revert "fix: moves current user config repository and related dependencies to the 'current-user' package" This reverts commit 0c114628985643a2ac1c7dc135e75d64db972bc6. * Revert "feat: exports all current-user config-related items" This reverts commit a6586aff1dcc293ae5485bcf436297341fc126bf. * fix: avoids depending on 'resources' --- .../auth-session-timeout.controller.ts | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/Umbraco.Web.UI.Client/src/packages/core/auth/controllers/auth-session-timeout.controller.ts b/src/Umbraco.Web.UI.Client/src/packages/core/auth/controllers/auth-session-timeout.controller.ts index 62a3d994e8..4d522bd673 100644 --- a/src/Umbraco.Web.UI.Client/src/packages/core/auth/controllers/auth-session-timeout.controller.ts +++ b/src/Umbraco.Web.UI.Client/src/packages/core/auth/controllers/auth-session-timeout.controller.ts @@ -2,10 +2,13 @@ import type { UmbAuthFlow } from '../auth-flow.js'; import type { UmbAuthContext } from '../auth.context.js'; import { UMB_MODAL_AUTH_TIMEOUT } from '../modals/umb-auth-timeout-modal.token.js'; import { UmbControllerBase } from '@umbraco-cms/backoffice/class-api'; +import { UserService } from '@umbraco-cms/backoffice/external/backend-api'; export class UmbAuthSessionTimeoutController extends UmbControllerBase { #tokenCheckWorker?: SharedWorker; #host: UmbAuthContext; + #keepUserLoggedIn = false; + #hasCheckedKeepUserLoggedIn = false; constructor(host: UmbAuthContext, authFlow: UmbAuthFlow) { super(host, 'UmbAuthSessionTimeoutController'); @@ -22,6 +25,15 @@ export class UmbAuthSessionTimeoutController extends UmbControllerBase { // Listen for messages from the token check worker this.#tokenCheckWorker.port.onmessage = async (event) => { + // If the user has chosen to stay logged in, we ignore the logout command and instead request a new token + if (this.#keepUserLoggedIn) { + console.log( + '[Auth Context] User chose to stay logged in, attempting to validate token instead of logging out.', + ); + await this.#tryValidateToken(); + return; + } + if (event.data?.command === 'logout') { // If the worker signals a logout, we clear the token storage and set the user as unauthorized host.timeOut(); @@ -60,6 +72,16 @@ export class UmbAuthSessionTimeoutController extends UmbControllerBase { }, '_authFlowTimeoutSignal', ); + + this.observe( + host.isAuthorized, + (isAuthorized) => { + if (isAuthorized) { + this.#observeKeepUserLoggedIn(); + } + }, + '_authFlowIsAuthorizedSignal', + ); } override destroy(): void { @@ -68,6 +90,20 @@ export class UmbAuthSessionTimeoutController extends UmbControllerBase { this.#tokenCheckWorker = undefined; } + /** + * Observe the user's preference for staying logged in + * and update the internal state accordingly. + * This method fetches the current user configuration from the server to find the value. + * // TODO: We cannot observe the config store directly here yet, as it would create a circular dependency, so maybe we need to move the config option somewhere else? + */ + async #observeKeepUserLoggedIn() { + if (this.#hasCheckedKeepUserLoggedIn) return; + this.#hasCheckedKeepUserLoggedIn = true; + // eslint-disable-next-line local-rules/no-direct-api-import + const { data } = await UserService.getUserCurrentConfiguration(); + this.#keepUserLoggedIn = data?.keepUserLoggedIn ?? false; + } + async #closeTimeoutModal() { const contextToken = (await import('@umbraco-cms/backoffice/modal')).UMB_MODAL_MANAGER_CONTEXT; const modalManager = await this.getContext(contextToken);