[ Feat ] Add support for Remix Auth v4 #82
Conversation
this commit replaces remix session with cookies
|
Thanks @CyrusVorwald, looks good, and I appreciate the efforts. A question I have for you:
Same thing for some renames:
Asking all this as I haven't been able to check the latest Sergio updates related to In any case, I need to give it a test, but overall, it looks good, especially if you can confirm that the tests successfully pass. |
|
I used ai to help me understand the code and it removed the js doc. I can add them back in. All tests pass, but do note I removed a couple of them that were context related. |
|
It's okay, don't worry. I suspected that, as AI usually tends to remove the JSDocs. Sadly, those were a preference we had decided on some time ago for this repository/module. Don't worry; I will need to check the implementation and test it myself too, refactoring those back if required. |
|
IMO is good to keep the comments, trying the latest version of rr and remix-auth pkg noticed this pkg is outdated, but the comments helped me out to understand what I need to do. ALso, great to see this is gonna be working with the latest rr version soon. Great Job! |
|
Checked the implementation @CyrusVorwald, and the tests seem to pass, which is good. I will probably add the JSDoc comments back and do a small clean-up, and that may be it. Two questions for you, in case you are up to share some insights:
I think we may also need to update the docs a bit, but overall, I think the PR and the changes may be the correct ones. |
|
@dev-xo I tested the pkg in local, using rr7 and the magic links seems to be broken. the sendEmail fn works, but the url and the verification is not working, always receiving Note I'm using the same browser and implementing your basic example |
|
I haven't had the chance to implement it in my application yet, but it might be because the success and failure redirects are set in the strategy directly in the latest version of remix-auth. For this reason, I instantiated two separate strategies in the unit tests in cases there were multiple success or failure redirects. |
|
IMO, the success or error handling function should be something that user should write by his own, like in the github auth helper. Of course an example of basic handler for this auth would be great. |
|
Gonna start by saying that, I'm not a big fan of having the whole Strategy refactored with AI, either sure how much of the work has been handled by it, as there were no comments anywhere, so I guess it handled whole files. With that said, checked the code myself, cleaned it up, added the JSDocs, and overall, it looks good, also, tests pass, and those looked good too. About the possible implementation: As far as I understand, session will not be a thing anymore, and the user storage (previously Remix session) may be handled by the client (storing it in a cookie, based on the data the authentication returns). I haven't been able to test the current implementation on a real app, and I'm also unsure how that should be set up either, although I guess it will be more or less the same as what we had before. Will look a bit more into it, do some tests, and share some feedback. Please, if you have the time and want to do the same, sharing some insights and so on, I would appreciate it, as getting this out would not only be great for us but probably for some other folks. |
|
I marked this as draft because it has not been tested in a real app |
|
Suggest leaving the implementation as it is, @CyrusVorwald, as it looks already good, and I want to continue it myself based on your feedback and @diecodev one. So please, leave it as it is, do not add new commits, and allow me to continue from here, as you already did a good job! |
|
@dev-xo JIC, I was trying to implement something based on what you got here but only for rr7, may be that could help you in something. check it out here. Note I'm not trying to create a npm pkg or something, I just used the |
|
Looks good, @diecodev! Does it already work? I haven't had the chance to give it a try yet. Hopefully, you can help us get this out based on your implementation and the current one! Also, if you want to create a package from your implementation, feel free to do so! 👍🏻 |
|
@dev-xo The |
CyrusVorwald
force-pushed
the
feat/remix-auth-v4
branch
from
1d8fa62 to
ec3aede
Compare
|
Ah sorry, I only wanted to push that last commit to my account's version for my own purposes |
|
All good @CyrusVorwald. I will use my last commit on here to continue the implementation (I'm a bit busy right now). If you get a working one, based on your own criteria or @diecodev implementation, feel free to let me know. I will also share some feedback on here the moment I am able to look a bit more into it. |
|
The last commit I force pushed works. I just added a function to update passed in cookies so that I could update the session cookie. I think it could be improved by removing the success and failure redirects but this works fine for me. |
|
Hey @dev-xo , I re-opened this pull request because I think this may now be in a good place to merge. I made a few changes after working with this for the past couple weeks.
