10

I'm using Ember Simple Auth Devise v 0.6.4 in an Ember-cli app.

I can log in fine but when I refresh the page the session is lost. (Tested in Firefox and Chrome.)

Right after logging in, inspecting the localStorage shows the session and after refreshing localStorage is empty.

Here's what's in the local storage when I sign in:

enter image description here

niftygrifty
  • 3,452
  • 2
  • 28
  • 49
  • Are you using a custom authenticator or so? Usually the reason for these kinds of problems is that the authenticator's `restore` method (https://github.com/simplabs/ember-simple-auth/blob/master/packages/ember-simple-auth-devise/lib/simple-auth-devise/authenticators/devise.js#L79) doesn't restore the session correctly. – marcoow Aug 09 '14 at 11:29
  • Hmm... I'm using the Devise authenticator. – niftygrifty Aug 09 '14 at 11:38
  • can you post a screenshot of the `localStorage`'s contents after you log in? – marcoow Aug 09 '14 at 12:55
  • I added a screenshot to the original question. – niftygrifty Aug 10 '14 at 07:55

4 Answers4

10

The problem is that you have neither user_token nor user_email in the session which are required for the session to be authenticated. So as soon as you reload the page the authenticator's restore method rejects the session. Also without user_token and user_email the authorizer is not going to actually authorize any requests.

You'll need to change your server side devise setup as described here.

marcoow
  • 4,062
  • 1
  • 14
  • 21
  • 1
    Does this apply only to ember-simple-auth-devise? I seem to have the same issue by using ember-simple-auth-token. As soon as the session is authenticated, localStorage contains the correct data. As soon as I refresh I get redirected to the login page and localStorage is empty. – Riccardo Bartoli Sep 23 '14 at 21:42
  • This applies to the device authenticator. Not sure what you mean by "ember-simple-auth-token". – marcoow Sep 24 '14 at 06:52
  • 1
    I mean "ember-cli-simple-auth-token". BTW every time I reload any protected page after successfully logging in, I'm redirected to the "login" page and localStorage is emptied. Is there something I should do to make the session persistent or it's supposed to work out of the box without doing anything? Thanks – Riccardo Bartoli Sep 24 '14 at 17:00
  • 1
    I guess you mean ember-cli-simple-auth-oauth2. Session persistence works out of the box. As I said above; in your code you're using the wrong attributer names - every authenticator has certain server dependencies which are explained in the README – marcoow Sep 24 '14 at 18:48
  • No I mean [ember-cli-simple-auth-token](https://github.com/jpadilla/ember-cli-simple-auth-token) and it doesn't seem to have any specific attribute name or server dependency, so probably that's the reason why it's not working. I'll have a look at the ember-cli-simple-auth-oauth2 to see if that solve my issue. BTW thanks for this great cli addon! – Riccardo Bartoli Sep 24 '14 at 20:37
  • Oh, I see - ember-cli-simple-auth-token isn't currently part of Ember Simple Auth so I don't know about its specifics. It might get merged into the library at some point but that's still an ongoing discussion: https://github.com/simplabs/ember-simple-auth/issues/287 – marcoow Sep 24 '14 at 21:07
2

I have run into the same issue with simple-auth-devise.

The problem was that inconfig/environment.js the identificationAttributeName was overridden.

ENV['simple-auth-devise'] = {
    identificationAttributeName: 'email'
};

By doing so, it no longer matched the data returned by Users::SessionsController on successful authentication, taken from the ember-simple-auth-devise Readme:

data = {
    token: user.authentication_token,
    user_email: user.email
}

The attribute names must match, so the solution is to use the identificationAttributeName in the JSON returned by the controller:

data = {
    token: user.authentication_token,
    email: user.email
}

Like marcoow pointed out, it is all in the implementation of the Devise authorizer restore() method.

ihoka
  • 147
  • 8
  • 1
    In the next version of Ember Simple Auth the default for `identificationAttributeName` will change to `'email'` to avoid confusion (see this commit: https://github.com/simplabs/ember-simple-auth/commit/c38be0ce0eb209769cb1a5efc135d7a5731468a4) – marcoow Mar 10 '15 at 08:07
0

I'm experiencing the same issue, e.g. my session is getting nuked on refresh.

This is undesired behavior, and for me at least doesn't appear to have anything to do with server side devise setup.

No requests are being sent to the server, it's just a matter of keeping the session alive by using the cookies which should be checked first.

Kiffin
  • 1,048
  • 1
  • 15
  • 21
  • 1
    I think this should be a seperate question with your own setup described. I didn't down vote btw :) –  Feb 09 '15 at 13:21
0

I had this issue as well. It turns out that the restore method in the authenticator did not take into account the resource name.

In particular, changing the line indicated here: https://github.com/simplabs/ember-simple-auth/blob/master/packages/ember-simple-auth-devise/lib/simple-auth-devise/authenticators/devise.js#L95

as follows:

if (!Ember.isEmpty(propertiesObject.get(_this.resourceName)[_this.tokenAttributeName]) && !Ember.isEmpty(propertiesObject.get(_this.resourceName)[_this.identificationAttributeName])) {

solved the problem.

Note that my local storage looked like:

{"secure":{"authenticator":"simple-auth-authenticator:devise","user":{"id":1,"email":"test@gmail.com","created_at":"2015-07-20T22:30:47.966Z","updated_at":"2015-07-23T17:45:41.874Z","authentication_token":"7Uv6LysQ2h3x-P4WUMmU","token":"7Uv6LysQ2h3x-P4WUMmU"}}}

As a result, this required the additional changes in the config/environment.js

  ENV['simple-auth-devise'] = {
    identificationAttributeName: 'email',
    resourceName: 'user',
    tokenAttributeName: 'authentication_token',
    crossOriginWhitelist: ['*']   
  };

Changing bower_components/ember-simple-auth/simple-auth-devise.amd.js is what allowed me to see that this indeed was my problem.

tol4trob
  • 1,187
  • 1
  • 8
  • 8