Improve handling of 403 logouts and return URL cookie

packages/builder/src/api.js

@@ -29,13 +29,7 @@ export const API = createAPIClient({
 
     // Logout on 403's
     if (status === 403) {
-      // Don't do anything if fetching templates.
-      // TODO: clarify why this is here
-      if (url.includes("/api/templates")) {
-        return
-      }
-
-      // Remove the auth cookie
+      // Remove cookies
       CookieUtils.removeCookie(Constants.Cookies.Auth)
 
       // Reload after removing cookie, go to login

packages/builder/src/components/backend/DatasourceNavigator/DatasourceNavigator.svelte

@@ -64,10 +64,10 @@
     }
   }
 
-  onMount(() => {
+  onMount(async () => {
     try {
-      datasources.fetch()
-      queries.fetch()
+      await datasources.fetch()
+      await queries.fetch()
     } catch (error) {
       notifications.error("Error fetching datasources and queries")
     }

packages/builder/src/pages/builder/_layout.svelte

@@ -3,7 +3,6 @@
   import { admin, auth } from "stores/portal"
   import { onMount } from "svelte"
   import { CookieUtils, Constants } from "@budibase/frontend-core"
-  import { notifications } from "@budibase/bbui"
 
   let loaded = false
 
@@ -57,11 +56,15 @@
 
   onMount(async () => {
     try {
+      await auth.checkAuth()
+      await admin.init()
+
+      // Set init info if present
       if ($params["?template"]) {
         await auth.setInitInfo({ init_template: $params["?template"] })
       }
-      await auth.checkAuth()
-      await admin.init()
+
+      // Validate tenant if in a multi-tenant env
       if (useAccountPortal && multiTenancyEnabled) {
         await validateTenantId()
       }

packages/builder/src/pages/index.svelte

@@ -2,10 +2,14 @@
   import { redirect } from "@roxi/routify"
   import { auth } from "../stores/portal"
   import { onMount } from "svelte"
+  import { notifications } from "@budibase/bbui"
 
-  auth.checkQueryString()
-
-  onMount(() => {
+  onMount(async () => {
+    try {
+      await auth.checkQueryString()
+    } catch (error) {
+      notifications.error("Error setting org")
+    }
     $redirect(`./builder`)
   })
 </script>

packages/builder/src/stores/portal/auth.js

@@ -98,7 +98,7 @@ export function createAuthStore() {
     return info
   }
 
-  async function setPostLogout() {
+  function setPostLogout() {
     auth.update(store => {
       store.postLogout = true
       return store
@@ -130,8 +130,16 @@ export function createAuthStore() {
       await setOrganisation(tenantId)
     },
     checkAuth: async () => {
-      const user = await API.fetchBuilderSelf()
-      setUser(user)
+      // We need to catch this locally as we never want this to fail, even
+      // though normally we never want to swallow API errors at the store level.
+      // We're either logged in or we aren't.
+      // We also need to always update the loaded flag.
+      try {
+        const user = await API.fetchBuilderSelf()
+        setUser(user)
+      } catch (error) {
+        setUser(null)
+      }
     },
     login: async creds => {
       const tenantId = get(store).tenantId
@@ -143,10 +151,10 @@ export function createAuthStore() {
       setUser(response.user)
     },
     logout: async () => {
-      await API.logOut()
-      await setInitInfo({})
       setUser(null)
       setPostLogout()
+      await API.logOut()
+      await setInitInfo({})
     },
     updateSelf: async fields => {
       const newUser = { ...get(auth).user, ...fields }