Unauthenticated custom routes not working when using a function for the App's children

[razdvapoka]

What you were expecting:
Custom route renders without authentication.

What happened instead:
It gets redirected to /login page.

Steps to reproduce:

1. Make the App's children a function that accepts permissions
2. Go to any custom route unauthenticated
3. You'll be redirected to the login page

Other information:
I think it happens because the CoreAdminRouter tries to initialize resources even when you are not authenticated. The attempt to get permissions is rejected and the app logs out which redirects you to the login page.

Related closed issue

Environment

• React-admin version: 3.6.2
• React version: 16.13.1
• Browser: Firefox 77.0.1

[Luwangel]

Hi,

Thank you for opening this issue 🙏

Unfortunately, I cannot reproduce your bug. Maybe it's because it has been fixed in newer versions but I'm not sure.

Please follow the instructions explained in the bug report template so that I can reproduce your issue:

1. Please fork the following template on CodeSandbox : React Admin Template
2. Reproduce your bug. Remember to give us the clearest and simplest example possible.
3. Reply to this issue with the link of your CodeSandbox, and extra information if it's necessary.

Regards,
Adrien

[vudaysai]

Hi,

I have reproduced the issue here Sandbox with the mistake i made.

Issue is in getPermissions() of authProvider if it returns Promise.reject() it will redirect to login page.

@razdvapoka you might also be doing same thing too, so this might helps

[jdemangeon]

Hello @razdvapoka ! Do you have fixed your issue? If so, please inform us so that we can close the issue.

[alextaymx]

I am having the same issue

[fzaninotto]

No news for some time, closing.

[TCM5]

We also noticed this behaviour.

Because custom routes are based on the current resolved permissions if the getPermissions method from AuthProvider returns Promise.reject() public routes will fail to show because a redirect to login page is allways triggered.

It makes sense this behaviour because getPermissions should allways resolve, even if not permissions are assigned, but for public resources (no authentication needed) it makes no sense. When a user enters a public resource (without authenticiation), the implementation of getPermissions should reject (some could resolve with empty permissions, but that's a bypass).

In order to solve this, instead of change the core behaviour that expects the permissions resolved, a new wrapper like a PublicRoute or StandaloneRoute should make the trick in order that all routings that are defined using this wrapper should be ignored by getPermissions.