Thread

ananth subbu

Jan 3, 2018

how to do authentication with react-router-dom /react-router ?

hi guys,

i am using react-router-dom for navigation. once the login success am redirecting my page to dashboard page .this works fine.

if i change the url in address bar without login it redirects to dashboard.this is a security issue .i have fixed this by storing a flag in localstorage and check when ever the url is changed and this fix the issue .but i feel this as older method.

any other way to fix this?

#reactjs #react-router #security #login

Responses(2)

Aakash Mallik

S/W Engineer @ Samsung R&D Delhi

Jan 3, 2018

As far as my implementation goes, we too stored a token in the local storage and check against this value to find out if the user was logged in or not, on top of that, we modified the Route component and created a ProtectedRoute that would implement this logic of checking whether a given route is a valid one as per the token value, if it were not, we would render the Redirect component as mentioned in the react-router-dom docs. I don't think there is anything smart to be done here... Ask me more if I haven't made myself clear.

ananth subbu

Jan 3, 2018

thanks for the answer Aakash Mallik. can u share ur logic of ProtectedRoute component.

I don't exactly remember what this code did, but it was part of my internship work. I guess you are smart enough to figure it out

import React, { Component } from 'react';
import PropTypes from 'prop-types';
import { Route, Redirect, withRouter } from 'react-router-dom';
import AppShell from '../../components/Appshell';
import Loader from '../../components/Loader';

const LoaderScene = ({ location }) => (
  <AppShell location={location}>
    <Loader />
  </AppShell>
);

LoaderScene.propTypes = {
  location: PropTypes.shape({
    pathname: PropTypes.string.isRequired,
  }).isRequired,
};

class ProtectedRoute extends Component {
  componentDidMount() {
    const { token, dispatchVerifyToken } = this.props;
    dispatchVerifyToken(token);
  }

  render() {
    const {
      component: RenderComponent,
      render,
      token,
      loading,
      location,
      ...rest
    } = this.props;

    if (!process.env.BROWSER) {
      return <LoaderScene location={location} />;
    }

    if (loading) {
      return <LoaderScene location={location} />;
    }

    if (typeof token === 'undefined') {
      return (
        <Redirect
          to={{
            pathname: '/login',
            state: { from: location },
          }}
        />
      );
    }

    if (RenderComponent) {
      return <Route {...rest} component={RenderComponent} />;
    }
    return <Route {...rest} render={render} />;
  }
}

ProtectedRoute.propTypes = {
  component: PropTypes.func,
  render: PropTypes.func,
  token: PropTypes.string,
  location: PropTypes.shape({
    pathname: PropTypes.string.isRequired,
  }).isRequired,
  dispatchVerifyToken: PropTypes.func.isRequired,
  loading: PropTypes.bool.isRequired,
};

ProtectedRoute.defaultProps = {
  component: undefined,
  render: undefined,
  token: undefined,
};

export default withRouter(ProtectedRoute);

Ronald Roe

Developer

Jan 5, 2018

I've done similar to Aakash, except I use sessionStorage to keep the token. Then, I have a componentWillMount() on security critical views that sends the token to the server for verification, and redirects if it's expired.

Search Hashnode

how to do authentication with react-router-dom /react-router ?

Responses(2)

Recent threads