From 439af5f21d9cc69eaa83e0b8a815f683314b77c1 Mon Sep 17 00:00:00 2001
From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com>
Date: Sat, 14 Mar 2026 09:26:47 +0100
Subject: [PATCH] Task/consolidate sign-out logic (#6526)

* Consolidate sign-out logic

* Update changelog
---
 CHANGELOG.md                                  |  1 +
 apps/client/src/app/app.component.ts          |  7 ++--
 .../admin-users/admin-users.component.ts      |  5 +--
 .../user-account-access.component.ts          |  5 +--
 .../user-account-settings.component.ts        |  5 +--
 apps/client/src/app/core/auth.guard.ts        |  2 +-
 .../src/app/core/http-response.interceptor.ts |  6 ++--
 .../pages/register/register-page.component.ts |  6 ++--
 .../src/app/services/token-storage.service.ts | 26 +-------------
 .../src/app/services/user/user.service.ts     | 36 +++++++++++++++++--
 10 files changed, 49 insertions(+), 50 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 103a09fbb..03fbc962c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- Consolidated the sign-out logic within the user service to unify cookie, state and token clearance
 - Upgraded `svgmap` from version `2.14.0` to `2.19.2`
 
 ## 2.249.0 - 2026-03-10
diff --git a/apps/client/src/app/app.component.ts b/apps/client/src/app/app.component.ts
index 3daca607a..0e7d50a54 100644
--- a/apps/client/src/app/app.component.ts
+++ b/apps/client/src/app/app.component.ts
@@ -38,7 +38,6 @@ import { GfHeaderComponent } from './components/header/header.component';
 import { GfHoldingDetailDialogComponent } from './components/holding-detail-dialog/holding-detail-dialog.component';
 import { HoldingDetailDialogParams } from './components/holding-detail-dialog/interfaces/interfaces';
 import { ImpersonationStorageService } from './services/impersonation-storage.service';
-import { TokenStorageService } from './services/token-storage.service';
 import { UserService } from './services/user/user.service';
 
 @Component({
@@ -82,7 +81,6 @@ export class GfAppComponent implements OnDestroy, OnInit {
     private route: ActivatedRoute,
     private router: Router,
     private title: Title,
-    private tokenStorageService: TokenStorageService,
     private userService: UserService
   ) {
     this.initializeTheme();
@@ -236,12 +234,11 @@ export class GfAppComponent implements OnDestroy, OnInit {
   }
 
   public onCreateAccount() {
-    this.tokenStorageService.signOut();
+    this.userService.signOut();
   }
 
   public onSignOut() {
-    this.tokenStorageService.signOut();
-    this.userService.remove();
+    this.userService.signOut();
 
     document.location.href = `/${document.documentElement.lang}`;
   }
diff --git a/apps/client/src/app/components/admin-users/admin-users.component.ts b/apps/client/src/app/components/admin-users/admin-users.component.ts
index d479f2037..7916acffd 100644
--- a/apps/client/src/app/components/admin-users/admin-users.component.ts
+++ b/apps/client/src/app/components/admin-users/admin-users.component.ts
@@ -1,7 +1,6 @@
 import { UserDetailDialogParams } from '@ghostfolio/client/components/user-detail-dialog/interfaces/interfaces';
 import { GfUserDetailDialogComponent } from '@ghostfolio/client/components/user-detail-dialog/user-detail-dialog.component';
 import { ImpersonationStorageService } from '@ghostfolio/client/services/impersonation-storage.service';
-import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service';
 import { UserService } from '@ghostfolio/client/services/user/user.service';
 import { DEFAULT_PAGE_SIZE } from '@ghostfolio/common/config';
 import { ConfirmationDialogType } from '@ghostfolio/common/enums';
@@ -106,7 +105,6 @@ export class GfAdminUsersComponent implements OnDestroy, OnInit {
     private notificationService: NotificationService,
     private route: ActivatedRoute,
     private router: Router,
-    private tokenStorageService: TokenStorageService,
     private userService: UserService
   ) {
     this.deviceType = this.deviceService.getDeviceInfo().deviceType;
@@ -229,8 +227,7 @@ export class GfAdminUsersComponent implements OnDestroy, OnInit {
             this.notificationService.alert({
               discardFn: () => {
                 if (aUserId === this.user.id) {
-                  this.tokenStorageService.signOut();
-                  this.userService.remove();
+                  this.userService.signOut();
 
