Logout trigger a conflict error in CouchDB about superlogin HOT 7 OPEN

Can you isolate a specific way to reproduce this error?

from superlogin.

By trying to describe it I realized this is probably mostly a client issue

Using the client library (tested with my vanilla but not with your Angularjs).
The easiest way is to set the refreshThreshold nothing (Number.EPSILON).
When calling logout, the hook will trigger the refresh call which will change the data of couchdb between the read and the write done by logout.
It might be a problem with Axios that I use for the interceptor (api based on http of Angularjs), but you should take a look, just in case.

from superlogin.

This issue probably don't belong here

from superlogin.

I get what you are saying. If the same user makes two calls to the SuperLogin API at the exact same time then there could be a document update conflict. The refresh handler on ng-superlogin does cause two requests to fire at the same time.

I think the simplest solution is for the interceptor to require the refresh call to finish before sending the original request.

from superlogin.

So here what worked for me on my client (publishing soon)
I turned checkRefresh into a promise already, so in the request interceptor I return checkRefresh to make sure the refresh is finished before logout (or any other call) is done.

Here the snippet:

const request = req => {
    const config = this.getConfig();
    const session = this.getSession();
    if (!session || !session.token) {
        return Promise.resolve(req);
    }

    return this.checkRefresh().then(() => {
        if (checkEndpoint(req.url, config.endpoints)) {
            req.headers.Authorization = 'Bearer ' + session.token + ':' + session.password;
        }
        return req;
    });
};

So I didn't test with ng-superlogin (since I don't use Angular.js), but you might need to do something similar.

from superlogin.

I was thinking to do the exact same thing. The disadvantage is that it could slightly delay the user's request if refresh is required. It is a waste to refresh before actions like logout.

What I'm thinking is to add a _superloginNoRefresh property to the $http config object for logout and logout-all. When the request interceptor sees this property it will not attempt checkRefresh(). For actions like change-email I will pass _superloginDelayRequest which will refresh then fire the request as you have done above.

Outside the SuperLogin API the requests can fire at the same time without side effects.

from superlogin.

That could do the trick indeed

from superlogin.