Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Token in Persistent Storage is removed on hard refresh. #45

Open
rg-najera opened this issue Aug 6, 2018 · 3 comments
Open

Access Token in Persistent Storage is removed on hard refresh. #45

rg-najera opened this issue Aug 6, 2018 · 3 comments

Comments

@rg-najera
Copy link

rg-najera commented Aug 6, 2018
edited
Loading

A primer: I am able to intercept Axios requests and responses to make sure access-tokens and and any other header request keys I need replaced in storage and global config.headers - are swapped out on each request. One issue we were facing was to make sure that the headers were not being replaced when they came back empty from devise_token_auth, since at times they will be empty if the token has not yet expired (i.e. after first use). Resolved that through a custom axios interceptor. Navigating through the app and calling authenticated endpoints come back 200 with the correct response, was not happening out of the box for me - solved it in a similar way as below noted.

Feew...Getting tokens from device_token_auth, etc... That is all gravy. The main meat of the issue is how the verifyCredentials function is being called. When doing a hard refresh verifyCredentials gets called which in turn dispatches the verifyToken action. verifyToken doesn't seem to be aware of the empty headers and that it shouldn't call persistAuthHeadersInDeviceStorage(Storage, response.headers) if the headers are not present, which when it does - it completely squashes the persistent storage keys that will later be used by the next request.

Ive verified that setAuthHeaders and peristAuthHeadersInDeviceStorage need some sprucing up -- and keep in mind this is just an example (not familiar with TS as much as es6) where we could check if
the header[key] is there - const value = headers[key] || fromStorage; before setting it - where fromStorage is the value returned by storage.getItem(key) like below.

export const setAuthHeaders = (Storage: DeviceStorage, headers: AuthHeaders): void => {
  authHeaderKeys.forEach((key: string) => {
    Storage.getItem(key).then((fromStorage: string) => {
      const value = headers[key] || fromStorage;
      axios.defaults.headers.common[key] = value;
    });
  });
};

export const persistAuthHeadersInDeviceStorage = (Storage: DeviceStorage, headers: AuthHeaders): void => {
  authHeaderKeys.forEach((key: string) => {
    Storage.getItem(key).then((fromStorage: string) => {
      const value = headers[key] || fromStorage;
      Storage.setItem(key, value); // <--- Not really needed
    });
  });
};

Another option would be to simply not call persistAuthHeadersInDeviceStorage unless the access-token header is actually there. If not it will be replaced with undefined.

The verify token action

redux-token-auth/src/actions.ts

Line 169 in 8c5a8fe

const verifyToken = (

@rg-najera rg-najera mentioned this issue Aug 6, 2018
Open
@rg-najera
Copy link
Author

I have a PR available against master at #46

In case anyone is having the same issue with persist gate not redirecting to the path set up with generateRequireSignInWrapper (mentioned here #35 (comment)) - I have setup a new branch on my fork, that reverts the previous commits and starts off with the currently released NPM version found here - 4 commit behind master - and one ahead - https://github.com/el-rotny/redux-token-auth/tree/old_persistent_header_storage

@ziaulrehman40
Copy link

This bites lot of people, there are issues in devise-token-auth where people are banging their heads, this shoudl had been merged.
Now the PR is stale :/

@ziaulrehman40
Copy link

I wrote this script:

echo '----------------------'
echo 'Patching redix token auth due to https://github.com/kylecorbelli/redux-token-auth/issues/45'
echo 'It adds if checks of empty access-token'
echo '----------------------'
echo 'UPDATE THIS SCRIPT!!!!! if redux-token-auth is not on version: 0.19.0'
echo '----------------------'

REPLACE="                        if (response.headers['access-token'] && response.headers['access-token'] !== '') auth_1.setAuthHeaders(response.headers);";
ESCAPED_REPLACE=$(printf '%s\n' "$REPLACE" | sed -e 's/[\/&]/\\&/g');
sed -i '' "165s/.*/$ESCAPED_REPLACE/" node_modules/redux-token-auth/dist/actions.js

REPLACE2='                        if (response.headers["access-token"] && response.headers["access-token"] !== "") auth_1.persistAuthHeadersInLocalStorage(response.headers);';
ESCAPED_REPLACE2=$(printf '%s\n' "$REPLACE2" | sed -e 's/[\/&]/\\&/g');
sed -i '' "167s/.*/$ESCAPED_REPLACE2/" node_modules/redux-token-auth/dist/actions.js

And saved it under scripts/reduxTokenAuthHeaderFix.sh folder

And added postinstall in package.json like: "postinstall": "scripts/reduxTokenAuthHeaderFix.sh"

Works like a charm for now, did not want to rely on outdated or external forks which can be deleted anytime.
Until we get the fix upstream, this should work. 👍🏼

@ziaulrehman40 ziaulrehman40 mentioned this issue Jun 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rg-najera @ziaulrehman40