fix(desktop): token validation and cookie parsing (#5569)

This fixes desktop app auth failures where users encounter "Session expired" errors when creating environments or saving requests despite being logged in. The issue occurred because token verify/validation works on web (cookie-based auth) but fails on desktop (bearer token auth). The desktop implementation had flaky response parsing in `verifyAuthTokens()`. Includes some future proofing work around cookie parsing in `setAuthCookies()`, for Set-Cookie headers contain commas or are concatenated with newlines (see #5394).
2025-11-10 23:10:43 +05:30 · 2025-11-10 23:10:43 +05:30 · eee92bbeeb
commit eee92bbeeb
parent f8cb75895f
2 changed files with 14 additions and 20 deletions
--- a/packages/hoppscotch-common/src/components.d.ts
+++ b/packages/hoppscotch-common/src/components.d.ts
@ -143,8 +143,6 @@ declare module 'vue' {
    HoppSmartProgressRing: typeof import('@hoppscotch/ui')['HoppSmartProgressRing']
    HoppSmartRadio: typeof import('@hoppscotch/ui')['HoppSmartRadio']
    HoppSmartRadioGroup: typeof import('@hoppscotch/ui')['HoppSmartRadioGroup']
-    HoppSmartSelect: typeof import('@hoppscotch/ui')['HoppSmartSelect']
-    HoppSmartSelectOption: typeof import('@hoppscotch/ui')['HoppSmartSelectOption']
    HoppSmartSelectWrapper: typeof import('@hoppscotch/ui')['HoppSmartSelectWrapper']
    HoppSmartSlideOver: typeof import('@hoppscotch/ui')['HoppSmartSlideOver']
    HoppSmartSpinner: typeof import('@hoppscotch/ui')['HoppSmartSpinner']
@ -214,11 +212,9 @@ declare module 'vue' {
    IconLucideArrowLeft: typeof import('~icons/lucide/arrow-left')['default']
    IconLucideArrowUpRight: typeof import('~icons/lucide/arrow-up-right')['default']
    IconLucideBrush: typeof import('~icons/lucide/brush')['default']
-    IconLucideCheck: typeof import('~icons/lucide/check')['default']
    IconLucideCheckCircle: typeof import('~icons/lucide/check-circle')['default']
    IconLucideChevronRight: typeof import('~icons/lucide/chevron-right')['default']
    IconLucideCircleCheck: typeof import('~icons/lucide/circle-check')['default']
-    IconLucideCopy: typeof import('~icons/lucide/copy')['default']
    IconLucideGlobe: typeof import('~icons/lucide/globe')['default']
    IconLucideHelpCircle: typeof import('~icons/lucide/help-circle')['default']
    IconLucideInbox: typeof import('~icons/lucide/inbox')['default']
--- a/packages/hoppscotch-selfhost-web/src/platform/auth/desktop/index.ts
+++ b/packages/hoppscotch-selfhost-web/src/platform/auth/desktop/index.ts
@ -171,9 +171,6 @@ export async function setInitialUser() {
  isGettingInitialUser.value = true
  const res = await getInitialUserDetails()

-  // NOTE: This is required for further diagnosis,
-  //       to be removed after patch confirmation.
-  console.info("Auth response structure:", JSON.stringify(res, null, 2))
  if ("error" in res) {
    await setUser(null)
    isGettingInitialUser.value = false
@ -291,19 +288,16 @@ async function sendMagicLink(email: string) {

 async function setAuthCookies(headers: Headers) {
  const cookieHeader = headers.get("set-cookie")
-  const cookies = cookieHeader ? cookieHeader.split(",") : []
+  if (!cookieHeader) return

-  const accessTokenMatch = cookies.join(",").match(/access_token=([^;]+)/)
-  const refreshTokenMatch = cookies.join(",").match(/refresh_token=([^;]+)/)
+  const accessTMatch = cookieHeader.match(/access_token=([^;,\s]+)/)
+  const refreshTMatch = cookieHeader.match(/refresh_token=([^;,\s]+)/)

-  if (accessTokenMatch) {
-    const accessToken = accessTokenMatch[1]
-    await persistenceService.setLocalConfig("access_token", accessToken)
+  if (accessTMatch) {
+    await persistenceService.setLocalConfig("access_token", accessTMatch[1])
  }
-
-  if (refreshTokenMatch) {
-    const refreshToken = refreshTokenMatch[1]
-    await persistenceService.setLocalConfig("refresh_token", refreshToken)
+  if (refreshTMatch) {
+    await persistenceService.setLocalConfig("refresh_token", refreshTMatch[1])
  }
 }

@ -551,10 +545,14 @@ export const def: AuthPlatformDef = {
    })

    const res = await response
-    if (E.isLeft(res)) {
-      return false
+    if (E.isLeft(res)) return false
+
+    const parsed = parseBodyAsJSON<{ isValid: boolean }>(res.right.body)
+    if (parsed._tag === "Some" && parsed.value.isValid) {
+      return true
    }

-    return res.right.isValid
+    const refreshed = await refreshToken()
+    return refreshed ?? false
  },
 }