fix(auth): treat expired JWTs as no identity, improve logout and token verification flow, and bump deps
This commit is contained in:
10
changelog.md
10
changelog.md
@@ -1,5 +1,15 @@
|
||||
# Changelog
|
||||
|
||||
## 2026-03-04 - 11.0.1 - fix(auth)
|
||||
treat expired JWTs as no identity, improve logout and token verification flow, and bump deps
|
||||
|
||||
- App: getActionContext now treats expired JWTs as null to avoid using stale identities for requests.
|
||||
- Logout action always clears local login state; server-side adminLogout is attempted only when a valid identity exists.
|
||||
- Dashboard: verify persisted JWT with server (verifyIdentity) on startup; if verification fails, clear state and show login.
|
||||
- Auto-refresh: on combined refresh failure, detect auth-related errors (invalid/unauthorized/401), dispatch logout and reload to force re-login.
|
||||
- Deps: bumped devDependencies @git.zone/tstest (^3.2.0) and @git.zone/tswatch (^3.2.5); added runtime dependency @push.rocks/lik (^6.2.2).
|
||||
- Tests/artifacts: added Playwright console logs and page screenshots (test artifacts) to the commit.
|
||||
|
||||
## 2026-03-03 - 11.0.0 - BREAKING CHANGE(opsserver)
|
||||
Require authentication for OpsServer endpoints, split handlers into authenticated view/admin routers, and make identity required on many TypedRequest interfaces
|
||||
|
||||
|
||||
Reference in New Issue
Block a user