From 45547f1efc1ad2176dfaaeb1e279719c2b1906c7 Mon Sep 17 00:00:00 2001
From: Andrew Kingston <andrew@kingston.dev>
Date: Tue, 25 Jan 2022 15:28:31 +0000
Subject: [PATCH] Improve handling of 403 logouts and return URL cookie

---
 packages/builder/src/api.js                    |  8 +-------
 .../DatasourceNavigator.svelte                 |  6 +++---
 .../builder/src/pages/builder/_layout.svelte   |  9 ++++++---
 packages/builder/src/pages/index.svelte        | 10 +++++++---
 packages/builder/src/stores/portal/auth.js     | 18 +++++++++++++-----
 5 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/packages/builder/src/api.js b/packages/builder/src/api.js
index 982fdc9324..15a3e4f942 100644
--- a/packages/builder/src/api.js
+++ b/packages/builder/src/api.js
@@ -29,13 +29,7 @@ export const API = createAPIClient({
 
     // Logout on 403's
     if (status === 403) {
-      // Don't do anything if fetching templates.
-      // TODO: clarify why this is here
-      if (url.includes("/api/templates")) {
-        return
-      }
-
-      // Remove the auth cookie
+      // Remove cookies
       CookieUtils.removeCookie(Constants.Cookies.Auth)
 
       // Reload after removing cookie, go to login
diff --git a/packages/builder/src/components/backend/DatasourceNavigator/DatasourceNavigator.svelte b/packages/builder/src/components/backend/DatasourceNavigator/DatasourceNavigator.svelte
index b40686afb5..661c125377 100644
--- a/packages/builder/src/components/backend/DatasourceNavigator/DatasourceNavigator.svelte
+++ b/packages/builder/src/components/backend/DatasourceNavigator/DatasourceNavigator.svelte
@@ -64,10 +64,10 @@
     }
   }
 
-  onMount(() => {
+  onMount(async () => {
     try {
-      datasources.fetch()
-      queries.fetch()
+      await datasources.fetch()
+      await queries.fetch()
     } catch (error) {
       notifications.error("Error fetching datasources and queries")
     }
diff --git a/packages/builder/src/pages/builder/_layout.svelte b/packages/builder/src/pages/builder/_layout.svelte
index 1bdf495113..607b7c9c71 100644
--- a/packages/builder/src/pages/builder/_layout.svelte
+++ b/packages/builder/src/pages/builder/_layout.svelte
@@ -3,7 +3,6 @@
   import { admin, auth } from "stores/portal"
   import { onMount } from "svelte"
   import { CookieUtils, Constants } from "@budibase/frontend-core"
-  import { notifications } from "@budibase/bbui"
 
   let loaded = false
 
@@ -57,11 +56,15 @@
 
   onMount(async () => {
     try {
+      await auth.checkAuth()
+      await admin.init()
+
+      // Set init info if present
       if ($params["?template"]) {
         await auth.setInitInfo({ init_template: $params["?template"] })
       }
-      await auth.checkAuth()
-      await admin.init()
+
+      // Validate tenant if in a multi-tenant env
       if (useAccountPortal && multiTenancyEnabled) {
         await validateTenantId()
       }
diff --git a/packages/builder/src/pages/index.svelte b/packages/builder/src/pages/index.svelte
index 477097f726..c6eaba8ff1 100644
--- a/packages/builder/src/pages/index.svelte
+++ b/packages/builder/src/pages/index.svelte
@@ -2,10 +2,14 @@
   import { redirect } from "@roxi/routify"
   import { auth } from "../stores/portal"
   import { onMount } from "svelte"
+  import { notifications } from "@budibase/bbui"
 
-  auth.checkQueryString()
-
-  onMount(() => {
+  onMount(async () => {
+    try {
+      await auth.checkQueryString()
+    } catch (error) {
+      notifications.error("Error setting org")
+    }
     $redirect(`./builder`)
   })
 </script>
diff --git a/packages/builder/src/stores/portal/auth.js b/packages/builder/src/stores/portal/auth.js
index b0f626099c..7dacdec304 100644
--- a/packages/builder/src/stores/portal/auth.js
+++ b/packages/builder/src/stores/portal/auth.js
@@ -98,7 +98,7 @@ export function createAuthStore() {
     return info
   }
 
-  async function setPostLogout() {
+  function setPostLogout() {
     auth.update(store => {
       store.postLogout = true
       return store
@@ -130,8 +130,16 @@ export function createAuthStore() {
       await setOrganisation(tenantId)
     },
     checkAuth: async () => {
-      const user = await API.fetchBuilderSelf()
-      setUser(user)
+      // We need to catch this locally as we never want this to fail, even
+      // though normally we never want to swallow API errors at the store level.
+      // We're either logged in or we aren't.
+      // We also need to always update the loaded flag.
+      try {
+        const user = await API.fetchBuilderSelf()
+        setUser(user)
+      } catch (error) {
+        setUser(null)
+      }
     },
     login: async creds => {
       const tenantId = get(store).tenantId
@@ -143,10 +151,10 @@ export function createAuthStore() {
       setUser(response.user)
     },
     logout: async () => {
-      await API.logOut()
-      await setInitInfo({})
       setUser(null)
       setPostLogout()
+      await API.logOut()
+      await setInitInfo({})
     },
     updateSelf: async fields => {
       const newUser = { ...get(auth).user, ...fields }