ring
ring copied to clipboard
dgreif
Infinite loop in geAuth
Is there an existing issue for this?
- [X] I have searched the existing issues
Describe The Bug
https://github.com/dgreif/ring/blob/main/packages/ring-client-api/rest-client.ts#L268
Doesn't this line cause a recursive request loop on a service or connection failure?
To Reproduce
No response
Expected behavior
N/A
Relevant log output
No response
Screenshots
No response
Additional context
No response
OS
All
Node.js Version
All
NPM Version
N/A
ring-client-api
11
Operating System
All
Nevermind, I was having a hard time following the code. authConfig gets cleared. It does seem like there's an issue here where any service/connection failure clears the auth.
I think this is a duplicate of my issue here: https://github.com/dgreif/ring/issues/1071
@tsightler yeah, I am not sure why the refresh token is ever cleared. If the client enters a auth failure state, the failures should continue with the last known refresh token, which may recover. But as of now it clears the refresh token and guarantees it will never recover.
I think it's just because the same code path is used for the initial authentication so, for example, if there is a configured token, but that saved token isn't valid, it's cleared so the same code path can be used to re-authenticate via standard 2FA auth. That's actually fine for the case where the token truly is invalid (for example, user removes account from authorized devices), but it's not good for the case where the token is only temporarily not working, which is the far more common case, in my experience.
Yeah, gonna try this and see if it works better. I don't think the rest client should be responsible for refresh token clearing. That requires user interaction, and it happens silently now. https://github.com/koush/ring/commit/4e95093f76a66b40abf9c6886855ed38448d9e72