search

adonisjs / auth

Official Authentication package for AdonisJS
https://docs.adonisjs.com/guides/auth/introduction
MIT License
193 stars 65 forks source link

isLoggedIn, isGuest, isAuthenticated returning E_INVALID_AUTH_SESSION: Invalid session instead of false when logged out? #197

Closed 408796571 closed 2 years ago

408796571 commented 2 years ago

Package version

"@adonisjs/auth": "^8.0.12",

Node.js and npm version

node: 14.18.1 npm: 6.14.15

description

isLoggedIn, isGuest, isAuthenticated not returning false when user is logged out, but only return boolean when logged in, is this expected?

Sample Code (to reproduce the issue)

public async isGuest({ auth }: HttpContextContract) { await auth.use('web').authenticate() return auth.use('web').isGuest }

public async isLoggedIn({ auth }: HttpContextContract) { await auth.use('web').authenticate() return auth.use('web').isLoggedIn }

public async isAuthenticated({ auth }: HttpContextContract) { await auth.use('web').authenticate() return auth.use('web').isAuthenticated }

thetutlage commented 2 years ago

Please share a repo to help reproduce the issue. isLoggedIn property can never raise the exception your shared.

408796571 commented 2 years ago

Please share a repo to help reproduce the issue. isLoggedIn property can never raise the exception your shared.

Hey @thetutlage, thanks for the fast reply. It's a private repo I'm working on. isLoggedIn, isGuest and isAuthenticated all returning invalid session exception after I log out the user.

I'm testing from postman and also make sure my api endpoint is also using 127.0.0.1 instead of localhost to match postman network. I also set credentials: true under config/cors.ts.

I also have config/auth.ts configured pretty standard with web as guard and session driver, etc..

My understanding is that auth.use('web').authenticate() is raising exception with invalid session, when i comment out auth.use('web').authenticate(), return auth.use('web').isGuest always returns true regardless if the user/session is logged in or logged out.

really weird to run into this behavior. could you provide some guidance on where to look for next? really appreciate your time and help.

thetutlage commented 2 years ago

You just need to use the right methods. You should be using auth.use('web').check() if you do not want exception to be raised.

https://docs.adonisjs.com/guides/auth/web-guard#check

408796571 commented 2 years ago

auth.use('web').check()

you are the man!!! how come I missed the exact documentation wording on "However, it does not raise any exception when the request is not authenticated"

thank you again.