notifications are not shown when there are errors in the data of a new user about blazor-wasm-boilerplate HOT 8 CLOSED

Hmm... Interesting bug...

Apparently in SubmitAsync() after the call to SelfRegister is done, the page is already back to /login. Even though no call to Navigation.NavigateTo("...") has been executed.

I don't really understand what's going on...

from blazor-wasm-boilerplate.

Hello, I think I found a solution, comment the line where a redirection to the login page is made, about the JwtAuthenticationHeaderHandler class, I think that the access control to pages that do not have anonymous access is done from App.razor.
It is not that there is an error in not showing the validations, but that before we can see them the application had already made the redirection to the login page, I consider that this change does not affect the complete operation of the application.

If I want to enter the brand page, it does not give me access and returns me to the login page

what do you think?

from blazor-wasm-boilerplate.

Ok, I was already thinking it had probably something to do with that... but I commented out the other part (in App.razor) in stead... but that got me nowhere... didn't think about the JwtAuthenticationHeaderHandler...

I see I actually made that change where that navigateTo("/login") happens. GetAccessToken returns null means that the user isn't authenticated, so it should redirect to login in that case...

I think the issue here is rather that the authorization header doesn't need to be set for the "SelfRegister" call, just like it isn't set for the "tokens" calls... so I think the "fix" should be something like this in stead:

    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        // skip token and self-register endpoints
        if (request.RequestUri?.AbsolutePath.Contains("/tokens") is not true &&
            request.RequestUri?.AbsolutePath.Contains("/self-register") is not true)
        {
            if (await _tokenProviderAccessor.TokenProvider.GetAccessTokenAsync() is string token)
            {
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
            }
            else
            {
                _navigation.NavigateTo("/login");
            }
        }

        return await base.SendAsync(request, cancellationToken);
    }

Actually it shouldn't be set for any requests that doesn't need the user to be signed in... that also includes the confirm-email, confirm-phone-number and forgot-password calls...

from blazor-wasm-boilerplate.

Ok, if someone has in the future the need to add an anonymous access page, they would have to add it there, also thinking of someone new to the project, you consider that it is the best way to maintain a simple configuration and maintain the
application security?...

from blazor-wasm-boilerplate.

Yeah I know... it's not the best way to handle this... It could be generated somehow by examining the swagger.json... or maybe there are other ways...
It's just that this is now the most pragmatic way... anything else would need some research/design first...

from blazor-wasm-boilerplate.

perfect, i'll do that, thanks for the help

from blazor-wasm-boilerplate.

Would you mind creating a PR with that change, once you get it working properly?

from blazor-wasm-boilerplate.

sure!

from blazor-wasm-boilerplate.