                   document.location.href = `/${document.documentElement.lang}`;
                 }
diff --git a/apps/client/src/app/components/user-account-access/user-account-access.component.ts b/apps/client/src/app/components/user-account-access/user-account-access.component.ts
index ef78cccff..4f744a087 100644
--- a/apps/client/src/app/components/user-account-access/user-account-access.component.ts
+++ b/apps/client/src/app/components/user-account-access/user-account-access.component.ts
@@ -1,5 +1,4 @@
 import { GfAccessTableComponent } from '@ghostfolio/client/components/access-table/access-table.component';
-import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service';
 import { UserService } from '@ghostfolio/client/services/user/user.service';
 import { CreateAccessDto } from '@ghostfolio/common/dtos';
 import { ConfirmationDialogType } from '@ghostfolio/common/enums';
@@ -76,7 +75,6 @@ export class GfUserAccountAccessComponent implements OnDestroy, OnInit {
     private notificationService: NotificationService,
     private route: ActivatedRoute,
     private router: Router,
-    private tokenStorageService: TokenStorageService,
     private userService: UserService
   ) {
     const { globalPermissions } = this.dataService.fetchInfo();
@@ -161,8 +159,7 @@ export class GfUserAccountAccessComponent implements OnDestroy, OnInit {
           .subscribe(({ accessToken }) => {
             this.notificationService.alert({
               discardFn: () => {
-                this.tokenStorageService.signOut();
-                this.userService.remove();
+                this.userService.signOut();
 
                 document.location.href = `/${document.documentElement.lang}`;
               },
diff --git a/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts b/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts
index 44be30b9a..0cf18df36 100644
--- a/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts
+++ b/apps/client/src/app/components/user-account-settings/user-account-settings.component.ts
@@ -3,7 +3,6 @@ import {
   KEY_TOKEN,
   SettingsStorageService
 } from '@ghostfolio/client/services/settings-storage.service';
-import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service';
 import { UserService } from '@ghostfolio/client/services/user/user.service';
 import { WebAuthnService } from '@ghostfolio/client/services/web-authn.service';
 import { ConfirmationDialogType } from '@ghostfolio/common/enums';
@@ -108,7 +107,6 @@ export class GfUserAccountSettingsComponent implements OnDestroy, OnInit {
     private notificationService: NotificationService,
     private settingsStorageService: SettingsStorageService,
     private snackBar: MatSnackBar,
-    private tokenStorageService: TokenStorageService,
     private userService: UserService,
     public webAuthnService: WebAuthnService
   ) {
@@ -198,8 +196,7 @@ export class GfUserAccountSettingsComponent implements OnDestroy, OnInit {
             takeUntil(this.unsubscribeSubject)
           )
           .subscribe(() => {
-            this.tokenStorageService.signOut();
-            this.userService.remove();
+            this.userService.signOut();
 
             document.location.href = `/${document.documentElement.lang}`;
           });
diff --git a/apps/client/src/app/core/auth.guard.ts b/apps/client/src/app/core/auth.guard.ts
index 123a6169a..3292f0ff7 100644
--- a/apps/client/src/app/core/auth.guard.ts
+++ b/apps/client/src/app/core/auth.guard.ts
@@ -68,7 +68,7 @@ export class AuthGuard {
             this.dataService
               .putUserSetting({ language: document.documentElement.lang })
               .subscribe(() => {
-                this.userService.remove();
+                this.userService.reset();
 
                 setTimeout(() => {
                   window.location.reload();
diff --git a/apps/client/src/app/core/http-response.interceptor.ts b/apps/client/src/app/core/http-response.interceptor.ts
index ab99b440f..315e9d64e 100644
--- a/apps/client/src/app/core/http-response.interceptor.ts
+++ b/apps/client/src/app/core/http-response.interceptor.ts
@@ -1,4 +1,4 @@
-import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service';
+import { UserService } from '@ghostfolio/client/services/user/user.service';
 import { WebAuthnService } from '@ghostfolio/client/services/web-authn.service';
 import { InfoItem } from '@ghostfolio/common/interfaces';
 import { internalRoutes, publicRoutes } from '@ghostfolio/common/routes/routes';
@@ -32,8 +32,8 @@ export class HttpResponseInterceptor implements HttpInterceptor {
   public constructor(
     private dataService: DataService,
     private router: Router,
-    private tokenStorageService: TokenStorageService,
     private snackBar: MatSnackBar,
+    private userService: UserService,
     private webAuthnService: WebAuthnService
   ) {
     this.info = this.dataService.fetchInfo();
@@ -115,7 +115,7 @@ export class HttpResponseInterceptor implements HttpInterceptor {
             if (this.webAuthnService.isEnabled()) {
               this.router.navigate(internalRoutes.webauthn.routerLink);
             } else {
-              this.tokenStorageService.signOut();
+              this.userService.signOut();
             }
           }
         }
diff --git a/apps/client/src/app/pages/register/register-page.component.ts b/apps/client/src/app/pages/register/register-page.component.ts
index 3678f0249..db199143f 100644
--- a/apps/client/src/app/pages/register/register-page.component.ts
+++ b/apps/client/src/app/pages/register/register-page.component.ts
@@ -1,4 +1,5 @@
 import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service';
+import { UserService } from '@ghostfolio/client/services/user/user.service';
 import { InfoItem, LineChartItem } from '@ghostfolio/common/interfaces';
 import { hasPermission, permissions } from '@ghostfolio/common/permissions';
 import { GfLogoComponent } from '@ghostfolio/ui/logo';
@@ -42,11 +43,12 @@ export class GfRegisterPageComponent implements OnInit {
     private deviceService: DeviceDetectorService,
     private dialog: MatDialog,
     private router: Router,
-    private tokenStorageService: TokenStorageService
+    private tokenStorageService: TokenStorageService,
+    private userService: UserService
   ) {
     this.info = this.dataService.fetchInfo();
 
