supertokens · rishabhpoddar · Feb 6, 2024 · Feb 6, 2024 · Feb 6, 2024 · Feb 6, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [18.0.1] - 2024-02-06
+
+### Fixes
+
+- Fix an issue that caused `attemptRefreshingSession` to throw in some cases when getting a 401 response from the refresh endpoint
+
 ## [18.0.0] - 2024-01-18
 
 ## Breaking Changes

diff --git a/bundle/bundle.js b/bundle/bundle.js
diff --git a/lib/build/fetch.js b/lib/build/fetch.js
diff --git a/lib/build/version.d.ts b/lib/build/version.d.ts
diff --git a/lib/build/version.js b/lib/build/version.js
diff --git a/lib/ts/fetch.ts b/lib/ts/fetch.ts
@@ -477,7 +477,7 @@ export async function onUnauthorisedResponse(
                 // There is a case where the FE thinks the session is valid, but backend doesn't get the tokens.
                 // In this event, session expired error will be thrown and the frontend should remove this token
                 if (isUnauthorised && response.headers.get("front-token") === null) {
-                    FrontToken.setItem("remove");
+                    await FrontToken.setItem("remove");
                 }
 
                 fireSessionUpdateEventsIfNecessary(

diff --git a/lib/ts/version.ts b/lib/ts/version.ts
@@ -12,6 +12,6 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
-export const package_version = "18.0.0";
+export const package_version = "18.0.1";
 
 export const supported_fdi = ["1.16", "1.17", "1.18"];
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "supertokens-website",
-  "version": "18.0.0",
+  "version": "18.0.1",
   "description": "frontend sdk for website to be used for auth solution.",
   "main": "index.js",
   "dependencies": {

diff --git a/test/attemptRefreshingSession.test.js b/test/attemptRefreshingSession.test.js
@@ -0,0 +1,110 @@
+/* Copyright (c) 2022, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+let axios = require("axios");
+let jsdom = require("mocha-jsdom");
+const { spawn } = require("child_process");
+let { BASE_URL_FOR_ST, BASE_URL, startST, resetAuthHttpRequestFetch, delay } = require("./utils");
+let { ProcessState } = require("../lib/build/processState");
+let puppeteer = require("puppeteer");
+const assert = require("assert");
+
+describe("attemptRefreshingSession", function () {
+    jsdom({
+        url: "http://localhost"
+    });
+
+    let browser;
+
+    before(async () => {
+        spawn("./test/startServer", [
+            process.env.INSTALL_PATH,
+            process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT
+        ]);
+        await new Promise(r => setTimeout(r, 1000));
+    });
+
+    after(async () => {
+        let instance = axios.create();
+        await instance.post(BASE_URL_FOR_ST + "/after");
+        try {
+            await instance.get(BASE_URL_FOR_ST + "/stop");
+        } catch (err) {}
+    });
+
+    beforeEach(async () => {
+        resetAuthHttpRequestFetch();
+        global.document = {};
+        ProcessState.getInstance().reset();
+        let instance = axios.create();
+        await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+        await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+        await instance.post(BASE_URL + "/beforeeach");
+
+        browser = await puppeteer.launch({
+            args: ["--no-sandbox", "--disable-setuid-sandbox"]
+        });
+    });
+
+    afterEach(async () => {
+        if (browser) {
+            await browser.close();
+        }
+    });
+
+    it("should not throw if refresh returns a 401 with a session previously existing", async () => {
+        await startST(2);
+        const page = await browser.newPage();
+
+        await page.setRequestInterception(true);
+
+        page.on("request", req => {
+            const url = req.url();
+
+            if (url === BASE_URL + "/auth/session/refresh") {
+                return req.respond({
+                    status: 401
+                });
+            }
+
+            req.continue();
+        });
+
+        await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+        await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+        await page.evaluate(async () => {
+            let BASE_URL = "http://localhost.org:8080";
+            supertokens.init({
+                apiDomain: BASE_URL
+            });
+            let userId = "testing-supertokens-website";
+
+            // Create a session
+            let loginResponse = await fetch(`${BASE_URL}/login`, {
+                method: "post",
+                headers: {
+                    Accept: "application/json",
+                    "Content-Type": "application/json"
+                },
+                body: JSON.stringify({ userId })
+            });
+
+            await delay(3);
+
+            const res = await supertokens.attemptRefreshingSession();
+            assert.strictEqual(res, false);
+        });
+    });
+});
diff --git a/test/doesSessionExist.test.js b/test/doesSessionExist.test.js
@@ -126,6 +126,50 @@ describe("doesSessionExist", function () {
         });
     });
 
+    it("should not throw if refresh returns a 401 with a session previously existing", async () => {
+        await startST(2);
+        const page = await browser.newPage();
+
+        await page.setRequestInterception(true);
+
+        page.on("request", req => {
+            const url = req.url();
+
+            if (url === BASE_URL + "/auth/session/refresh") {
+                return req.respond({
+                    status: 401
+                });
+            }
+
+            req.continue();
+        });
+
+        await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+        await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+        await page.evaluate(async () => {
+            let BASE_URL = "http://localhost.org:8080";
+            supertokens.init({
+                apiDomain: BASE_URL
+            });
+            let userId = "testing-supertokens-website";
+
+            // Create a session
+            let loginResponse = await fetch(`${BASE_URL}/login`, {
+                method: "post",
+                headers: {
+                    Accept: "application/json",
+                    "Content-Type": "application/json"
+                },
+                body: JSON.stringify({ userId })
+            });
+
+            await delay(3);
+
+            const res = await supertokens.doesSessionExist();
+            assert.strictEqual(res, false);
+        });
+    });
+
     it("should call refresh and return true if the access token expired", async () => {
         await startST(2);
         const page = await browser.newPage();

diff --git a/test/server/package.json b/test/server/package.json
@@ -12,6 +12,6 @@
     "cookie-parser": "1.4.4",
     "cors": "^2.8.5",
     "express": "4.17.1",
-    "supertokens-node": "github:supertokens/supertokens-node#16.0"
+    "supertokens-node": "github:supertokens/supertokens-node"
   }
 }