Merge pull request ActiveState#3370 from ActiveState/DX-2922

Fix auth error interrupts user

Author: Naatan

cmd/state/main.go

@@ -168,9 +168,10 @@ func run(args []string, isInteractive bool, cfg *config.Instance, out output.Out
 	if auth.AvailableAPIToken() != "" {
 		jwt, err := svcmodel.GetJWT(context.Background())
 		if err != nil {
-			return locale.NewError("err_main_jwt", "", errs.JoinMessage(err))
+			multilog.Critical("Could not get JWT: %v", errs.JoinMessage(err))
+		} else {
+			auth.UpdateSession(jwt)
 		}
-		auth.UpdateSession(jwt)
 	}
 
 	projectfile.RegisterMigrator(migrator.NewMigrator(auth, cfg))

pkg/platform/authentication/auth.go

@@ -122,7 +122,18 @@ func (s *Auth) Sync() error {
 
 // MaybeRenew will renew the JWT if it has expired
 // This should only be called from the state-svc.
-func (s *Auth) MaybeRenew() error {
+func (s *Auth) MaybeRenew() (rerr error) {
+	defer func() {
+		if rerr == nil {
+			return
+		}
+
+		var errUnauthorized *apiAuth.PostLoginUnauthorized
+		if errors.As(rerr, &errUnauthorized) {
+			logging.Warning("API token invalid, clearing stored token: %s", errUnauthorized.Error())
+			rerr = s.Logout()
+		}
+	}()
 	// If we're out of sync then we should just always renew
 	if s.SyncRequired() {
 		err := s.Sync()
@@ -185,6 +196,7 @@ func (s *Auth) updateRollbarPerson() {
 }
 
 func (s *Auth) resetSession() {
+	s.client = nil
 	s.clientAuth = nil
 	s.lastRenewal = nil
 	s.bearerToken = ""
@@ -359,10 +371,7 @@ func (s *Auth) Logout() error {
 		return locale.WrapError(err, "err_logout_cfg", "Could not update config, if this persists please try running '[ACTIONABLE]state clean config[/RESET]'.")
 	}
 
-	s.client = nil
-	s.clientAuth = nil
-	s.bearerToken = ""
-	s.user = nil
+	s.resetSession()
 
 	// This is a bit of a hack, but it's safe to assume that the global legacy use-case should be reset whenever we logout a specific instance
 	// Handling it any other way would be far too error-prone by comparison