Fix funny beforeunload issues

app/controllers/api/users_controller.rb

@@ -36,17 +36,13 @@ module Api
         .as_json
         .merge!(params.as_json["user"] || {})
         .deep_symbolize_keys
-      jti = RequestStore
-              .store
-              .dig(:jwt, :jti) || "NONE FOUND"
       {email:                     user[:email],
        name:                      user[:name],
        password:                  user[:password],
        password_confirmation:     user[:password_confirmation],
        new_password:              user[:new_password],
        new_password_confirmation: user[:new_password_confirmation],
-       agree_to_terms:            user[:agree_to_terms],
-       jti:                       jti}
+       agree_to_terms:            user[:agree_to_terms]}
     end
   end
 end

app/mutations/users/update.rb

@@ -10,9 +10,6 @@ module Users
       string :password
       string :new_password
       string :new_password_confirmation
-      # Lock everyone out except for the person who requested
-      # the password change.
-      string :old_token_jti
     end
 
     def validate
@@ -37,10 +34,12 @@ module Users
 private
 
     def delete_all_tokens_except_this_one
+      # Lock everyone out except for the person who requested
+      # the password change.
       TokenIssuance
         .where(device_id: user.device.id)
         .where
-        .not(jti: old_token_jti)
+        .not(jti: (RequestStore[:jwt]||{})[:jti])
         .destroy_all
     end
 

webpack/redux/subscribers.ts

@@ -16,8 +16,9 @@ export function unsavedCheck(state: Everything) {
   const total = dirty.length;
   const doStop = (total !== 0);
   const conf = getWebAppConfig(index);
+  const loggedOut = !localStorage.session;
 
-  if (conf && conf.body.discard_unsaved) {
+  if ((conf && conf.body.discard_unsaved) || loggedOut) {
     window.onbeforeunload = dontStopThem;
   } else {
     window.onbeforeunload = doStop ? stopThem : dontStopThem;