search

mainmatter / ember-simple-auth

A library for implementing authentication/authorization in Ember.js applications.
https://ember-simple-auth.com
MIT License
1.92k stars 604 forks source link

this.session.requireAuthentication is returning false on a page refresh, even though user is already authenticated #2710

Open nurmuhammadsiratseequent opened 11 months ago

nurmuhammadsiratseequent commented 11 months ago

In ESA 4.2.2, I can call this.session.requireAuthentication(transition, 'login') on a protected route in the beforeModel and this will return true if a user has already authenticated. I can verify this by looking at localStorage and seeing that the user's token is persisted there. If I were to manually refresh the page on this protected route or go to the same route in another tab, I will remain authenticated.

We're upgrading from 4.2.2 to 5.0.0 (and eventually 6.0.0). Now, in ESA 5.0.0, this call is returning false on a refresh after the user has previously authenticated. It will transition the user to the login route. However I can see that the auth data is still persisted in the localStorage key ember_simple_auth-session.

I have verified that this behaviour is also happening in 6.0.0.

BobrImperator commented 10 months ago

Hi :wave:

What ember-data version do you use in your app?

We've had reports regarding similar issue that was related to ember-data 4.12.0 problems which were later fixed in 4.12.1. That being said ESA doesn't rely on ember-data itself and the issue is likely caused somewhere where user data is being fetched.

Please visit this thread https://github.com/mainmatter/ember-simple-auth/issues/2533 as your issue seems very similar to that one.

Feel free to reach out if that doesn't help :+1:

nurmuhammadsiratseequent commented 10 months ago

We are using ember-data version 4.11.3.

Thanks for your suggestions @BobrImperator. I'll see if updating ember-data will help.

gzurbach commented 10 months ago

We are experiencing this issue as well.

Currently running:

gzurbach commented 10 months ago

@nurmuhammadsiratseequent are you using the cookie store? and are you also using ember-simple-auth-token by any chance?

I wonder if this has anything to do with the release of ember-cookies@1.1.2 a few days ago: https://github.com/mainmatter/ember-cookies/releases

Edit: I tried to switch to LocalStorage and the same thing happens. I have no idea what's going on 🤷‍♂️

nurmuhammadsiratseequent commented 10 months ago

Hi @gzurbach. No, I'm using localStorage with a custom authenticator. I'm also not using ember-cookies in my app.

khaled-s commented 10 months ago

I'm having the same problem, cookies based store this problem causing fastboot server to crash and getting this error

Error: Assertion Failed: calling set on destroyed object: <front@session:main::ember335>.isAuthenticated = true

and getting this error

khaled-s commented 10 months ago

This problem is happening when using JWT authenticator with ember-fastboot disabling ember-fasboot seems to solve the problem also switching to local-storage store instead of cookie store solve the problem, but this will not work with ember-fastboot I think restore function is not working probably in the server side

nurmuhammadsiratseequent commented 10 months ago

@BobrImperator Upgrading to ember-data@4.12.1 does not work. I've tried with 4.12.5 as well.

BobrImperator commented 10 months ago

Could you please find out if you can reproduce this in a fresh project?

ValenberghsSven commented 1 week ago

Unsure if this belongs here, but I am currently also experiencing issues with this.session.requireAuthentication

Our CI is running tests with the cypress test framework. When upgrading a custom login package to ember-simple-auth v6 some of our tests are currently failing. We use localStorage to set the session in the browser.

What seems to happen is that the localStorage key "authenticated" is suddenly empty when it shouldn't be. After searching for awhile I have managed to reproduce the issue in our project 100%

It seems that multiple visits in rapid succession to a route with this.session.requireAuthentication in the beforeModel seems to be the issue.

What I found out by stresstesting: First we do a POST call to our login > we get session data and put the "authenticated" key in localStorage We visit (cy.visit) 1 page with this.session.requireAuthentication > fine usually, can fail We visit (cy.visit) 4 pages with this.session.requireAuthentication > fails 100% of the time, localStorage has empty "authenticated" We visit (cy.visit) 4 pages with this.session.requireAuthentication but with a 100ms delay between each> succeeds 100% of the time (tested like 20 times)

I am not sure how to setup a fresh project for all of this.

- ember-data: 4.11.3
- ember-simple-auth: 6.0.0
ValenberghsSven commented 4 days ago

Just to update, the developers of our custom login package also updated me. The version I was using had removed the ember-fetch dependency

When I used an older version of our custom login package with the ember-fetch dependency it seems to work normally. Seems to be related to https://github.com/mainmatter/ember-simple-auth/issues/2272