为什么我在访问安全页面时没有被重定向到 /login?
[英]Why do I not get redirected to /login when accessing a secure page?
问题描述
我正在重新创建这个问题,因为我不确定这是否是一个错误,并且之前为此创建的问题刚刚消失了 =/
描述
在从react-admin v2 升级到 v3.3.0 期间,我遇到了在重写authProvider后重定向到/login的authProvider
我的authProvider.js包含以下方法:
export default function createAuthProvider(urls, client, options) {
return {
login: (params) => {
return fetchLoginBatch(params, urls, client, options);
},
logout: (params) => params.jwt ? fetchLogout(makeRequestLogout(urls.logout, params.jwt), options) : Promise.resolve(),
checkError: (error) => {
const { status } = error;
if (status === 401 || status === 403) {
return Promise.reject();
}
return Promise.resolve();
},
checkAuth: (params) => params.jwt ? Promise.resolve() : Promise.reject(),
getPermissions: (params) => params.jwt ? Promise.resolve(params.jwt.authorities) : Promise.resolve(),
refreshJwt: (params) => params.jwt ? fetchRefreshJwt(makeRefreshJwtRequest(client.accessTokenUri, {
grant_type: 'refresh_token',
refresh_token: params.jwt.refresh_token,
}, client), options) : Promise.resolve()
};
}
预期的
我希望被重定向到/login 。
结果
相反,我留在页面上, checkAuth被很好地调用并且jwt为null ,
可能的修复
提供使用拒绝承诺的参数来更改重定向:
checkAuth: () => localStorage.getItem('token')
? Promise.resolve()
: Promise.reject({ redirectTo: '/no-access' }),
但是,即使代码运行,添加Promise.reject({ redirectTo: '/login' })也无济于事。
我试图在ra-core/lib/sideEffect/auth.js添加一些日志记录:
console.log('auth');
exports.handleCheck = function (authProvider) {
console.log('handleCheck', authProvider);
return function (action) {
console.log('action', action);
var payload, meta, error_1, redirectTo, errorMessage;
console.log('redirectTo', redirectTo, 'meta', meta);
handleCheck被调用但从不action ,似乎以某种方式忽略了传奇。
题
客户端应该如何处理
permissions和checkAuth拒绝参数?接下来我应该检查什么以了解重定向失败的原因?
ra-core代码是如何遵循的?
2 个解决方案
解决方案1
1 已采纳 2020-03-18 10:11:00
你能仔细检查一下这条线吗?
// authProvider.js
// checking if request has a JWT (this might be a typo!)
- checkAuth: (params) => params.jwt ? Promise.resolve() : Promise.resolve(),
// If not, we should reject thus triggering a redirect.
+ checkAuth: (params) => params.jwt ? Promise.resolve() : Promise.reject(),
让我知道它是如何工作的。
解决方案2
1 2020-03-18 11:00:29
这是 authProvider 的示例,它适用于 React-Admin 2 和 React-Admin 3.3.1
使用:
<Admin authProvider={authProvider(loginUrl, logoutUrl)} ...>
import storage from './storage'
import {
AUTH_LOGIN,
AUTH_LOGOUT,
AUTH_ERROR,
AUTH_CHECK,
AUTH_GET_PERMISSIONS
} from 'react-admin'
import {
LB_TOKEN,
getTokenId
} from './token'
export const authProvider = (loginApiUrl, logoutApiUrl, noAccessPage = '/login') => {
return (type, params) => {
if (type === AUTH_LOGIN) {
const request = new Request(loginApiUrl, {
method: 'POST',
body: JSON.stringify(params),
headers: new Headers({ 'Content-Type': 'application/json' }),
})
return fetch(request)
.then(response => {
if (response.status < 200 || response.status >= 300) {
throw new Error(response.statusText)
}
return response.json()
})
.then(({ ttl, ...data }) => {
storage.save(LB_TOKEN, data, ttl)
return Promise.resolve(data)
})
}
if (type === AUTH_LOGOUT) {
const token = getTokenId()
if (token) {
storage.remove(LB_TOKEN)
if (logoutApiUrl) {
const request = new Request(`${logoutApiUrl}?access_token=${token}`, {
method: 'POST',
headers: new Headers({'Content-Type': 'application/json'}),
})
return fetch(request)
.then(response => {
if (response.status !== 204) {
console.error('authProvider - Logout, status:', response)
}
return Promise.resolve()
})
}
}
return Promise.resolve()
}
if (type === AUTH_ERROR) {
const { status } = params
if (status === 401 || status === 403) {
storage.remove(LB_TOKEN)
return Promise.reject()
}
return Promise.resolve()
}
if (type === AUTH_CHECK) {
const token = storage.load(LB_TOKEN)
if (token && token.id) {
return Promise.resolve()
} else {
storage.remove(LB_TOKEN)
return Promise.reject({ redirectTo: noAccessPage })
}
}
if (type === AUTH_GET_PERMISSIONS) {
const token = storage.load(LB_TOKEN)
if (token && token.user && token.user.roleId) {
return Promise.resolve(token.user.roleId)
} else {
console.warn('Unknown user rights:', token)
storage.remove(LB_TOKEN)
return Promise.reject({ redirectTo: noAccessPage })
}
}
return Promise.reject(`authProvider - Unknown method, type: ${type}, params: ${params}`)
}
}
如何在Adobe Business Catalyst中从同一登录页面创建单独的安全区域?
[英]How do I make separate secure zones from the same login page in Adobe Business Catalyst?
为什么在访问父iframe时在Microsoft Edge中获得“权限被拒绝”
[英]Why do I get “permission denied” in Microsoft Edge when accessing parent iframe
直接从成员函数访问成员变量时,为什么会出现ReferenceError?
[英]Why do I get a ReferenceError when accessing member variables from a member function directly?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.