search

lynndylanhurley / redux-auth

Complete token authentication system for react + redux that supports isomorphic rendering.
Do What The F*ck You Want To Public License
2.13k stars 259 forks source link

Lib always using cookies #77

Open betoharres opened 8 years ago

betoharres commented 8 years ago

Every time I click the link in my email sent by the desive_token_auth ruby gem, it fails throwing an error saying that a variable value in the browser-cookieslibrary in the line 28 is undefined. It happens when I try to confirm an email or reset a password.

I already tested the api using the dummy app and it works fine, but it's working using the server-side rendering configuration, which is not what I need.

I'm trying to get this working and I already went line by line for 2 days in the dummy and demo app in this library and everything seems right.

I'm just asking help because I have no more where to go.

The code I'm working can be found here: https://github.com/betoharres/redux-auth-test

A big thanks for any help here ❤️

Error Gif

lynndylanhurley commented 8 years ago

Thx for posting an example. I'll take a look ASAP.

betoharres commented 8 years ago

Thanks a lot ❤️

betoharres commented 8 years ago

Doing some quick look I found that at >this line the variable val is undefined when the browser opens the redirect URI from the API link that was clicked from the mail client.

The expected value(that I think it is) for the val variable would be something like:

{"access-token":"dSwdgKgbenbjJ3rczRSr-w","token-type":"Bearer","client":"DLEc0lydSYxUmwwmDrKFzw","expiry":"1473789122","uid":"test@test.com"}

That would be in the key of authHeaders read from the cookies, but somehow it 's undefined(maybe because is not reading the params from the uri? ).

betoharres commented 8 years ago

Actually >in this line user and headers does not exist in the object retrieved in the object called in getCurrentSettings().initialCredentials, it just has the headers values as can be seen here getCurrentSettings().initialCredentials output

Is that a bug?

IstoraMandiri commented 8 years ago

Also running into this issue. It doesn't seem that clientOnly mode works because of this.

Edit: With a bit of hacking, I seem to have got this working in clientOnly mode now.

It will now try to validate the token even if initialCreds is set, whereas before it wasn't.

https://github.com/lynndylanhurley/redux-auth/blob/master/src/utils/client-settings.js#L94-L114

  let savedCreds = retrieveData(C.SAVED_CREDS_KEY);
  let initialCreds = getCurrentSettings().initialCredentials;
  if (initialCreds) {
    // skip initial headers check (i.e. check was already done server-side)
    persistData(C.SAVED_CREDS_KEY, initialCreds);
  }
  if (savedCreds || initialCreds) {
    // verify session credentials with API
    return fetch(`${getApiUrl(currentEndpointKey)}${currentEndpoint[currentEndpointKey].tokenValidationPath}`)
    .then(response => {
          if (response.status >= 200 && response.status < 300) {
            return response.json().then(({ data }) => (data));
          }
          removeData(C.SAVED_CREDS_KEY);
          return Promise.reject({reason: "No credentials."});
    });
  } else {
    return Promise.reject({reason: "No credentials."})
  }

I haven't tested this at all with SSR. I'm sure it will break things...

taschetto commented 8 years ago

I believe I have the same issue... :+1: for this!

betoharres commented 8 years ago

@hitchcott thanks a lot for helping out!

it breaks the code because it's not returning a Promise, since that is what it's being expected from the calling method at configure.js Right now I'm trying to figure out how to solve this

jclif commented 8 years ago

Would it be possible to open a pull request to fix client-side only usage?

betoharres commented 8 years ago

My PR breaks 24 tests. Unfortunately I don't know how to write those tests(yet!), I'm new to ES6 and it's tools, so I'm giving my contribution here hoping it gives some light on this problem.

bbrock25 commented 7 years ago

Thanks for the contribution @betoharres and thanks for the work on the library @lynndylanhurley. I have also been experiencing this issue in an attempt to rip out home rolled auth in favor of a community driven package.

calling configure with the following: 

  return store.dispatch(configure(
    { apiUrl: 'http://localhost:3333' },
    { serverSideRendering: false, cleanSession: true, clientOnly: true }
  ))
  .then(() => ({ store: store, history: browserHistory }))

has left me with the name.replace is not a function error. Its strange, the issue is intermittent... Just hoping to draw some attention here to the issue, we are also running in "clientOnly" mode.

betoharres commented 7 years ago

Hi @bbrock25 ! From what I remember this error is due browser-cookies library trying to use a variable that is undefined because of redux-auth code. Have you tried to apply the changes that are in the PR #86 ?

bbrock25 commented 7 years ago

No, not yet, we just did an initial pass through as a research spike. if we get the go ahead to fork and work this I'll definitely use that as a guide to get started.

jclif commented 7 years ago

I've tried using #86 but am still seeing the errors, for whatever reason. We have had to disable email login in production, and are simply relying on Omniauth at the moment. Hopefully there is a fix in the near future.

eseQ commented 7 years ago

Hello! I have same problem: clientOnly mode, but after reload app forget about user xD I cant see where redux-auth save headers (cookies or localstorage). May be I need use tokenValidation custom request?

Thanks for help!

elipoz commented 7 years ago

Cookies are saved from ./src/utils/fetch.js, which you must use in order to do all your ajax requests to the server (the storage logic is in src/utils/session-storage.js). Also make sure that you configure CORS properly to allow for the specific headers such as: ["token-type", "uid", "client", "access-token", "expiry"]

nerfologist commented 7 years ago

Hi, I'm also running into this issue the following way:

redux-auth starts configuration and seems to be setting a few cookies:

I am not logged in yet.

Any ideas? Thanks in advance!

elipoz commented 7 years ago

Make sure that you configure CORS properly on the server side to allow for the specific headers such as: ["token-type", "uid", "client", "access-token", "expiry"]

sibsfinx commented 7 years ago

Faced the things described across several issues in this repo, so to sum up how to use this without server–side rendering, I can advise the following settings to provide in the configure method:

  {
    serverSideRendering: false,
    storage: 'localStorage',
    cleanSession: false,
    clientOnly: true
  }

Also thanks a lot @betoharres for your fork — but would be great to provide a build changes too (not only source) in your PR https://github.com/lynndylanhurley/redux-auth/pull/86

betoharres commented 7 years ago

@sibsfinx Thanks! You mean running npm run release and committing it?

sibsfinx commented 7 years ago

@betoharres yes, exactly