fix(auth/refresh): send 403 res for invalid token to properly invalidate session (#1068)

2025-09-22 08:12:00 +02:00 · 2023-10-17 08:34:14 -04:00 · 2023-10-17 08:34:14 -04:00 · ddf56db316
commit ddf56db316
parent 377f2c7c19
2 changed files with 12 additions and 11 deletions
--- a/api/server/controllers/AuthController.js
+++ b/api/server/controllers/AuthController.js
@ -112,7 +112,9 @@ const refreshController = async (req, res) => {
      res.status(401).send('Refresh token expired or not found for this user');
    }
  } catch (err) {
-    res.status(401).send('Invalid refresh token');
+    console.error('Refresh token error', refreshToken);
+    console.error(err);
+    res.status(403).send('Invalid refresh token');
  }
 };