fix: only logout STFC users with a valid token

Only call the logout method on the STFC web service if: there is a valid token in the cache, or the web service reports that the token is valid
UserOfficeProject · Jun 13, 2023 · 132f050 · 132f050
1 parent 973d3f2
commit 132f050
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/apps/user-office-backend/src/auth/StfcUserAuthorization.ts b/apps/user-office-backend/src/auth/StfcUserAuthorization.ts
@@ -227,6 +227,17 @@ export class StfcUserAuthorization extends UserAuthorization {
       if (token) {
         this.uowsTokenCache.remove(token);
 
+        const isValidToken = await this.isExternalTokenValid(token);
+
+        if (!isValidToken) {
+          logger.logInfo(
+            'UOWS token found to be invalid, skipping UOWS logout call',
+            { token }
+          );
+
+          return Promise.resolve('User already logged out');
+        }
+
         return await client.logout(token).catch(() => {
           logger.logWarn('Failed to log out user', { token });