ember-simple-auth: Refresh page causes logout

I use my custom authenticator whch is the same as device authenticator almost. When I refresh the page, local storage cleared and user logged out.

Ember version : 2.5.1
Ember Simple Auth version : 1.1.0

Why? Thanks in advance

About this issue

Original URL
State: closed
Created 8 years ago
Comments: 50 (29 by maintainers)

Commits related to this issue

Fix issue where store is emptied on page refresh Related #990 #1090. Early in the initialization of this object, `setUnknownProperty` gets called with `__OWNER__` and `__NAME_KEY__` (system proper... — committed to jamiechong/ember-simple-auth by jamiechong 7 years ago
Fix issue where store is emptied on page refresh (#1267) * Fix issue where store is emptied on page refresh Related #990 #1090. Early in the initialization of this object, `setUnknownProperty` ... — committed to mainmatter/ember-simple-auth by jamiechong 7 years ago

Most upvoted comments

You can store custom session data by setting it on the session:

this.session.set('data.authenticated.myData', 'maVal');

That is how it currently works but also the reason for the problems I mentioned above - basically all data that is written to the session is automatically persisted to the store which leads to a lot of hacky and complex code. This needs to be refactored into a cleaner solution but as that’s a larger effort nobody has yet found the time to do it.

marcoow on Jul 23, 2018

Ok so we have just hit this issue and I have tracked down the problem, our code was actually throwing an Exception in our authenticator’s restore method (details of which are not too important)

The problem is that the error is being swallowed and not ever output to the user. The problem is that if there is an error thrown at this point https://github.com/simplabs/ember-simple-auth/blob/master/addon/internal-session.js#L67 it will not be caught by this error handler: https://github.com/simplabs/ember-simple-auth/blob/master/addon/internal-session.js#L85 , instead that error handler will only catch issues with the this._callStoreAsync('restore') call on this line https://github.com/simplabs/ember-simple-auth/blob/master/addon/internal-session.js#L62

If the error handler is valid for cases of exceptions thrown in the user provided restore method then I would recommend changing the internal-session restore method to look more like this:

restore() {
    this._busy = true;
    const reject = () => RSVP.Promise.reject();

    return this._callStoreAsync('restore').then((restoredContent) => {
      let { authenticator: authenticatorFactory } = restoredContent.authenticated || {};
      if (authenticatorFactory) {
        delete restoredContent.authenticated.authenticator;
        const authenticator = this._lookupAuthenticator(authenticatorFactory);
        return authenticator.restore(restoredContent.authenticated).then((content) => {
          this.set('content', restoredContent);
          this._busy = false;
          return this._setup(authenticatorFactory, content);
        }, (err) => {
          debug(`The authenticator "${authenticatorFactory}" rejected to restore the session - invalidating…`);
          if (err) {
            debug(err);
          }
          this._busy = false;
          return this._clearWithContent(restoredContent).then(reject, reject);
        });
      } else {
        delete (restoredContent || {}).authenticated;
        this._busy = false;
        return this._clearWithContent(restoredContent).then(reject, reject);
      }
    }).then(null, () => { // <- this is the subtle difference
      this._busy = false;
      return this._clear().then(reject, reject);
    });
  },

The difference is that this will now catch all issues with user provided restore methods

mansona on Aug 25, 2017