feat: Improve security of access tokens (#279)

Closes #275

client/src/sagas/core/request.js

@@ -1,6 +1,7 @@
 import { call, fork, join, put, take } from 'redux-saga/effects';
 
 import actions from '../../actions';
+import { getAccessToken } from '../../utils/access-token-storage';
 import ErrorCodes from '../../constants/ErrorCodes';
 
 let lastRequestTask;
@@ -12,8 +13,12 @@ function* queueRequest(method, ...args) {
     } catch {} // eslint-disable-line no-empty
   }
 
+  const accessToken = yield call(getAccessToken);
+
   try {
-    return yield call(method, ...args);
+    return yield call(method, ...args, {
+      Authorization: `Bearer ${accessToken}`,
+    });
   } catch (error) {
     if (error.code === ErrorCodes.UNAUTHORIZED) {
       yield put(actions.logout()); // TODO: next url

client/src/sagas/core/services/users.js

@@ -5,6 +5,7 @@ import request from '../request';
 import selectors from '../../../selectors';
 import actions from '../../../actions';
 import api from '../../../api';
+import { setAccessToken } from '../../../utils/access-token-storage';
 
 export function* createUser(data) {
   yield put(actions.createUser(data));
@@ -109,13 +110,19 @@ export function* updateUserPassword(id, data) {
   yield put(actions.updateUserPassword(id, data));
 
   let user;
+  let accessToken;
+
   try {
-    ({ item: user } = yield call(request, api.updateUserPassword, id, data));
+    ({ item: user, accessToken } = yield call(request, api.updateUserPassword, id, data));
   } catch (error) {
     yield put(actions.updateUserPassword.failure(id, error));
     return;
   }
 
+  if (accessToken) {
+    yield call(setAccessToken, accessToken);
+  }
+
   yield put(actions.updateUserPassword.success(user));
 }