Reputation: 1110
Router authorizeStep from other app root keeps triggering
My Aurelia project is split up in 2 app roots, both with their own route structure. App root 1 contains all screens where you don't have to be authenticated (login, reset pwd,...) App root 2 all the other screens.
I'm blocking access to routes on app root 2 when you are not authenticated with an authorizeStep. In this step, I set the root to app root 1 when you are not authenticated. App root 1 has a login view as default route, so this works quite well. So, when you are not authenticated and try to navigate to a deep url in app root 2, this happens:
- App Root 2 configures it's routes and tries to navigate to the deep url
- The authorizeStep triggers, you are not authenticated, the route is cancelled and an aurelia.setRoot() happens to app root 1
- App root 1 configures it's router and navigates you to the default route, the login page
The problem is manually logging out. When this button, residing in app root 2, is clicked. I clear user data, therefore you are not authenticated anymore. Following that step, I manually set the root to app root 1, and there I get an infinite loop:
- App root 1 configures it's router and navigates you to the default route, the login page
- The authorizeStep triggers from app root 2!, you are not authenticated, the route is cancelled and an aurelia.setRoot() happens to app root 1
- App root 1 configures it's router and navigates you to the default route, the login page
- ...
The problem is that the authorizeStep from root 2 triggers when navigating in root 1. I looked for a way for removing the authorizestep, but I don't think the framework currently exposes this. I find it very curious that this issue only occurs when clicking logout, deep linking and redirecting to login works as expected.
I created a reproducable gist for clarity, click the logout button and you will see the console infinitely repeating the authorizestep.
https://gist.run/?id=1a551dcc4bec7d191ab680a937b19cfc
Upvotes: 3
Views: 159
Answers (1)
Reputation: 1110
Turns out you need to clear the steps yourself, this isn't done in a router.clear(), which the aurelia.setRoot() internally calls.
Fortunately you actually can do this yourself, with:
this.pipelineProvider.reset();
I don't find this behavior logical though, so I created an issue for it: https://github.com/aurelia/router/issues/465
Upvotes: 0
Related Questions
- Aurelia Security - Authentication & Authorization
- CanActivate guard redirects to / on initial load, router-outlet does not render
- Ionic 4 - AuthGuard page routing permission delayed
- Aurelia child router does not go through main router pipeline
- Aurelia Router: Good pattern for authorizing child routes
- Aurelia - Setting up basic authorization pipeline causes navigation links to disappear
- How to Fix Aurelia Router failing on refresh of child route?
- How to implement AuthorizeStep referer redirection?
- Hiding routes in Aurelia nav bar until authenticated
- Detect change to router.isNavigating