-
Notifications
You must be signed in to change notification settings - Fork 607
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalidated immediately after authentication when using cookieStore with Safari #2533
Comments
Hi @joshuaswift, thanks for reporting the issue and all the pointers. At this very moment, I can't tell you what is the issue, I'll try to work that out in the coming days though.
@action
async authenticate(e) {
e.preventDefault();
let { identification, password } = this;
try {
await this.session.authenticate('authenticator:oauth2', identification, password);
} catch(error) {
this.errorMessage = error.error || error;
}
if (this.session.isAuthenticated) {
// What to do with all this success?
}
}
|
Unfortunately I couldn't reproduce this.
The value of the cookie also contains the authenticator and it's exactly the same string as the one provided during Could you make sure that the cookie is correct after/during log-in? e.g. {
"authenticator": "authenticator:token",
"access_token": "....",
"status": "ok"
}
Additonally, in my testing neither on Chrome or Safari the What authenticator do you use? Code samples and recording: // app/session-stores/application.js
import CookieStore from 'ember-simple-auth/session-stores/cookie';
const CustomCookieStore = CookieStore.extend({});
export default CustomCookieStore; @action
async authenticate() {
const authenticator = 'authenticator:token'; // or 'authenticator:jwt'
try {
await this.session.authenticate(
authenticator,
{
user: {
name: this.form.username,
password: this.form.password,
},
}
);
this.router.transitionTo('protected.catalysts');
} catch (error) {
// dont matter
}
} Screen.Recording.2023-04-05.at.20.48.22.mov |
Thanks for the response! Interesting, we use the User authenticator:
Session store:
Login logic:
Apologies I can't provide a screen recording, but I checked the session after authenticating and the cookie is present as expected, but it then gets invalidated immediately when the |
@joshuaswift I tried to reproduce it again based on your setup (devise authenticator and RoR server) and again it appears to be working correctly for me. I'd try also:
|
I'm observing similar behavior on both Chrome and Firefox, also using CookieStore. Immediately after a successful login, the session is invalidated. I don't think it's ESA's fault though, since even rolling back to 4.2.2 didn't solve the issue for me. I've been merging dependabot PRs a bit carelessly and I'm suspecting that it might be caused by something else. 🤔 |
I've updatd to 5.0.0 again and merged all my dependabot PRs carefully one at a time, and I couldn't reproduce the issue. I'm afraid I have no idea what caused it. 😵💫 |
Seems like good but bizarre news 👯 😄 I'll be closing this based on spuxx's comment. @joshuaswift feel free to reach out and re-open if your issue still persists. |
@BobrImperator @joshuaswift I managed to reproduce the behavior. I was able to isolate it to Both of these lead to the observed behavior of sessions being invalidated right after login: "ember-data": "~4.12.0",
"ember-simple-auth": "^4.2.2", "ember-data": "~4.12.0",
"ember-simple-auth": "^5.0.0", Both of these work fine: "ember-data": "~4.11.3",
"ember-simple-auth": "^4.2.2", "ember-data": "~4.11.3",
"ember-simple-auth": "^5.0.0", This will likely get reported more often once folk update their apps, so we should probably get on top of this. I can try to dig into what's going on, but it might take me some time as I'm currently on vacation. Everything points to |
Safari version: 14.1.2
ESA version: 4.2.2
Ember version: 4.9.3
We recently switched from using the
adaptiveStore
to thecookieStore
so we can keep the user authenticated across various subdomains.This works perfectly on Chrome and Firefox, but on Safari we're experiencing an issue where immediately after signing in using the
authenticate
method, the session becomes invalidated and the user is redirected straight back to the login screen.I've dug through the source code and it seems to be caused by the
_bindToStoreEvents
method in theinternal-session
service.This gets called in the
init
hook for this service, and when it gets to the conditional which checks for anauthenticatorFactory
, it'sundefined
which causes the_clear
method to be called which then invalidates the session.The strange thing is, in Chrome this
_bindToStoreEvents
method never seems to get reached on login, so I'm not sure what thisauthenticatorFactory
value should be, or why it'sundefined
in this scenario.If I then delete the cookies generated by the initial login, I can login fine and it doesn't invalidate me, but every subsequent time I try and login it will repeat the original issue unless I delete the cookies each time.
I have also checked that all cookies are allowed in Safari by disabling 'Block all cookies' and 'Prevent cross-site tracking' just in case this was interfering with ESA somehow.
Any ideas of how to resolve this?
The text was updated successfully, but these errors were encountered: