作者:幸福的小兔子3 | 来源:互联网 | 2023-09-24 15:23
Since API tokens expire after 14 days, it's possible to be "logged out" while the client is open. You stop having permission to do things and stop getting non-public data, but the client still thinks it's logged in. We should detect if this has happened and get the client to prompt for a password so it can get a new token. (related to #219)
What needs to be done:
- In Flarum\Api\LoginWithHeader, if an invalid token is presented, we should return a 401 or 403 + error message.
- The client's
method should look for this specific error. If encountered, it should present a modal to the user asking them to re-enter their password. The modal should contain the username + avatar, a password input, a "login" button, and a "cancel" button.
- If the login button is clicked, it should attempt to get a new token from the API. If successful, dismiss the modal and carry on.
- If the cancel button is clicked, it should unset app.session.user and dismiss the modal.
该提问来源于开源项目:flarum/core
I'll do this sometime today - I've been working with the middleware layer (specifically the json api error management).
京公网安备 11010802041100号