isLoggedIn, isGuest, isAuthenticated returning E_INVALID_AUTH_SESSION: Invalid session instead of false when logged out?

Question

isLoggedIn, isGuest, isAuthenticated returning E_INVALID_AUTH_SESSION: Invalid session instead of false when logged out?

408796571 opened this issue 3 years ago · 4 comments

408796571 commented 3 years ago

Package version

"@adonisjs/auth": "^8.0.12",

Node.js and npm version

node: 14.18.1
npm: 6.14.15

description

isLoggedIn, isGuest, isAuthenticated not returning false when user is logged out, but only return boolean when logged in, is this expected?

Sample Code (to reproduce the issue)

public async isGuest({ auth }: HttpContextContract) {
await auth.use('web').authenticate()
return auth.use('web').isGuest
}

public async isLoggedIn({ auth }: HttpContextContract) {
await auth.use('web').authenticate()
return auth.use('web').isLoggedIn
}

public async isAuthenticated({ auth }: HttpContextContract) {
await auth.use('web').authenticate()
return auth.use('web').isAuthenticated
}

Answer 1 · 2022-03-07T06:18:51.000Z

Please share a repo to help reproduce the issue. isLoggedIn property can never raise the exception your shared.

Answer 2 · 2022-03-07T06:35:57.000Z

Please share a repo to help reproduce the issue. isLoggedIn property can never raise the exception your shared.

Hey @thetutlage, thanks for the fast reply. It's a private repo I'm working on. isLoggedIn, isGuest and isAuthenticated all returning invalid session exception after I log out the user.

I'm testing from postman and also make sure my api endpoint is also using 127.0.0.1 instead of localhost to match postman network. I also set credentials: true under config/cors.ts.

I also have config/auth.ts configured pretty standard with web as guard and session driver, etc..

My understanding is that auth.use('web').authenticate() is raising exception with invalid session, when i comment out auth.use('web').authenticate(), return auth.use('web').isGuest always returns true regardless if the user/session is logged in or logged out.

really weird to run into this behavior. could you provide some guidance on where to look for next? really appreciate your time and help.

Answer 3 · 2022-03-07T06:45:00.000Z

You just need to use the right methods. You should be using auth.use('web').check() if you do not want exception to be raised.

https://docs.adonisjs.com/guides/auth/web-guard#check

Answer 4 · 2022-03-07T06:51:01.000Z

auth.use('web').check()

you are the man!!! how come I missed the exact documentation wording on "However, it does not raise any exception when the request is not authenticated"

thank you again.