fix(auth): handle non-existent user with 401 error and update locale messages (#6381)

* fix(auth): handle non-existent user with 401 error and update locale messages * fix(auth): enhance error handling for 401 status with specific error codes * fix(auth): improve 401 error handling by checking for specific error codes
2025-05-05 13:39:24 +08:00 · 2025-03-09 08:09:13 +08:00 · 2025-03-09 08:09:13 +08:00 · 79ef798b38
commit 79ef798b38
parent 3f6ecd65ed
6 changed files with 22 additions and 5 deletions
--- a/packages/core/auth/src/tests/base-auth.test.ts
+++ b/packages/core/auth/src/tests/base-auth.test.ts
@ -10,7 +10,6 @@
 import { vi } from 'vitest';
 import { BaseAuth } from '../base/auth';
 import { AuthErrorCode } from '../auth';
-import jwt from 'jsonwebtoken';

 describe('base-auth', () => {
  it('should validate username', () => {
--- a/packages/core/auth/src/tests/middleware.test.ts
+++ b/packages/core/auth/src/tests/middleware.test.ts
@ -85,4 +85,13 @@ describe('middleware', () => {
      expect(res.body.errors.some((error) => error.code === AuthErrorCode.EMPTY_TOKEN)).toBe(true);
    });
  });
+
+  describe('not exist user', async () => {
+    it('should throw 401 when user not exist', async () => {
+      const notExistUserAgent = await agent.login(1001);
+      const res = await notExistUserAgent.resource('auth').check();
+      expect(res.status).toBe(401);
+      expect(res.body.errors.some((error) => error.code === AuthErrorCode.NOT_EXIST_USER)).toBe(true);
+    });
+  });
 });
--- a/packages/core/auth/src/base/auth.ts
+++ b/packages/core/auth/src/base/auth.ts
@ -118,6 +118,13 @@ export class BaseAuth extends Auth {
        )
      : null;

+    if (!user) {
+      this.ctx.throw(401, {
+        message: this.ctx.t('User not found. Please sign in again to continue.', { ns: localeNamespace }),
+        code: AuthErrorCode.NOT_EXIST_USER,
+      });
+    }
+
    if (roleName) {
      this.ctx.headers['x-role'] = roleName;
    }
--- a/packages/plugins/@nocobase/plugin-auth/src/client/interceptors.ts
+++ b/packages/plugins/@nocobase/plugin-auth/src/client/interceptors.ts
@ -61,7 +61,7 @@ export function authCheckMiddleware({ app }: { app: Application }) {
      app.apiClient.auth.setToken(newToken);
    }

-    if (error.status === 401) {
+    if (error.status === 401 && firstError?.code && AuthErrorCode[firstError.code]) {
      app.apiClient.auth.setToken('');
      if (pathname === app.getHref('signin') && firstError?.code !== AuthErrorCode.EMPTY_TOKEN && error.config) {
        error.config.skipNotify = false;
@ -74,7 +74,7 @@ export function authCheckMiddleware({ app }: { app: Application }) {
      }
    }

-    if (error.status === 401 && !error.config?.skipAuth) {
+    if (error.status === 401 && !error.config?.skipAuth && firstError?.code && AuthErrorCode[firstError.code]) {
      if (!firstError || firstError?.code === AuthErrorCode.SKIP_TOKEN_RENEW) {
        throw error;
      }
--- a/packages/plugins/@nocobase/plugin-auth/src/locale/en-US.json
+++ b/packages/plugins/@nocobase/plugin-auth/src/locale/en-US.json
@ -45,5 +45,6 @@
  "The maximum time limit allowed for refreshing a Token after it expires. After this time limit, the token cannot be automatically renewed, and the user needs to log in again.": "The maximum time limit allowed for refreshing a Token after it expires. After this time limit, the token cannot be automatically renewed, and the user needs to log in again.",
  "In configuration mode, the entire column becomes transparent. In non-configuration mode, the entire column will be hidden. Even if the entire column is hidden, its configured default values and other settings will still take effect.": "In configuration mode, the entire column becomes transparent. In non-configuration mode, the entire column will be hidden. Even if the entire column is hidden, its configured default values and other settings will still take effect.",
  "Your session has expired. Please sign in again.": "Your session has expired. Please sign in again.",
-  "Unauthenticated. Please sign in to continue.": "Unauthenticated. Please sign in to continue."
+  "Unauthenticated. Please sign in to continue.": "Unauthenticated. Please sign in to continue.",
+  "User not found. Please sign in again to continue.": "User not found. Please sign in again to continue."
 }
--- a/packages/plugins/@nocobase/plugin-auth/src/locale/zh-CN.json
+++ b/packages/plugins/@nocobase/plugin-auth/src/locale/zh-CN.json
@ -44,5 +44,6 @@
  "The validity period of each issued API Token. After the Token expires, if it is within the session validity period and has not exceeded the refresh limit, the server will automatically issue a new Token to maintain the user session, otherwise the user is required to log in again. (Each Token can only be refreshed once)": "每次签发的 API Token 的有效期。Token 过期后，如果处于会话有效期内，并且没有超过刷新时限，服务端将自动签发新 Token 以保持用户会话，否则要求用户重新登录。（每个 Token 只能被刷新一次）",
  "The maximum time limit allowed for refreshing a Token after it expires. After this time limit, the token cannot be automatically renewed, and the user needs to log in again.": "Token 过期后允许刷新的最大时限，超过此时限后，Token 无法自动更新，用户需重新登录。",
  "Your session has expired. Please sign in again.": "您的会话已过期，请重新登录。",
-  "Unauthenticated. Please sign in to continue.": "未认证。请登录以继续。"
+  "Unauthenticated. Please sign in to continue.": "未认证。请登录以继续。",
+  "User not found. Please sign in again to continue.": "用户不存在。请重新登录以继续。"
 }