Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix useAuthState may logout even though logoutOfFailure is false #10280

Merged
merged 1 commit into from
Oct 16, 2024

Conversation

fzaninotto
Copy link
Member

@fzaninotto fzaninotto commented Oct 16, 2024

Problem

Calling useAuthState() should not logout the user is anonymous. Yet, in some situations, it does.

In particular, calling useAuthState in a CRUD page (e.g. <Edit disableAuthentication>) logs the user out.

export const UserEdit = () => {
  const {isLoading, authenticated} = useAuthState();

  if(isLoading) {
    return <Loading></Loading>;
  }

  return (
    <Edit disableAuthentication>
      <SimpleForm>
         // ...
      </SimpleForm>
    </Edit>
  );
};

Analysis

In this case, there are two calls to authProvider.checkAuthwith the same params (and the same query key):

  • one from useCheckAuth() with logoutOnFailure = false. The auth provider returns an error, which should not be used to logout
  • one from <Edit disableAuthentication>, which should not execute the authProvider.checkAuth as the disableAuthentication prop leads to a disabled query

Yet, as the two calls use the same query key, react-query populates the response of the second call with the response from the first one. There IS an error in the second call even though the query fn was never called. And since logoutOnFailure is true for the second call, this logs the user out.

Solution

In the useEffectthat monitor the success and error state, do not trigger effects if the query is disabled.

How To Test

Test with the following example: https://github.com/p4it-kft/react-admin-test

log out, then go to a user edit page directlyu by typing /users/1 in the URL

Additional Checks

  • The PR targets master for a bugfix, or next for a feature
  • [ ] The PR includes unit tests (if not possible, describe why)
  • [ ] The PR includes one or several stories (if not possible, describe why)
  • [ ] The documentation is up to date

@djhi djhi merged commit 81a1337 into master Oct 16, 2024
14 checks passed
@djhi djhi deleted the fix-useauthstate-disableauth branch October 16, 2024 15:09
@djhi djhi added this to the 5.2.4 milestone Oct 16, 2024
@fzaninotto fzaninotto modified the milestones: 5.2.4, 5.3.0 Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants