this.session.requireAuthentication is returning false on a page refresh, even though user is already authenticated

[nurmuhammadsiratseequent]

In ESA 4.2.2, I can call this.session.requireAuthentication(transition, 'login') on a protected route in the beforeModel and this will return true if a user has already authenticated. I can verify this by looking at localStorage and seeing that the user's token is persisted there. If I were to manually refresh the page on this protected route or go to the same route in another tab, I will remain authenticated.

We're upgrading from 4.2.2 to 5.0.0 (and eventually 6.0.0). Now, in ESA 5.0.0, this call is returning false on a refresh after the user has previously authenticated. It will transition the user to the login route. However I can see that the auth data is still persisted in the localStorage key ember_simple_auth-session.

I have verified that this behaviour is also happening in 6.0.0.

[BobrImperator]

Hi 👋

What ember-data version do you use in your app?

We've had reports regarding similar issue that was related to ember-data 4.12.0 problems which were later fixed in 4.12.1. That being said ESA doesn't rely on ember-data itself and the issue is likely caused somewhere where user data is being fetched.

Please visit this thread #2533 as your issue seems very similar to that one.

Feel free to reach out if that doesn't help 👍

[nurmuhammadsiratseequent]

We are using ember-data version 4.11.3.

Thanks for your suggestions @BobrImperator. I'll see if updating ember-data will help.

[gzurbach]

We are experiencing this issue as well.

Currently running:

• ember-simple-auth@5.0.0 (same issue with 6.0.0)
• ember-simple-auth-token@5.3.2
• ember-data@4.12.4.

[gzurbach]

@nurmuhammadsiratseequent are you using the cookie store? and are you also using ember-simple-auth-token by any chance?

I wonder if this has anything to do with the release of ember-cookies@1.1.2 a few days ago: https://github.com/mainmatter/ember-cookies/releases

Edit: I tried to switch to LocalStorage and the same thing happens. I have no idea what's going on 🤷‍♂️

[nurmuhammadsiratseequent]

Hi @gzurbach. No, I'm using localStorage with a custom authenticator. I'm also not using ember-cookies in my app.

[khaled-s]

I'm having the same problem, cookies based store
this problem causing fastboot server to crash
and getting this error

Error: Assertion Failed: calling set on destroyed object: <front@session:main::ember335>.isAuthenticated = true

and getting this error

• ember-data: 4.11.3
• ember-simple-auth: 6.0.0
• ember-simple-auth-token: 5.3.2

[khaled-s]

This problem is happening when using JWT authenticator with ember-fastboot
disabling ember-fasboot seems to solve the problem
also switching to local-storage store instead of cookie store solve the problem, but this will not work with ember-fastboot
I think restore function is not working probably in the server side

[nurmuhammadsiratseequent]

@BobrImperator Upgrading to ember-data@4.12.1 does not work. I've tried with 4.12.5 as well.

[BobrImperator]

Could you please find out if you can reproduce this in a fresh project?

[ValenberghsSven]

Unsure if this belongs here, but I am currently also experiencing issues with this.session.requireAuthentication

Our CI is running tests with the cypress test framework.
When upgrading a custom login package to ember-simple-auth v6 some of our tests are currently failing.
We use localStorage to set the session in the browser.

What seems to happen is that the localStorage key "authenticated" is suddenly empty when it shouldn't be.
After searching for awhile I have managed to reproduce the issue in our project 100%

It seems that multiple visits in rapid succession to a route with this.session.requireAuthentication in the beforeModel seems to be the issue.

What I found out by stresstesting:
First we do a POST call to our login > we get session data and put the "authenticated" key in localStorage
We visit (cy.visit) 1 page with this.session.requireAuthentication > fine usually, can fail
We visit (cy.visit) 4 pages with this.session.requireAuthentication > fails 100% of the time, localStorage has empty "authenticated"
We visit (cy.visit) 4 pages with this.session.requireAuthentication but with a 100ms delay between each> succeeds 100% of the time (tested like 20 times)

I am not sure how to setup a fresh project for all of this.

- ember-data: 4.11.3
- ember-simple-auth: 6.0.0

[ValenberghsSven]

Just to update, the developers of our custom login package also updated me.
The version I was using had removed the ember-fetch dependency

When I used an older version of our custom login package with the ember-fetch dependency it seems to work normally.
Seems to be related to #2272

[BobrImperator]

A race condition in Ember tests when an authenticator responds with a delay and a session.authenticate method not being registered in a waiter list is something we could definitely improve.

I'm not positive on cypress tests though, cypress tests don't have access to waiters like regular ember tests do.
Your cypress tests should probably await some UI change that indicates you're logged in, I don't think that ESA version really matters here.

Ember test harness has a concept of waiters, where @waitFor can be used inside source code to register a promise inside a waiter list and then inside your tests you'd call await settled() which pauses test at that point and waits for all registered promises to resolve.
await settled() is rarely called directly and test-helpers such as await click() call await settled() inside them instead.