ember-simple-auth icon indicating copy to clipboard operation
ember-simple-auth copied to clipboard

Published 20 hours ago verified publisher icon mainmatter

Upgrading to 3.1 best practices.

Open arenoir opened this issue 4 years ago • 4 comments
trafficstars

I am upgrading from 3.0 to 3.1 and it appears that the preferred method to authenticate routes is to nest the routes under an authenticated parent route.

So in order to do this migration I would have to move all my routes, controllers, templates and rename all transition to functions.

I wouldn't have a problem with this but in this case all routes are authenticated except for one login page.

It seems like there should be a way to use the applications route beforeModel hook to do the authentication and skip it only on the login route.

I was hoping the following would work but it is buggy. It works on page load but if you transition to a route after after the application has loaded it is not requiring authentication.

// routes/application.js
export default class ApplicationRoute extends Route {
  @service session;

  beforeModel(transition) {    
    if (transition.targetName !== 'login') {
      this.session.requireAuthentication(transition, 'login');
    }
  } 
}

// routes/login.js
export default class LoginRoute extends Route {
  @service session;

  beforeModel(transition) {    
    this.session.prohibitAuthentication('index');
  } 
}

Is there any other way to pull this off without reworking my whole application?

Thanks for taking the time to look at this.

~ aaron

arenoir avatar Feb 19 '21 19:02 arenoir

A good practice is to wrapper authenticated routes:

Router.map(function() {
  this.route('login');

  this.route('authenticated', { path: '/' }, function() {
    // your authenticated routes.
  });
});

If you can not do that, your approach should work.

I was hoping the following would work but it is buggy. It works on page load but if you transition to a route after after the application has loaded it is not requiring authentication.

That is the expected behavior. The requireAuthentication is not called every transition, it is just called on page load. If for some reason your session expires in your backend, it should return a 401 error code and you can handle that in your adapter.

alejandrodevs avatar Feb 20 '21 05:02 alejandrodevs

@alejandrodevs the backed does return a 401 and the ember-simple-auth used to handle the error using the application route mixin.

Should this error be handled in the application route or the data adapter?

arenoir avatar Feb 22 '21 18:02 arenoir

Ember simple auth handles 401 in the DataAdapterMixin which is not longer recommended because Mixins deprecation. Now you can remove completely the mixin and add this to your application adapter:

  handleResponse(status, ...manyMoreArgs) {
    if (status === 401) this.session.invalidate();
    return super.handleResponse(...arguments);
  }

alejandrodevs avatar Feb 22 '21 18:02 alejandrodevs

@alejandrodevs thank you. This should be added to the readme.

arenoir avatar Feb 22 '21 18:02 arenoir