From 4e10f80eb1db7b6e848493a30c4c294d35455991 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Mon, 13 Nov 2023 12:33:07 +0100
Subject: [PATCH] fix: Avoid throwing errors if no token provided on close
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 lib/Controller/SessionController.php | 25 ++++++++++---------------
 src/sessions.js                      |  2 +-
 2 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/lib/Controller/SessionController.php b/lib/Controller/SessionController.php
index 2a825c550..4a28f0a08 100644
--- a/lib/Controller/SessionController.php
+++ b/lib/Controller/SessionController.php
@@ -29,6 +29,8 @@ use OCA\Deck\Db\BoardMapper;
 use OCA\Deck\Service\PermissionService;
 use OCA\Deck\Service\SessionService;
 use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
@@ -43,9 +45,7 @@ class SessionController extends OCSController {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
 	public function create(int $boardId): DataResponse {
 		$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
 
@@ -55,11 +55,7 @@ class SessionController extends OCSController {
 		]);
 	}
 
-	/**
-	 * notifies the server that the session is still active
-	 * @NoAdminRequired
-	 * @param $boardId
-	 */
+	#[NoAdminRequired]
 	public function sync(int $boardId, string $token): DataResponse {
 		$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
 		try {
@@ -70,13 +66,12 @@ class SessionController extends OCSController {
 		}
 	}
 
-	/**
-	 * delete a session if existing
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @param $boardId
-	 */
-	public function close(int $boardId, string $token) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	public function close(int $boardId, string $token = null): DataResponse {
+		if ($token === null) {
+			return new DataResponse();
+		}
 		$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
 		$this->sessionService->closeSession($boardId, $token);
 		return new DataResponse();
diff --git a/src/sessions.js b/src/sessions.js
index 430124463..bef63bd4e 100644
--- a/src/sessions.js
+++ b/src/sessions.js
@@ -117,7 +117,7 @@ export function createSession(boardId) {
 
 	// close session when tab gets hidden/inactive
 	const visibilitychangeListener = () => {
-		if (document.visibilityState === 'hidden') {
+		if (document.visibilityState === 'hidden' && token) {
 			sessionApi.closeSessionViaBeacon(boardId, token)
 			tokenPromise = null
 			token = null