Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix <Admin requireAuth> forbids access to custom routes with no layout #9786

Merged
merged 1 commit into from
Apr 22, 2024
Merged

Fix <Admin requireAuth> forbids access to custom routes with no layout #9786

merged 1 commit into from
Apr 22, 2024

Conversation

fzaninotto
Copy link
Member

@fzaninotto fzaninotto commented Apr 21, 2024
edited
Loading

Problem

<Admin requireAuth> is used to forbid anonymous anonymous users to see the UI while the auth status is being checked.

But anonymous users should be able to see the custom routes with no layout, e.g. to let them access a registration page, or a "forgot my password" page.

This currently doesn't work. CoreAdminRoutes does display custom routes with no layout when accessed by an anonymous user, but it redirects anonymous users to login immediately.

Root Cause

CoreAdminRoutes calls checkAuth with logoutOnFailure set to true, so anonymous users will be logged out even when accessing a custom route with no layout.

react-admin/packages/ra-core/src/core/CoreAdminRoutes.tsx

Lines 41 to 49 in 6b78433

useEffect(() => {
if (requireAuth) {
checkAuth()
.then(() => {
setCanRender(true);
})
.catch(() => {});
}
}, [checkAuth, requireAuth]);

Solution

  • Do not log users out on auth check failure when requireAuth is true
  • Log users out only when they try to access non-custom routes

@fzaninotto fzaninotto added the RFR Ready For Review label Apr 21, 2024
@erwanMarmelab erwanMarmelab merged commit a2746b4 into master Apr 22, 2024
12 checks passed
@erwanMarmelab erwanMarmelab deleted the fix-anonymous-access-custom-routes branch April 22, 2024 09:49
@fzaninotto fzaninotto added this to the 4.16.16 milestone Apr 23, 2024
This was referenced May 20, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adguernier adguernier adguernier approved these changes

@erwanMarmelab erwanMarmelab erwanMarmelab approved these changes

Assignees
No one assigned
Labels
RFR Ready For Review
Projects
None yet
Milestone
4.16.16
Development

Successfully merging this pull request may close these issues.
3 participants
@fzaninotto @adguernier @erwanMarmelab