Skip to content
This repository has been archived by the owner on Oct 24, 2024. It is now read-only.

SecureRoute does not give protection when used with render #808

Open
gabrielmicko opened this issue Jun 14, 2020 · 9 comments
Open

SecureRoute does not give protection when used with render #808

gabrielmicko opened this issue Jun 14, 2020 · 9 comments

Comments

@gabrielmicko
Copy link

gabrielmicko commented Jun 14, 2020
edited
Loading

Hey all,

I am building some components on top of your okta-react. I have found one issue.

When I use the component like this:

<SecureRoute
      render={() => (
        <ApolloProvider>
          <ScreenHome />
        </ApolloProvider>
      )}
    />

It does not run RequireAuth at all. Therefore it will render without any auth checks.

okta-oidc-js/packages/okta-react/src/SecureRoute.js

Line 44 in 28ed8e3

render={ (routeProps) => props.render ? props.render({...routeProps, component: WrappedComponent}) : <WrappedComponent {...routeProps}/> }

I created my SecureComponent where I fixed it like this:

const SecureRoute = ({ component, ...props }: Props) => {
  let PassedComponent = function() {
    return null;
  };

  if (component != null) {
    PassedComponent = component;
  }

  const WrappedComponent = () => (
    <RequireAuth>
      <PassedComponent />
    </RequireAuth>
  );

  return (
    <Route
      {...props}
      render={() =>
        props.render ? (
          <RequireAuth>{props.render({ ...props })}</RequireAuth>
        ) : (
          <WrappedComponent />
        )
      }
    />
  );
};

Version: "@okta/okta-react": "^3.0.1",
Am I missing something?
@gabrielmicko
Copy link
Author

Example code:

<SecureRoute
      path="/protected"
      render={() => (
        <div>This is a protected route, and I am not logged in.</div>
      )}
    />

Screen Shot 2020-06-14 at 12 55 57

@gabrielmicko
Copy link
Author

Example working code:

const SecComp = () => (
 <div>This is a protected route, and I am not logged in.</div>
);
<SecureRoute path="/protected" component={SecComp} />

That redirects me to Okta login.

@tcjcodes
Copy link

tcjcodes commented Jun 15, 2020
edited
Loading

Having the same problem - this may be a duplicate of #724 that should be fixed in 3.0.2 https://github.com/okta/okta-oidc-js/releases

@entimaniac
Copy link

I'm facing this same issue, 3.0.2. Component specified in render of SecureRoute still appear. I can navigate to pages that use component prop instead and I am prompted to login.

@localrobot
Copy link

The same is true if using children instead of render / component.

@swiftone
Copy link
Contributor

Internal ref: OKTA-306439

@zg-trinac
Copy link

zg-trinac commented Jun 29, 2020
edited
Loading

render is still not redirecting to a login in v3.0.2, but component is for me as well

@andrewatduckpin
Copy link

Still unable to use render in 3.0.2 and 3.0.3

@swiftone
Copy link
Contributor

swiftone commented Aug 4, 2020
edited
Loading

Hey folks - this is on my immediate backlog, so while I can't say exactly what day this will be addressed, it should be Real Soon Now ™️

@swiftone swiftone mentioned this issue Aug 20, 2020
Merged
14 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@swiftone @localrobot @gabrielmicko @entimaniac @andrewatduckpin @tcjcodes @zg-trinac