-
Notifications
You must be signed in to change notification settings - Fork 603
Recipe: Defaulting to Authentication Required Routes
The mechanism described in this recipe is not endorsed by the Ember Simple Auth team and and we will likely not be available to help with problems you're running into applying it. ESA's mechanism for requiring authentication for multiple routes is to nest those routes under a parent route and require authentication for that.
This recipe will cause all routes in your Ember application to require authentication, including any routes that are auto-generated by Ember's ActiveGeneration.
To opt a route out of requiring authentication, you'll have to configure the route and its parent routes to mixin the UnauthenticatedRouteMixin (if the route should be available only to **un**authenticated users) or the OpenRouteMixin (if the route should be available to all users regardless of authentication).
// app/mixins/open-route-mixin.js
import Ember from 'ember';
// OpenRouteMixin is a tagging mixin that adds no behaviour itself.
// Apply it to routes that you want publicly viewable to all users,
// both authenticated and non-authenticated.
//
// SecureDefaultRouteFactory will alter its behaviour when
// it detects a route that is tagged with OpenRouteMixin.
export default Ember.Mixin.create({
});
// app/mixins/secure-default-route-factory.js
import Ember from 'ember';
import ApplicationRouteMixin from 'ember-simple-auth/mixins/application-route-mixin';
import AuthenticatedRouteMixin from 'ember-simple-auth/mixins/authenticated-route-mixin';
import UnauthenticatedRouteMixin from 'ember-simple-auth/mixins/unauthenticated-route-mixin';
import OpenRouteMixin from './open-route-mixin';
export default Ember.Mixin.create({
create() {
// Create the route using the normal technique:
var route = this._super(...arguments);
var authenticationRouteMixinApplied = ApplicationRouteMixin.detect(route) ||
AuthenticatedRouteMixin.detect(route) ||
UnauthenticatedRouteMixin.detect(route) ||
OpenRouteMixin.detect(route);
if (!authenticationRouteMixinApplied) {
// The route was not created with any of the authentication-related route
// mixins. Modify route so it requires authentication to be accessed:
AuthenticatedRouteMixin.apply(route);
}
return route;
}
});
// app/routes/application.js
import Ember from 'ember';
import SecureDefaultRouteFactory from '../mixins/secure-default-route-factory';
import ApplicationRouteMixin from 'ember-simple-auth/mixins/application-route-mixin';
Ember.Route.reopenClass(SecureDefaultRouteFactory);
export default Ember.Route.extend(ApplicationRouteMixin);
## Applying UnauthenticatedRouteMixin
// Contents of a relevant route.js file:
import Ember from 'ember';
import UnauthenticatedRouteMixin from 'ember-simple-auth/mixins/unauthenticated-route-mixin';
// Make route available *only* to non-logged-in users:
export default Ember.Route.extend(UnauthenticatedRouteMixin);
## Applying OpenRouteMixin
// Contents of a relevant route.js file:
import Ember from 'ember';
import OpenRouteMixin from '../../mixins/open-route-mixin';
// Make route available to both authenticated and non-authenticated users:
export default Ember.Route.extend(OpenRouteMixin);
## Discussion & Alternative Approaches
For alternative approaches and discussion on defaulting to authentication-required routes review [issue 578](https://github.com/simplabs/ember-simple-auth/issues/578).