Session service not instantiated in Fastboot

[sevab]

I have just upgraded to master and started integrating ember-simple-auth with fastboot, switching to Cookie session store from Adaptive as instructed.

However the session's state doesn't seem to be instantiated on the server. While ember_simple_auth-session cookie is present with all the necessary data, the session.isAuthenticated still returns false and session.data is empty in fastboot mode:

// /app/routes/application.js
import Ember from 'ember';
import ApplicationRouteMixin from 'ember-simple-auth/mixins/application-route-mixin';

export default Ember.Route.extend(ApplicationRouteMixin, {
  currentUser: Ember.inject.service(),
  fastboot: Ember.inject.service(),

  beforeModel() {
    // Cookie is present:
    Ember.Logger.log('cookies', this.get('fastboot.request.cookies'));
    // => { 'ember_simple_auth-session': '{"authenticated":{"authenticator":"authenticator:devise","token":"XhIJ...","email":"[email protected]"}}' }

    // But session is not restored from cookie:
    Ember.Logger.log('session.data', this.get('session.data'));
    // => { authenticated: {} } {}
    Ember.Logger.log('session.isAuthenticated', this.get('session.isAuthenticated'));
    // => false

    return this._loadCurrentUser();
  },
  _loadCurrentUser() { return this.get('currentUser').load(); },
  sessionAuthenticated() {
    this._loadCurrentUser().then(() => {
      if (this.get('session.data.redirectUrl')) {
        var redirectUrl = this.get('session.data.redirectUrl');
        this.get('session').set('data.redirectUrl', null);
        window.location.replace(redirectUrl);
      }
    }).catch(() => this.get('session').invalidate() );
  },
});

On the frontend the same code works as expected returning true for session.isAuthenticated and restoring session.data from cookie.

Not sure if I'm doing something wrong, or if this is a bug.

[sevab]

The issue seems to be gone now, possibly after reinstalling all npm packages.

Can be closed.

[willviles]

I'm having this same problem with ESA 1.2.0.

The cookie is being read correctly from the headers, but in my application.js beforeModel, this.get('session.data') => { authenticated: {} }.

I've tried removing node_modules, dist & tmp and rebuilt and it's not made a difference. @sevab, can you think of any other possible way you may have resolved this issue?

[sevab]

@willviles Did you do npm cache clean?

I'd try clearing cookies too.

[willviles]

Yeah, I've cleared the cookies and ensured I nuked all dependencies, doing an npm cache clean in the process, but unfortunately the issue remains.

However, I think I've honed in on the problem. After hours of logging to the Fastboot console, I noticed ESA was breaking (with no error) at internal-session.js#L73, when attempting to lookup my authenticator.

I'm using the oAuth2 Password Grant Authenticator, however getOwner(this).lookup('authenticator:oauth2') does not appear to be working in Fastboot, but does in the browser. Other lookups, such as getOwner(this).lookup('service:session') are working fine in Fastboot.

I'm wondering whether the lookup of the authenticator is failing because when setting clientId in the authorizer at oauth2-password-grant.js#L120-L127, ESA uses window.btoa to base64 the authorization header. The window is obviously not available in Fastboot.

Can anyone else confirm this cookie restoration problem when using the oAuth2 authenticator? @marcoow is there any reason ESA could be blowing up at internal-session.js#L73?

For reference, I'm using the following versions:

"ember-cli": "2.10.0",
"ember-cli-fastboot": "1.0.0-beta.15",
"ember-cookies": "0.0.12",
"ember-simple-auth": "1.2.0"

[willviles]

I've figured it. The OAuth2 Password Grant Authenticator imports ember-network/fetch. This uses node-fetch which needs to be whitelisted in the fastbootDependencies array in package.json, otherwise it gets rejected.

"fastbootDependencies": [
  "node-fetch"
]

I only discovered this by using Node debugger and following the stack trace through. No exception was thrown in the console.

[marcoow]

@willviles: can you create an issue for that? We should automatically add node-fetch to the list of whitelisted dependencies or at least have something in the docs about that if that's not possible.

[willviles]

@marcoow, pull request above covers the issue! See the Requiring Node Modules section of the Fastboot addon author guide.

[willviles]

This exact same problem with restoring the session from the cookie store via Fastboot has reared its ugly head again.

ESA 1.3.0 works fine, but trying to update to 1.4.0 causes the authenticator lookup to fail, even when node-fetch is added to the fastbootDependencies array.

I've pinpointed the exact failing commit to 275b805, which updates Ember Fetch to ^2.1.0.

Will update if I find a fix...

[marcoow]

argh, I'm not a fan of these depend-on-the-latest-thats-available @greenkeeperio changes anyway… Let us know what you find.

[willviles]

Simply downgrading Ember Fetch to 1.4.2 solves the problem.

I can't seem to get node-inspector to work with Fastboot >1.0.0, otherwise I'd be able to use the debugger to dig a little deeper into exactly what's failing with Ember Fetch.

Here's a related issue perhaps: ember-cli/ember-fetch#55.

[marcoow]

@willviles: which ember-cli-fastboot version are you using?

[willviles]

@marcoow Latest release 1.0.2

[marcoow]

Do you see any errors? When running ember s there should be something on the console when there's an exception in FastBoot.

[willviles]

From running it successfully in node inspector beforehand, I remember getOwner(this).lookup(authenticator) was failing silently.

From logging around it, internal-session.js#73 is where it just fails without any exception and ends the restore function early.

[marcoow]

Hm that seems unrelated to FastBoot though…

[willviles]

You would think... but I've just changed "node-fetch" to just "fetch" in fastbootDependencies and the issue has gone.

Must be because they've changed the way (see here) Fastboot apps require and expose node-fetch.

Two options I suppose:

1. Update the ESA docs.
2. Just downgrade to ember-fetch 1.4.2.

[marcoow]

Hm, that would mean that https://github.com/ember-cli/ember-fetch/blob/master/package.json#L51 is wrong as well. Looks like you should open an issue on ember-cli/ember-fetch.

[willviles]

@marcoow I've been able to debug this in Fastboot using Node 8.4.0 and the Chrome debugger.

Wrapping internal-session.js -> _lookupAuthenticator in a try/catch block throws the following error:

Error: Failed to create an instance of 'authenticator:oauth2'. Most likely an improperly defined class or an invalid module export.

Going function-by-function in the debugger finally yields:

Error: Could not find module 'fetch' imported from 'ember-simple-auth/authenticators/oauth2-password-grant'.

I've tried adding node-fetch, fetch and a combination of the two to fastbootDependencies whitelist, but it still fails to find the module.

The only way I can get this working is by installing the Ember Fetch addon directly in my app. And then I can remove node-fetch from fastbootDependencies and it works fine.

Any idea why the fetch module is not being found in a Fastboot env?

[marcoow]

@willviles: if it works when you add ember-fetch to your app directly but not if it's only installed as a sub-dependency through ember-simple-auth that still looks like a bug in ember-fetch to me (it not working correctly in FastBoot when installed as a sub dependency).

[Uysim]

Even I add node-fetch to fastbootDependencies I still meet the same problem