-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Routes auth config not honoured #7863
Comments
I tried replacing (from router/helpers.ts > isUserContext) const contextRoute = getContextRoute(router, to)
return !contextRoute || contextRoute.meta?.auth !== false with const contextRoute = getContextRoute(router, to)
if (contextRoute) {
return contextRoute.meta?.auth !== false
}
return false Which prevents the login (does |
Think I found it.. I can make it simpler.. Will run the tests and do a PR. |
There was this PR #7437 approx. 2.5 months ago, where we changed the behaviour of the authGuard to interpret the absence of a contextRoute (and not having meta.auth on the target route) as requiring a login. This still makes sense to me. Defining |
The problem is that the target route auth is not absent and I'm still redirected to login if I'm not logged in. I just created an extension that sets You can see here the definition: |
Ah, thank you, now I understand the issue. So with the authentication changes some months ago we now define three different contexts:
What you try to achieve is
What we could easily do, is to agree on a new route meta param like For the |
What you did is interesting, and it solves in theory our issue... But, this looks very inconsistent and would not be ok if I was developing a proper app (assuming we want a single route for both with/without auth context, which maybe you think this should always be separate...).
If I set it to hybrid, I would expect it to show me the user context if logged in, or the normal app frame if not. But I suppose that is not what hybrid means, with no context I'm sent to login, with context everything shows well. What was there before (and what my PR did), what to show the view of my application, always within the runtime frame (meaning, the header, branding, etc). And this is already prepared to show me the username on the top right corner if there's a user context or hide it otherwise. So, look, I think what I just described would be a better way of presenting (we should show the app frame). But I do not consider this important for now, so I would leave it into your consideration. We can expose our route logic without user context, so this would already unblock us. |
Thank you for looking into it!
A single route with / without auth context is not supported with this. That's a different topic - in the future we want to query the IdP to check if there is an active user session, and if yes restore it. That will open up the opportunity of defining anonymous routes that can make use of the "maybe-existing-user". As of now, you can only ever have a user with an authContext choice of
In my opinion that's something else: the page layout. The ownCloud Web runtime as of now supports three different page layouts:
Please note that the
Could you please try if you can achieve what you want by setting |
Seems great! Thanks for the effort, I was thinking this would be a very small thing but it ended up not the case. |
I might want to create an extension that exposes a route publicly (no user context).
Before I could set
meta.auth: false
and everything would work, but this configuration is no longer honoured.The auth logic (auth guard) eventually enters in the user context 'if' (
isUserContext === true
becausecontextRoute === null
), where it checks thatisUserContextReady === false
, thus redirecting the user back to login.The text was updated successfully, but these errors were encountered: