Auth-module: Wrong loggedIn state when user option set in auth: {聽}

Created on 2 Jul 2018  路  11Comments  路  Source: nuxt-community/auth-module

Version

v4.5.1

Reproduction link

https://github.com/nuxt-community/auth-module

Steps to reproduce

When i have a config like this:

auth: {
    strategies: {
      local: {
        endpoints: {
          login: {
            url: "/auth/token.json",
            method: "post",
            propertyName: "token"
          },
          user: {
             url: "/auth/users/d2498e54-7bbe-11e8-be0f-c471feb11e42.json",
             propertyName: "user"
           }
        },
        tokenType: "Token"
      }
    },

    resetOnError: true,

    redirect: {
      home: "/haus",
      logout: "/login"
    },

    localStorage: false
  }

The loggedIn state in the store is always false, no matter what (even though I get back a valid token). However, when I set user to false, the loggedIn state is always true until i call logout(). The funny thing is that after i call logout() and then refresh the page, the loggedIn state is set to true again, without a valid token being stored in the cookie or localStorage (it's just set to false)

What is expected ?

It shouldn't matter if user is set or unset and after calling logout the loggedIn state should be set to false even when refreshing the page.

What is actually happening?

Depending on if user option is set or unset, the loggedIn state behaves differently. If user is set, the loggedIn state is always false. If it's not set it's always true and after calling logout, the loggedIn state is correctly set to false, but after a page refresh it's back to true again.

Additional comments?

I have middleware: ["auth鈥漖 turned on globally

This bug report is available on Nuxt community (#c169)
bug
Source
picture agcty
👍4

Most helpful comment

Hey guys,

I propose this PR #240 that should solve the problem (and possibly https://github.com/nuxt-community/auth-module/issues/210#issuecomment-412066055).
Thanks to @nathanchase debug !

picture alexbonhomme on 10 Sep 2018
👍4

All 11 comments

+1

andrewLab picture andrewLab on 16 Jul 2018

+1

terryds picture terryds on 23 Jul 2018

It seems that what makes it wrong is this line https://github.com/nuxt-community/auth-module/blob/dev/lib/core/auth.js#L233

Since the boolean of empty object is still true, so loggedIn is true

terryds picture terryds on 23 Jul 2018
👍1

+1!!!

nathanchase picture nathanchase on 9 Aug 2018

It's happening to me too!

snsxn picture snsxn on 28 Aug 2018

Hey guys,

I propose this PR #240 that should solve the problem (and possibly https://github.com/nuxt-community/auth-module/issues/210#issuecomment-412066055).
Thanks to @nathanchase debug !

alexbonhomme picture alexbonhomme on 10 Sep 2018
👍4

+1

After logged out, the token has been cleared but the "ctx" still has the old "user" and "loggedIn" state.
When initialize the "state" in the "storage", the "state" copies the "ctx" old auth data.

https://github.com/nuxt-community/auth-module/blob/dev/lib/core/storage.js#L91

cprasarn picture cprasarn on 2 Jan 2019

I think the place where the original logic breaks down is that when the user endpoint is disabled, user gets set to {} which evaluates to true in js
This was correctly handled here: https://github.com/nuxt-community/auth-module/blame/c38a1e49946cb1d435fe28d534e31ebf6aa258e8/lib/auth/schemes/local.js
there's even a comment in the code (// User endpoint is disabled. So we assueme loggedIn is true)
but then changed here: https://github.com/nuxt-community/auth-module/blame/24ff78991e9d1be426a304c823871d10ed303c1e/lib/auth/schemes/local.js

@pi0 What was your rationale for changing that behavior?

zoellner picture zoellner on 16 Jan 2019
👍1

I tracked this down a little more.
On the server this is the call stack that leads to user being set to {}
I.e. whenever Auth is initialized, user will be set to {} and therefore loggedIn will be true with the coupling. 

    at LocalScheme.fetchUser (server-bundle.js:877:32)
    at Auth.fetchUser (server-bundle.js:459:42)
    at Auth.fetchUserOnce (server-bundle.js:553:19)
    at LocalScheme.mounted (server-bundle.js:854:23)
    at Auth.mounted (server-bundle.js:429:42)
    at Auth.init (server-bundle.js:376:16)
zoellner picture zoellner on 16 Jan 2019

I think I've found the issue...

Changing this in the local scheme

  async fetchUser (endpoint) {

    // User endpoint is disabled.
    if (!this.options.endpoints.user) {
      this.$auth.setUser({})
      return
    }

    // Token is required but not available
    if (this.options.tokenRequired && !this.$auth.getToken(this.name)) {
      return
    }

to this

  async fetchUser (endpoint) {

    // Token is required but not available
    if (this.options.tokenRequired && !this.$auth.getToken(this.name)) {
      return
    }

    // User endpoint is disabled.
    if (!this.options.endpoints.user) {
      this.$auth.setUser({})
      return
    }

This prevents the user being set to {} when the auth initiates if there's no token. Works perfectly for me in my custom scheme, which is based on the local one.

glennjacobs picture glennjacobs on 8 May 2019
👍2

Hi. Sorry for the late update. This should be fixed in v4.6.0 via #346.

pi0 picture pi0 on 30 May 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

manniL picture manniL  路  4Comments
ishitatsuyuki picture ishitatsuyuki  路  4Comments
AhmedAtef07 picture AhmedAtef07  路  3Comments
amjadkhan896 picture amjadkhan896  路  3Comments
sebmor picture sebmor  路  3Comments