From 0e616621199d7a307f6edeaff94406d492ef09ca Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 23 Sep 2021 14:49:30 +0200
Subject: [PATCH] feat: Redirect to Login when JWT has expired

---
 backend/src/jwt/decode.ts    | 4 ++--
 frontend/src/locales/de.json | 3 ++-
 frontend/src/locales/en.json | 3 ++-
 frontend/src/main.js         | 6 ++++++
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/backend/src/jwt/decode.ts b/backend/src/jwt/decode.ts
index 47cf62154..2e24386b3 100644
--- a/backend/src/jwt/decode.ts
+++ b/backend/src/jwt/decode.ts
@@ -5,7 +5,7 @@ import jwt from 'jsonwebtoken'
 import CONFIG from '../config/'
 
 export default (token: string): any => {
-  if (!token) return null
+  if (!token) return new Error('401 Unauthorized')
   let sessionId = null
   try {
     const decoded = jwt.verify(token, CONFIG.JWT_SECRET)
@@ -15,6 +15,6 @@ export default (token: string): any => {
       sessionId,
     }
   } catch (err) {
-    return null
+    throw new Error('403.13 - Client certificate revoked')
   }
 }
diff --git a/frontend/src/locales/de.json b/frontend/src/locales/de.json
index 5db1c0a82..8999922cf 100644
--- a/frontend/src/locales/de.json
+++ b/frontend/src/locales/de.json
@@ -36,7 +36,8 @@
   "error": {
     "change-password": "Fehler beim Ändern des Passworts",
     "error": "Fehler",
-    "no-account": "Leider konnten wir keinen Account finden mit diesen Daten!"
+    "no-account": "Leider konnten wir keinen Account finden mit diesen Daten!",
+    "session-expired": "Sitzung abgelaufen!"
   },
   "form": {
     "amount": "Betrag",
diff --git a/frontend/src/locales/en.json b/frontend/src/locales/en.json
index 9ca544440..7a06beeb4 100644
--- a/frontend/src/locales/en.json
+++ b/frontend/src/locales/en.json
@@ -36,7 +36,8 @@
   "error": {
     "change-password": "Error while changing password",
     "error": "Error",
-    "no-account": "Unfortunately we could not find an account to the given data!"
+    "no-account": "Unfortunately we could not find an account to the given data!",
+    "session-expired": "The session expired"
   },
   "form": {
     "amount": "Amount",
diff --git a/frontend/src/main.js b/frontend/src/main.js
index 0b0e98e2d..ba7015049 100755
--- a/frontend/src/main.js
+++ b/frontend/src/main.js
@@ -21,6 +21,12 @@ const authLink = new ApolloLink((operation, forward) => {
     },
   })
   return forward(operation).map((response) => {
+    if (response.errors && response.errors[0].message === '403.13 - Client certificate revoked') {
+      response.errors[0].message = i18n.t('error.session-expired')
+      store.dispatch('logout', null)
+      if (router.currentRoute.path !== '/login') router.push('/login')
+      return response
+    }
     const newToken = operation.getContext().response.headers.get('token')
     if (newToken) store.commit('token', newToken)
     return response