Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User can still log into the dashboard with invalid login credentials #4

Open
theDeji opened this issue Nov 30, 2020 · 5 comments
Open

User can still log into the dashboard with invalid login credentials #4

theDeji opened this issue Nov 30, 2020 · 5 comments

Comments

@theDeji
Copy link

theDeji commented Nov 30, 2020

Hey Kyle, I did the same thing you did on this project and I noticed that the moment I add the history.push('/') line beneath the login function, it allows users login even if the login credential is invalid.

async function handleSubmit(e) {
e.preventDefault()

try {
  setError("")
  setLoading(true)
  await login(emailRef.current.value, passwordRef.current.value)
  history.push("/") --> problem here, it logs in the user with invalid credentials. Even at the sign up component.
} catch {
  setError("Failed to log in")
}

setLoading(false)

}
@pea-nut-z
Copy link

pea-nut-z commented Jan 7, 2021
edited

Hey Kyle, I did the same thing you did on this project and I noticed that the moment I add the history.push('/') line beneath the login function, it allows users login even if the login credential is invalid.

async function handleSubmit(e) {
e.preventDefault()

try {
  setError("")
  setLoading(true)
  await login(emailRef.current.value, passwordRef.current.value)
  history.push("/") --> problem here, it logs in the user with invalid credentials. Even at the sign up component.
} catch {
  setError("Failed to log in")
}

setLoading(false)

}

I am wondering if you added "exact " for the "/" route
<PrivateRoute exact path="/" component={Dashboard} />

@theDeji
Copy link
Author

theDeji commented Jan 12, 2021

Yeah, I did.

@ghost
Copy link

ghost commented Jun 1, 2021

Does it not show the alert which says 'Failed to login' or something similar? Because I do not get the alert, and there's an uncaught Promise that is logged to the console which is an error. But I still get redirected to the '/' route [Homepage route].

It looks like the err is not getting caught in the try-catch block, and it throws the below error about an uncaught promise, but still redirects to the homepage.

Screenshot 2021-06-01 at 13 57 08

@ghost
Copy link

ghost commented Jun 1, 2021
edited by ghost

I've figured out a solution here, it's basically to add the then() and catch() in our AuthContextProvider login() function and return the error and loading states from within the context provider, rather than using it up in the Login component.

Here's my AuthContext.js file: 
import { createContext, useState, useEffect } from 'react';
import { auth } from '../firebaseConfig';

export const AuthContext = createContext();

export const AuthProvider = ({ children }) => {
  const [currentUser, setCurrentUser] = useState();
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState('');

  useEffect(() => {
    const unsubscribe = auth.onAuthStateChanged((user) => {
      setCurrentUser(user);
      setLoading(false);
    });

    return unsubscribe;
  }, []);

  const signup = (email, password) => {
    auth.createUserWithEmailAndPassword(email, password);
  };
  const login = (email, password) => {
    auth
      .signInWithEmailAndPassword(email, password)
      .then((userCredential) => {
        //signed in!
        setLoading(false);
      })
      .catch((err) => {
        //error
        setLoading(false);
        setError(err.message);
      });
  };

  const value = {
    currentUser,
    loading,
    error,
    signup,
    login,
  };
  return (
    <AuthContext.Provider value={value}>
      {!loading && children}
    </AuthContext.Provider>
  );
};

Here's a snippet of the submit event on the form:

  const { login, error, loading } = useContext(AuthContext);
  const history = useHistory();

  const handleSubmit = async (e) => {
    e.preventDefault();
    await login(emailRef.current.value, passwordRef.current.value);
    if (!loading && !error) {
      history.push('/');
    }
  };

This displays the error that firebase sends in case we enter a wrong password during login, thus prevent the user to route to the homepage. It also prevents the user from routing to the homepage if there are multiple invalid password attempts! All this info is shown in the Alert within the Login component based on the error value received from login() function, from the AuthContextProvider.

Edit: I believe this should be done with all other async firebase functions as well, i.e, for sign-up, logout, etc.

@ghost
Copy link

ghost commented Jun 1, 2021

Does it not show the alert which says 'Failed to login' or something similar? Because I do not get the alert, and there's an uncaught Promise that is logged to the console which is an error. But I still get redirected to the '/' route [Homepage route].

It looks like the err is not getting caught in the try-catch block, and it throws the below error about an uncaught promise, but still redirects to the homepage.

Screenshot 2021-06-01 at 13 57 08

I had made a silly mistake, I'd forgotten to return the Promise from the AuthProvider login() function. Seems to be working fine now.

  const login = (email, password) => {
    return auth.signInWithEmailAndPassword(email, password);
  };

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theDeji @pea-nut-z