FormStrategy not working.

[seyaobey-dev]

I have followed instructions as stated in official and setup my authentication using FormStrategy:

export const authenticator = new Authenticator(sessionStorage);
authenticator.use(
  new FormStrategy(async ({ form }) => {
    const email = form.get("email");
    const pssword = form.get("passowrd");
    const user = extertnalSystem.signIn({ email, pssword }); // <-- this rightfully returns undefined because credentials are wrong
    return user; // <-- undefinded
  }),
  "email-strategy"
)

Now this is my /signin route action:

export const action = ({ request }) => authenticator.authenticate("email-strategy", request, {
successRedirect: "/homepage"
});

User is wrongfully redirected to "/homepage" despite fact that login has failed in external with returned an undefined object.

    "@remix-run/node": "^1.11.1",
    "@remix-run/react": "^1.11.1",
    "remix-auth": "^3.4.0",
    "remix-auth-form": "^1.3.0",

[sergiodxa]

This is not a bug in FormStrategy, the way Authenticator know the user is authenticated is by checking of the session has the key used to store the user data (authenticator.sessionKey).

When you do session.get("key") and there's no value for that key the return value is null, so the library checks for a null to consider the user not authenticated.

So if you return undefined is not null, therefore considering the user authenticated.

If you know the sign in failed instead of returning throw an error from the strategy, the error will be caught by the strategy and either stored in authenticator.sessionErrorKey if you decided to redirect on a failure or throw again so you can catch it in your loader/action function.

Basically, the return is for the happy path when the user data was correctly retrieved, throw for any other case.