search

BeagleLab / beagle

Navigating the sea of publications
13 stars 0 forks source link

Unable to getSession from logged in user using pouchdb-authenticator #210

Open RichardLitt opened 9 years ago

RichardLitt commented 9 years ago

On checking that the user exists with a link object in the database, I try to log them in using PouchDB-Authentication in schema.login(). 

request({
                uri: BeagleProxyAPI + '/login',
                method: 'POST',
                form: {
                  userId: oauthInfo.email,
                  oauthInfo: oauthInfo
                }
              }, function (err, res, body) {
                if (err) {
                  console.log('Error logging in', err)
                } else if (res.statusCode !== 200) {
                  console.log('Invalid status code from server', res)
                } else {
                  console.log('Result of logging in', body)

                  db.getSession(function (err, response) {
                    if (err) {
                      console.log('Err', err)
                    } else if (!response.userCtx.name) {
                      console.log('Nobody is logged in, still,', err, response)
                    } else {
                      console.log('User', response.userCtx)
                    }
                  })

                  // Add the Oauth token to the link object
                  // db.get(oauth.email).
                }

The body of the first request returns this: Result of logging in {"ok":true,"name":"richard.littauer@gmail.com","roles":[]}. However, the db.getSession() object doesn't have a userCtx.name: 

{
info: {
  authenticated: "default", 
  authentication_db: "_users",
  authentication_handlers: [ "oauth"1, "cookie", "default"]
  ok: true,
},
userCtx: {
  name: null,
  roles: ["_admin"]
}
}

I am not sure what to make of this. Looking at the DB itself, I don't see a _sessions database at all, although going to the sessionDBUrl http://54.164.111.240:5984/_session returns the object above just fine. It's like the initial login call isn't correctly adding the name of the logged in user to the sessions DB, but I don't see how this could be the case.

I'm tempted to just store the result of the user object in local storage and build my own shim to get that in and out of the extension local storage, and I think that is probably the best immediate solution. The issue is - at that point - we've basically removed the need for PouchDB-Authentication anyway. Another solution would be to use OAuth.io on our server side to log in and store the session.

jbenet commented 9 years ago

although going to the sessionDBUrl http://54.164.111.240:5984/_session returns the object above just fine.

then, maybe it's a cookie?

im not sure if request will send the cookie on its own.

From https://www.npmjs.com/package/request

Cookies are disabled by default (else, they would be used in subsequent requests). To enable cookies, set jar to true (either in defaults or options) and install tough-cookie.

var request = request.defaults({jar: true})
request('http://www.google.com', function () {
  request('http://images.google.com')
})
RichardLitt commented 9 years ago

It's possible. I think an easier solution, for now, is to log the userId in localStorage. The user can sign in again if they need to later - the login object is cached with OAuth.io, so they don't need to click through twice. Not sure how this will work offline, but it works online, so I think we'll go with this for now.