Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for hasVerificationBeenAttempted #35

Merged
merged 3 commits into from
Jul 27, 2018
Merged

Check for hasVerificationBeenAttempted #35

merged 3 commits into from
Jul 27, 2018

Conversation

joshudev
Copy link
Contributor

Check for hasVerificationBeenAttempted before redirecting in require sign in wrapper

Fixes #30

@djvs
Copy link

djvs commented Apr 19, 2018
edited
Loading

@joshudev I'm getting this error:

Uncaught TypeError: Cannot read property 'flushGetRequests' of undefined
    at generateAuthActions (actions.js:102)
    at Object.defineProperty.value (redux-token-auth-config.js:22)
    at __webpack_require__ (bootstrap ce7b60a4d02223d3308f:19)
    at Object.<anonymous> (examinees.js:15)
    at __webpack_require__ (bootstrap ce7b60a4d02223d3308f:19)
    at Object.<anonymous> (application.js:1) [.......]

Coming from here in actions.js:

var generateAuthActions = function (config) {
    var authUrl = config.authUrl, storage = config.storage, userAttributes = config.userAttributes, userRegistrationAttributes = config.userRegistrationAttributes;
    var Storage = Boolean(storage.flushGetRequests) ? storage : AsyncLocalStorage_1.default;

"storage" isn't specified in my config as per the README.md on this repo. I see flushGetRequests refers to ... React Native async local storage? Any tips?

@djvs
Copy link

djvs commented Apr 19, 2018

Sorry, subbed it out with storage: window.localStorage. Might be an upstream problem.

@joshudev
Copy link
Contributor Author

@djvs - I had the same problem with master, and added the following to my config:

storage: {
  flushGetRequests: false
}

e.g:

const config = { 
  authUrl,
  userAttributes: {
    firstName: 'first_name',
    imageUrl: 'image',
  },  
  userRegistrationAttributes: {
    firstName: 'first_name',
  },  
  storage: {
    flushGetRequests: false
  }
}

@joshudev joshudev mentioned this pull request Apr 24, 2018
Open
@joshudev
Copy link
Contributor Author

@kylecorbelli - can you see any problem with the approach in this pull request?

kylecorbelli
kylecorbelli reviewed Apr 24, 2018
View reviewed changes
src/generate-require-signin-wrapper.tsx Outdated
readonly isSignedIn: boolean
readonly history: {
readonly replace: (path: string) => void
}
}

class GatedPage extends React.Component<WrapperProps> {
public componentWillMount (): void {
public componentWillReceiveProps(nextProps: any): void {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we type nextProps with WrapperProps? 😃

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes, forgot to do that. Just pushed adc99c6

@kylecorbelli
Copy link
Owner

@joshudev can we also get a semver patch version bump?

@josephecombs
Copy link

josephecombs commented Jul 27, 2018
edited
Loading

is this getting merged any time soon? I'm encountering this exact problem - redirected prior to completing a successful token check.

@kylecorbelli kylecorbelli merged commit 9d83b38 into kylecorbelli:master Jul 27, 2018
@josephecombs
Copy link

when I get this working I'll add a change to the readme that includes the flushGetRequests thing

@kylecorbelli
Copy link
Owner

@josephecombs thanks a bunch!

@josephecombs
Copy link

@kylecorbelli #42

@rg-najera
Copy link

Although this was merged, I can see this has has potentially opened a bug surface area I can't quite pin-point. For me using master, and adding the storage property to my config, just leads to the persist gate not redirecting to the path I set up with generateRequireSignInWrapper. Was there a breaking change Im just not seeing?

Current State when loading the screen that is protected and should redirect.

reduxTokenAuth: {
    currentUser: {
      isSignedIn: false,
      isLoading: false,
      hasVerificationBeenAttempted: true,
      attributes: {}
    }
  },

I can verify Im getting the empty container on 9d83b38#diff-0f483cb752108ae79a3aed8f3e94098eR43

After authentication, I can see the screen fine.

@rg-najera rg-najera mentioned this pull request Aug 6, 2018
Open
@josephecombs
Copy link

josephecombs commented Aug 7, 2018 via email

@rg-najera
Copy link

rg-najera commented Aug 8, 2018
edited
Loading

@josephecombs I don’t think this due to the access token not being able to be accessed. Keep in mind that a user hasn’t been authenticated yet.

Maybe I’m just not getting it. What is the premise of the change in regards to verifyToken? If the state of “hasVerificationBeenAttempted” and that is true, and the user state “isSignedIn” is false then we should be redirected to the auth screen. Which it’s not what I’m getting. Maybe it has to do with where I’m adding the gate and token verification methods.

In regards to auth token. My project needs auth to be hardened due to PCI compliance. There’s no way we can allow user token to not be changed in each request without opening up major security loopholes.

My PR, #46 takes care of verifying when an empty auth token is sent back from the server - only happens with batch requests or when the user gets click happy (i was able to reproduce very easily). I’m using my fork with and without this merge effectively. Only adds a new auth token to storage when one is returned. It is a seperate issue but thought it needed to be noted in my PR.

@rg-najera
Copy link

Thanks by the way. Don’t mean to be dry about it. Hoping to contribute more as i start understanding more about how these challenges are dealt with.

@TheStu
Copy link

TheStu commented Jan 9, 2019
edited
Loading

I've only been playing with react for a few weeks so maybe there's something wrong with this approach, but w/r/t the issue of not being redirected, I found that I needed to replace componentWillReceiveProps in generateRequireSignInWrapper with:

public componentDidMount(): void {
  const {
    history,
    hasVerificationBeenAttempted,
    isSignedIn,
  } = this.props

  if (hasVerificationBeenAttempted && !isSignedIn) {
    history.replace(redirectPathIfNotSignedIn)
  }
}

after that everything seems to be working as expected.

ArtefactGitHub added a commit to ArtefactGitHub/Re_P_WebMonster that referenced this pull request Apr 1, 2019
@ArtefactGitHub
トークン認証に関する修正パッチを取り込むため、GitHubの最新を取り込むよう修正
54063ff 
kylecorbelli/redux-token-auth#33
kylecorbelli/redux-token-auth#35
ArtefactGitHub added a commit to ArtefactGitHub/Re_P_WebMonster that referenced this pull request Apr 1, 2019
@ArtefactGitHub
トークン認証修正対応
1f22e3e 
kylecorbelli/redux-token-auth#35
@keymastervn keymastervn mentioned this pull request Sep 11, 2019
Open
@csalvato
Copy link

This was merged 2 years ago but I don't think it ever made it to a release. NPM is reporting that 0.19.0 is the latest version, so these changes aren't pulled in when doing npm install or yarn install. AM I incorrect here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylecorbelli kylecorbelli kylecorbelli left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Logging out on refresh
7 participants
@joshudev @djvs @kylecorbelli @josephecombs @rg-najera @TheStu @csalvato