I have created a minimal example at https://github.com/CyrusVorwald/react-router-playground. It still needs a bit of cleanup to be immediately useful to someone else, but the general functionality is that the user enters email on login page, then the system generates the TOTP code and sends a magic link to their email, then the user verifies via code entry or magic link. Upon verification, the user is redirected to dashboard where they can logout. The user can resend an email as well. |
|
Thanks for the efforts, @CyrusVorwald! I will review and give it a test. I'm a bit busy currently, but I will try to look into this as soon as possible. Once again, thanks for the effort put into this! |
|
Hi @dev-xo , one more update - I added the expiry to the url params and encrypted the url params so that applications can display when the magic link expired to the UI even if it's being accessed by a different browser. I also updated https://github.com/CyrusVorwald/react-router-playground if you or @diecodev want to check out a working example. |
|
Thanks @CyrusVorwald! I will look into the implementation this weekend, add some comments here and there (if required), and give your example a test! Feel free to add some other small goodies if you have any idea in mind in the meanwhile, otherwise, simply leave it as it is if it already works! Will try to look into it in the next few days, and if all looks good, we can simply merge. Thanks! |
|
Been a bit busy @CyrusVorwald, and hope that didn’t slow you down in using the package somehow, or your own version of it. Will take some time in the following days to look into it, although as far as I can see, it will be more of a review than anything else, which is kinda amazing. Once again, hope not to slow you down with the wait, will try my best to look into it and hopefully merge the |
|
No worries @dev-xo, I am early in developing my product and have been using my local version. It seems to work well in chrome and firefox, but safari doesn't store the cookies. I've only tried localhost so far. |
|
Hmm, that's interesting, as we may also need to tackle Safari somehow. I'll look into it. Let me know if you find something useful that could help us tackle and support Safari as well. Thanks, @CyrusVorwald! |
|
@CyrusVorwald In case it helps your Safari issue: it sounds like you could have the https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#block_access_to_your_cookies |
|
All right, starting to look into the whole PR @CyrusVorwald. Will share some feedback here or simply merge after some clean-up. Also, had a look at your Playground Repository, and if you are up for it, we can add it as part of the "examples" Another thing would be to check if everything works as expected on Safari. Not sure if you have been able to look into it a bit, into what @mackermans suggested, although I will personally look into it myself too and share some feedback. |
|
Lovely playground and Strategy implementation @CyrusVorwald, thank you so much! I've noticed that in Before, the magic link was simply returning the decrypted code, and by simply calling the authenticator (along with the
We also seem to check for the URL token expiration and perform some validation in the loader, something that we could simply leverage the Strategy to handle (as it already does, if I'm not wrong).
As an alternative, in order to allow the developer handle decryption, it would be great to export a decrypt method directly from The intent of that is to avoid adding extra dependencies for the end user, rather than only Again, the Strategy implementation looks really good, and the playground repository you showcased was a breeze to follow, so thank you so much! |
|
An issue we seem to have is with Safari; it does not bypass the The Any idea or feedback you guys can share, @CyrusVorwald, @mackermans? To test this, the Playground Repository from @CyrusVorwald can be a good starting point. I also created the following minimal RR7 repository and invited you both in case you want to give it a test and share some feedback: |
|
Seems like removing the
As a implementation, we could pass a custom cookie, and depending on whether we are in production or not, handle For now, we are able to also handle Safari, and this should be more than ready to be released. |
|
This should be ready for release. It just needs the docs updated a bit, but overall, it should be more than ready. RR7 public example here: https://github.com/dev-xo/remix-auth-totp-v4 |
dev-xo
changed the title
|
@dev-xo Apologies, I couldn't find the time these past few days to look at the test repo you had set up, but really appreciate your work here! 🙌 |
|
It's already merged, @mackermans, so if you have the time to give it a test on your own apps or anything else, let me know! |
this commit replaces remix session with cookies