Comments (3)
In this snippet:
await authenticator.authenticate("user-pass", request, {
successRedirect: "/dashboard",
failureRedirect: "/login",
});
throw new Error("already logged in");
The error will never happen, because you defined both successRedirect and failureRedirect, so if the user is authenticated a redirect to /dashboard
will be thrown, if the user is not authenticated then it will redirect to /login
. There's no scenario where the data of the session is returned directly if you set both redirects.
If you don't set the failureRedirect then it will redirect if it's logged-in or return null if it's not.
If you don't set the successRedirect then it will redirect if it's not logged-in and return the user (whatever the strategies return) data if it is.
In the last scenario is when it can leak the data, but that's the responsibility of the dev using the library, the type will be correctly defined to tell you that it's returning the user data.
All of this is documented in the README
from remix-auth.
I opened the issue because it happened to me when I had an error display and I re-loaded the page. The raw json from the session was displayed in the browser.
Another way besides a reload would be to look through the network logs in the browser and re-submit the request from within a logged in user session.
from remix-auth.
I figured out was is going on: this was in a strategy I was developing and I was copying the outline of the oauth2 plugin, but returned user
if logged-in instead of this.success(user, ...)
. in the short circuit block of "User is already authenticated".
Something to be aware of I guess. Plugins can be poorly written and leak your session 🙄.
from remix-auth.
Related Issues (20)
- User is not logged in when verify data contains UTF-8 characters HOT 2
- createCookieSessionStorage not logged in HOT 2
- LocalStrategy not found HOT 2
- Accept session in addition to request
- Broken on Netlify Functions HOT 4
- failureRedirect not working with multiple forms HOT 1
- userProfile method is protected even though it's an easy way to access user info HOT 1
- Form Data can not be accessed when calling `authenticator.authenticate` HOT 2
- [DOCS] Explicitly require @remix-run/server-runtime? HOT 1
- Can't use getSession in root HOT 4
- 302 Redirect Cookie Delay HOT 4
- Authenticator 'authenticate' throws error with only successRedirect passed HOT 4
- bug: not usable with remix latest upgrade (v2.0) HOT 4
- ReferenceError: request is not defined HOT 1
- How to resolve "Response body object should not be disturbed or locked"? HOT 3
- How to display failure HOT 5
- Add LinkedInStrategy HOT 1
- GitHub Strategy with CF Workers
- JWTClaimsError('Invalid audience')
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from remix-auth.