How to replace the authorize method in ember-simple-auth

Question

I'm trying to refactor my Ember acceptance tests to not use the deprecated authorize method, as it is throwing a warning:

The `authorize` method should be overridden in your application adapter

I checked the docs, and numberous other sources, but they don't actually explain how to migrate my code. Here's what I've got at the moment:

// projectname/app/pods/login/controller.js (excerpt)
export default Controller.extend({
    session: service(),
    sessionToken: null,

    onSuccess: function(res) {
    res = res.response;
        this.set('sessionToken', res.session);
        if (res.state === "authenticated") {
            document.cookie = "token="+res.session+";path=/;";
            var authOptions = {
                success: true,
                data : {
                    session : res.session,
                }
            };
            this.get('session').authenticate("authenticator:company", authOptions);
        }
    }
});

And this must be the part that I'm meant to get rid of:

// project/app/adapters/application.js (excerpt)
export default DS.RESTAdapter.extend(DataAdapterMixin, {
    authorize(xhr) { // This is deprecated! I should remove it
        let sessionToken = this.get('session.data.authenticated.session');
        if (sessionToken && !isEmpty(sessionToken)) {
            xhr.setRequestHeader('Authorization', "Token " + sessionToken);
        }
    },
});

And here is my test:

import { test, module } from 'qunit';
import { visit, currentURL, find, click, fillIn } from '@ember/test-helpers';
import { setupApplicationTest } from 'ember-qunit';
import { authenticateSession} from 'ember-simple-auth/test-support';

module('moduleName', function(hooks) {
    setupApplicationTest(hooks);

    test('moduleName', async function(assert) {
        // await authenticateSession(this.application); // Never works
        // await authenticateSession(); // Never works
        await authenticateSession({
            authenticator: "authenticator:company"
        }); // Works slightly more?
        await visit('/my/other/page');
        await assert.equal(currentURL(), '/my/other/page');
    });
});

REMOVING the authorize method and attempting either of the commented out methods yields:

Error: Assertion Failed: The `authorize` method should be overridden in your application adapter. It should accept a single argument, the request object.

If I use the authenticator block as an arg, then regardless of the presence of the authorize method, I simply get:

    actual: >
        /login
    expected: >
        /my/other/page

Which, I assume, is because it did not login.

Leaving the authorize method there, and trying the commented methods yields:

Error: Browser timeout exceeded: 10s

Answer 1

Ember Simple Auth, has an excellent community and quickly created a guide on how to upgrade to v3.

The latest version fixes this problem completely - If anyone is having this problem, upgrading to 2.1.1 should allow you to use the new format in your application.js:

headers: computed('session.data.authenticated.session', function() {
    let headers = {};
    let sessionToken = this.get('session.data.authenticated.session');
    if (sessionToken && !isEmpty(sessionToken)) {
        headers['Authorization'] = "Token " + sessionToken;
    }
    return headers;
}),

This problem was only present in 2.1.0.

Answer 2

Per the docs you linked above: To replace authorizers in an application, simply get the session data from the session service and inject it where needed.

Since you need the session data in your Authorization header, a possible solution for your use case may look like this:

export default DS.RESTAdapter.extend(DataAdapterMixin, {
    headers: computed('session.data.authenticated.session', function() {
      const headers = {};
      let sessionToken = this.get('session.data.authenticated.session');
      if (sessionToken && !isEmpty(sessionToken)) {
        headers['Authorization'] = "Token " + sessionToken;
      }

      return headers;
    })
});

This should allow you to dynamically set the Authorization header, without doing so via the authorize method.