redux-auth
redux-auth copied to clipboard
lynndylanhurley
Lib always using cookies
Every time I click the link in my email sent by the desive_token_auth ruby gem, it fails throwing an error saying that a variable value in the browser-cookieslibrary in the line 28 is undefined.
It happens when I try to confirm an email or reset a password.
I already tested the api using the dummy app and it works fine, but it's working using the server-side rendering configuration, which is not what I need.
I'm trying to get this working and I already went line by line for 2 days in the dummy and demo app in this library and everything seems right.
I'm just asking help because I have no more where to go.
The code I'm working can be found here: https://github.com/betoharres/redux-auth-test
A big thanks for any help here ❤️
Doing some quick look I found that at >this line the variable val is undefined when the browser opens the redirect URI from the API link that was clicked from the mail client.
The expected value(that I think it is) for the val variable would be something like:
{"access-token":"dSwdgKgbenbjJ3rczRSr-w","token-type":"Bearer","client":"DLEc0lydSYxUmwwmDrKFzw","expiry":"1473789122","uid":"[email protected]"}
That would be in the key of authHeaders read from the cookies, but somehow it 's undefined(maybe because is not reading the params from the uri? ).
Actually >in this line user and headers does not exist in the object retrieved in the object called in getCurrentSettings().initialCredentials, it just has the headers values as can be seen here 
Is that a bug?
Also running into this issue. It doesn't seem that clientOnly mode works because of this.
Edit: With a bit of hacking, I seem to have got this working in clientOnly mode now.
It will now try to validate the token even if initialCreds is set, whereas before it wasn't.
https://github.com/lynndylanhurley/redux-auth/blob/master/src/utils/client-settings.js#L94-L114
let savedCreds = retrieveData(C.SAVED_CREDS_KEY);
let initialCreds = getCurrentSettings().initialCredentials;
if (initialCreds) {
// skip initial headers check (i.e. check was already done server-side)
persistData(C.SAVED_CREDS_KEY, initialCreds);
}
if (savedCreds || initialCreds) {
// verify session credentials with API
return fetch(`${getApiUrl(currentEndpointKey)}${currentEndpoint[currentEndpointKey].tokenValidationPath}`)
.then(response => {
if (response.status >= 200 && response.status < 300) {
return response.json().then(({ data }) => (data));
}
removeData(C.SAVED_CREDS_KEY);
return Promise.reject({reason: "No credentials."});
});
} else {
return Promise.reject({reason: "No credentials."})
}
I haven't tested this at all with SSR. I'm sure it will break things...
@hitchcott thanks a lot for helping out!
it breaks the code because it's not returning a Promise, since that is what it's being expected from the calling method at configure.js
Right now I'm trying to figure out how to solve this
My PR breaks 24 tests. Unfortunately I don't know how to write those tests(yet!), I'm new to ES6 and it's tools, so I'm giving my contribution here hoping it gives some light on this problem.
Thanks for the contribution @betoharres and thanks for the work on the library @lynndylanhurley. I have also been experiencing this issue in an attempt to rip out home rolled auth in favor of a community driven package.
calling configure with the following:
return store.dispatch(configure(
{ apiUrl: 'http://localhost:3333' },
{ serverSideRendering: false, cleanSession: true, clientOnly: true }
))
.then(() => ({ store: store, history: browserHistory }))
has left me with the name.replace is not a function error. Its strange, the issue is intermittent... Just hoping to draw some attention here to the issue, we are also running in "clientOnly" mode.
Hi @bbrock25 ! From what I remember this error is due browser-cookies library trying to use a variable that is undefined because of redux-auth code. Have you tried to apply the changes that are in the PR #86 ?
No, not yet, we just did an initial pass through as a research spike. if we get the go ahead to fork and work this I'll definitely use that as a guide to get started.
I've tried using #86 but am still seeing the errors, for whatever reason. We have had to disable email login in production, and are simply relying on Omniauth at the moment. Hopefully there is a fix in the near future.
Hello! I have same problem: clientOnly mode, but after reload app forget about user xD I cant see where redux-auth save headers (cookies or localstorage). May be I need use tokenValidation custom request?
Thanks for help!
Cookies are saved from ./src/utils/fetch.js, which you must use in order to do all your ajax requests to the server (the storage logic is in src/utils/session-storage.js). Also make sure that you configure CORS properly to allow for the specific headers such as: ["token-type", "uid", "client", "access-token", "expiry"]
Hi, I'm also running into this issue the following way:
- Fill in email address on the
<RequestPasswordResetForm /> - Submit the form
- Check that the password reset email is correctly received by MailCatcher
- Click on the link provided
redux-auth starts configuration and seems to be setting a few cookies:
- name
defaultConfigKey, value"default"(succeeds) - name
currentConfigName, value"default"(succeeds) - name
authHeadersvalueundefined(fails)
I am not logged in yet.
Any ideas? Thanks in advance!
Make sure that you configure CORS properly on the server side to allow for the specific headers such as: ["token-type", "uid", "client", "access-token", "expiry"]
Faced the things described across several issues in this repo, so to sum up how to use this without server–side rendering, I can advise the following settings to provide in the configure method:
{
serverSideRendering: false,
storage: 'localStorage',
cleanSession: false,
clientOnly: true
}
Also thanks a lot @betoharres for your fork — but would be great to provide a build changes too (not only source) in your PR https://github.com/lynndylanhurley/redux-auth/pull/86
