Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

this.session.requireAuthentication is returning false on a page refresh, even though user is already authenticated #2710

Open
nurmuhammadsiratseequent opened this issue Jan 3, 2024 · 11 comments

Comments

@nurmuhammadsiratseequent

In ESA 4.2.2, I can call this.session.requireAuthentication(transition, 'login') on a protected route in the beforeModel and this will return true if a user has already authenticated. I can verify this by looking at localStorage and seeing that the user's token is persisted there. If I were to manually refresh the page on this protected route or go to the same route in another tab, I will remain authenticated.

We're upgrading from 4.2.2 to 5.0.0 (and eventually 6.0.0). Now, in ESA 5.0.0, this call is returning false on a refresh after the user has previously authenticated. It will transition the user to the login route. However I can see that the auth data is still persisted in the localStorage key ember_simple_auth-session.

I have verified that this behaviour is also happening in 6.0.0.

@BobrImperator
Copy link
Collaborator

Hi 👋

What ember-data version do you use in your app?

We've had reports regarding similar issue that was related to ember-data 4.12.0 problems which were later fixed in 4.12.1. That being said ESA doesn't rely on ember-data itself and the issue is likely caused somewhere where user data is being fetched.

Please visit this thread #2533 as your issue seems very similar to that one.

Feel free to reach out if that doesn't help 👍

@nurmuhammadsiratseequent
Copy link
Author

We are using ember-data version 4.11.3.

Thanks for your suggestions @BobrImperator. I'll see if updating ember-data will help.

@gzurbach
Copy link

gzurbach commented Jan 11, 2024

We are experiencing this issue as well.

Currently running:

@gzurbach
Copy link

gzurbach commented Jan 11, 2024

@nurmuhammadsiratseequent are you using the cookie store? and are you also using ember-simple-auth-token by any chance?

I wonder if this has anything to do with the release of [email protected] a few days ago: https://github.com/mainmatter/ember-cookies/releases

Edit: I tried to switch to LocalStorage and the same thing happens. I have no idea what's going on 🤷‍♂️

@nurmuhammadsiratseequent
Copy link
Author

Hi @gzurbach. No, I'm using localStorage with a custom authenticator. I'm also not using ember-cookies in my app.

@khaled-s
Copy link

khaled-s commented Jan 12, 2024

I'm having the same problem, cookies based store
this problem causing fastboot server to crash
and getting this error

Error: Assertion Failed: calling set on destroyed object: <front@session:main::ember335>.isAuthenticated = true

and getting this error

  • ember-data: 4.11.3
  • ember-simple-auth: 6.0.0
  • ember-simple-auth-token: 5.3.2

@khaled-s
Copy link

This problem is happening when using JWT authenticator with ember-fastboot
disabling ember-fasboot seems to solve the problem
also switching to local-storage store instead of cookie store solve the problem, but this will not work with ember-fastboot
I think restore function is not working probably in the server side

@nurmuhammadsiratseequent
Copy link
Author

@BobrImperator Upgrading to [email protected] does not work. I've tried with 4.12.5 as well.

@BobrImperator
Copy link
Collaborator

Could you please find out if you can reproduce this in a fresh project?

@ValenberghsSven
Copy link

ValenberghsSven commented Nov 22, 2024

Unsure if this belongs here, but I am currently also experiencing issues with this.session.requireAuthentication

Our CI is running tests with the cypress test framework.
When upgrading a custom login package to ember-simple-auth v6 some of our tests are currently failing.
We use localStorage to set the session in the browser.

What seems to happen is that the localStorage key "authenticated" is suddenly empty when it shouldn't be.
After searching for awhile I have managed to reproduce the issue in our project 100%

It seems that multiple visits in rapid succession to a route with this.session.requireAuthentication in the beforeModel seems to be the issue.

What I found out by stresstesting:
First we do a POST call to our login > we get session data and put the "authenticated" key in localStorage
We visit (cy.visit) 1 page with this.session.requireAuthentication > fine usually, can fail
We visit (cy.visit) 4 pages with this.session.requireAuthentication > fails 100% of the time, localStorage has empty "authenticated"
We visit (cy.visit) 4 pages with this.session.requireAuthentication but with a 100ms delay between each> succeeds 100% of the time (tested like 20 times)

I am not sure how to setup a fresh project for all of this.

- ember-data: 4.11.3
- ember-simple-auth: 6.0.0

@ValenberghsSven
Copy link

Just to update, the developers of our custom login package also updated me.
The version I was using had removed the ember-fetch dependency

When I used an older version of our custom login package with the ember-fetch dependency it seems to work normally.
Seems to be related to #2272

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants