Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First few requests never get the authorization header #756

Closed
artlowel opened this issue Jul 7, 2020 · 3 comments · Fixed by #856
Closed

First few requests never get the authorization header #756

artlowel opened this issue Jul 7, 2020 · 3 comments · Fixed by #856
Assignees
@artlowel
Labels
authentication: general general authentication issues bug high priority
Milestone
7.0beta4

Comments

@artlowel
Copy link
Member

artlowel commented Jul 7, 2020

When you are authenticated, and you refresh, the first few rest requests won't contain the authorization header.

The problem is easiest to see in dev mode, as you can simply inspect the requests in the dev tools and look at their headers, but it also happens in production mode, on the express server.

If you add the following statement to auth.interceptor.ts, line 251 you can see in the server output that it happens during server side rendering as well

console.log(newReq.url, 'authorized', isNotEmpty(newReq.headers.get('authorization')));

This is problematic because as we're adding support for things like the authorization endpoint to decide which menu options to show etc, the responses to those very first requests depend on having the correct authentication info.
@artlowel artlowel added bug authentication: general general authentication issues labels Jul 7, 2020
@atarix83
Copy link
Contributor

atarix83 commented Jul 8, 2020

@artlowel A possible solution to this problem, should be to active router-outlet only once the auth.loaded state is true. In this way it should prevent to load any route, thereby to make new request, before an attempt to restore an existing auth session is done.

@tdonohue tdonohue added this to the 7.0beta4 milestone Jul 13, 2020
@tdonohue tdonohue added this to To Do in DSpace 7 Beta 4 via automation Jul 13, 2020
@MarieVerdonck MarieVerdonck mentioned this issue Jul 16, 2020
Merged
5 tasks
@artlowel
Copy link
Member Author

@atarix83 explained in the meeting today that we could also wrap a container with an ngIf="auth.loaded" around everything in app component instead of just the router-outlet. That should prevent any other requests from being fired too soon

MarieVerdonck added a commit to atmire/dspace-angular that referenced this issue Jul 27, 2020
@MarieVerdonck
71712: confirmation modal for export + tests &
5803d45 
- request causing error because of issue DSpace#756, commented out for now &
- drop event prevention in a HostListener like dragover event
MarieVerdonck added a commit to atmire/dspace-angular that referenced this issue Aug 3, 2020
@MarieVerdonck
71712: confirmation modal for export + tests &
3e0f4a5 
- request causing error because of issue DSpace#756, commented out for now &
- drop event prevention in a HostListener like dragover event
@artlowel artlowel moved this from To Do to In Progress in DSpace 7 Beta 4 Aug 27, 2020
@artlowel artlowel self-assigned this Aug 27, 2020
@artlowel
Copy link
Member Author

assigned myself, as we'll fix this in the context of #635

@Atmire-Kristof Atmire-Kristof mentioned this issue Sep 3, 2020
Merged
5 tasks
@artlowel artlowel removed this from In Progress in DSpace 7 Beta 4 Sep 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@artlowel artlowel

Labels
authentication: general general authentication issues bug high priority
Projects
None yet
Milestone
7.0beta4
Development

Successfully merging a pull request may close this issue.

Hard redirect after log in atmire/dspace-angular
4 participants
@tdonohue @artlowel @atarix83 @heathergreerklein