-    this.tokenStorageService.signOut();
+    this.userService.signOut();
   }
 
   public ngOnInit() {
diff --git a/apps/client/src/app/services/token-storage.service.ts b/apps/client/src/app/services/token-storage.service.ts
index 5b9a29a08..f54aab828 100644
--- a/apps/client/src/app/services/token-storage.service.ts
+++ b/apps/client/src/app/services/token-storage.service.ts
@@ -1,19 +1,11 @@
-import { WebAuthnService } from '@ghostfolio/client/services/web-authn.service';
-
 import { Injectable } from '@angular/core';
 
 import { KEY_TOKEN } from './settings-storage.service';
-import { UserService } from './user/user.service';
 
 @Injectable({
   providedIn: 'root'
 })
 export class TokenStorageService {
-  public constructor(
-    private userService: UserService,
-    private webAuthnService: WebAuthnService
-  ) {}
-
   public getToken(): string {
     return (
       window.sessionStorage.getItem(KEY_TOKEN) ||
@@ -25,23 +17,7 @@ export class TokenStorageService {
     if (staySignedIn) {
       window.localStorage.setItem(KEY_TOKEN, token);
     }
-    window.sessionStorage.setItem(KEY_TOKEN, token);
-  }
-
-  public signOut() {
-    const utmSource = window.localStorage.getItem('utm_source');
 
-    if (this.webAuthnService.isEnabled()) {
-      this.webAuthnService.deregister().subscribe();
-    }
-
-    window.localStorage.clear();
-    window.sessionStorage.clear();
-
-    this.userService.remove();
-
-    if (utmSource) {
-      window.localStorage.setItem('utm_source', utmSource);
-    }
+    window.sessionStorage.setItem(KEY_TOKEN, token);
   }
 }
diff --git a/apps/client/src/app/services/user/user.service.ts b/apps/client/src/app/services/user/user.service.ts
index bd9d7d04c..44b63e056 100644
--- a/apps/client/src/app/services/user/user.service.ts
+++ b/apps/client/src/app/services/user/user.service.ts
@@ -1,3 +1,4 @@
+import { WebAuthnService } from '@ghostfolio/client/services/web-authn.service';
 import { Filter, User } from '@ghostfolio/common/interfaces';
 import { hasPermission, permissions } from '@ghostfolio/common/permissions';
 
@@ -26,7 +27,8 @@ export class UserService extends ObservableStore<UserStoreState> {
   public constructor(
     private deviceService: DeviceDetectorService,
     private dialog: MatDialog,
-    private http: HttpClient
+    private http: HttpClient,
+    private webAuthnService: WebAuthnService
   ) {
     super({ trackStateHistory: true });
 
@@ -93,10 +95,40 @@ export class UserService extends ObservableStore<UserStoreState> {
     return this.getFilters().length > 0;
   }
 
-  public remove() {
+  public reset() {
     this.setState({ user: null }, UserStoreActions.RemoveUser);
   }
 
+  public signOut() {
+    const utmSource = window.localStorage.getItem('utm_source');
+
+    if (this.webAuthnService.isEnabled()) {
+      this.webAuthnService.deregister().subscribe();
+    }
+
+    window.localStorage.clear();
+    window.sessionStorage.clear();
+
+    void this.clearAllCookies();
+
+    this.reset();
+
+    if (utmSource) {
+      window.localStorage.setItem('utm_source', utmSource);
+    }
+  }
+
+  private async clearAllCookies() {
+    if (!('cookieStore' in window)) {
+      console.warn('Cookie Store API not available in this browser');
+      return;
+    }
+
+    const cookies = await cookieStore.getAll();
+
+    await Promise.all(cookies.map(({ name }) => cookieStore.delete(name)));
+  }
+
   private fetchUser(): Observable<User> {
     return this.http.get<any>('/api/v1/user').pipe(
       map((user) => {