this.session.requireAuthentication is returning false on a page refresh, even though user is already authenticated

[nurmuhammadsiratseequent]

In ESA 4.2.2, I can call this.session.requireAuthentication(transition, 'login') on a protected route in the beforeModel and this will return true if a user has already authenticated. I can verify this by looking at localStorage and seeing that the user's token is persisted there. If I were to manually refresh the page on this protected route or go to the same route in another tab, I will remain authenticated.

We're upgrading from 4.2.2 to 5.0.0 (and eventually 6.0.0). Now, in ESA 5.0.0, this call is returning false on a refresh after the user has previously authenticated. It will transition the user to the login route. However I can see that the auth data is still persisted in the localStorage key ember_simple_auth-session.

I have verified that this behaviour is also happening in 6.0.0.

[BobrImperator]

Hi 👋

What ember-data version do you use in your app?

We've had reports regarding similar issue that was related to ember-data 4.12.0 problems which were later fixed in 4.12.1. That being said ESA doesn't rely on ember-data itself and the issue is likely caused somewhere where user data is being fetched.

Please visit this thread #2533 as your issue seems very similar to that one.

Feel free to reach out if that doesn't help 👍

[nurmuhammadsiratseequent]

We are using ember-data version 4.11.3.

Thanks for your suggestions @BobrImperator. I'll see if updating ember-data will help.

[gzurbach]

We are experiencing this issue as well.

Currently running:

• [email protected] (same issue with 6.0.0)
• [email protected]
• [email protected].

[gzurbach]

@nurmuhammadsiratseequent are you using the cookie store? and are you also using ember-simple-auth-token by any chance?

I wonder if this has anything to do with the release of [email protected] a few days ago: https://github.com/mainmatter/ember-cookies/releases

Edit: I tried to switch to LocalStorage and the same thing happens. I have no idea what's going on 🤷‍♂️

[nurmuhammadsiratseequent]

Hi @gzurbach. No, I'm using localStorage with a custom authenticator. I'm also not using ember-cookies in my app.

[khaled-s]

I'm having the same problem, cookies based store
this problem causing fastboot server to crash
and getting this error

Error: Assertion Failed: calling set on destroyed object: <front@session:main::ember335>.isAuthenticated = true

and getting this error

• ember-data: 4.11.3
• ember-simple-auth: 6.0.0
• ember-simple-auth-token: 5.3.2

[gzurbach]

[Side note, not directly related with this issue but relevant to those using ember-simple-auth-token]

Things I have discovered while investigating: ember-simple-auth-token: 5.3.2 is not compatible with ember-simple-auth: 6.0.0. When installed together, ember-simple-auth-token will actually install, then load, its own version of ember-simple-auth in version 5.0.0. That's not ideal in itself. Add to this the fact that [email protected] and 6.0.0 rely on completely different version of ember-cookies and things can get really wacky.

It looks like ember-simple-auth-token is abandoned. I am considering writing my own custom authenticator and drop ember-simple-auth-token so that I can be on [email protected].

Unfortunately, it does not resolve the issue. Something is broken somewhere else.

[khaled-s]

This problem is happening when using JWT authenticator with ember-fastboot
disabling ember-fasboot seems to solve the problem
also switching to local-storage store instead of cookie store solve the problem, but this will not work with ember-fastboot
I think restore function is not working probably in the server side

[nurmuhammadsiratseequent]

@BobrImperator Upgrading to [email protected] does not work. I've tried with 4.12.5 as well.

[BobrImperator]

Could you please find out if you can reproduce this in a fresh project?