Closed kmARC closed 5 years ago
// Add the user to the current session.
console.dir(ctx.request.session.authentication);
logIn(ctx, user);
console.dir(ctx.request.session.authentication);
outputs:
[1] undefined
[1] { userId: 1 }
However, if I try to query the auth field in ctx with disabled redirection:
@Get('/')
// @LoginRequired({ redirect: '/signin', user: fetchUser(User) })
index(ctx) {
console.dir(ctx.request.session.authentication);
return render('./controllers/templates/index.html', {}, __dirname);
}
it outputs:
[1] undefined
Looks like after this redirection, the context object doesn't have that authentication object.
Looking at the db this is what I see:
sqlite> select * from sessions;
SZ205NpeGjThJ5kZ8-rG2GFvuwlSwVAG|1550431828716.0|{"cookie":{},"authentication":{"userId":1}}
I'm not sure that cookie
field should be empty.
Hi @kmARC ,
Thank you for reporting this! And for the investigation!
It looks like the session cookie is not set. It may be due to the HTTP redirection because returning a 209 works (cf e2e test https://github.com/FoalTS/foal/blob/master/packages/typeorm/e2e/auth.spec.ts).
I'm taking a look!
I found where the issue comes from and why it didn't appear in the previous version of tutorial.
When the user logs in at /auth/login
, the application sets a cookie on the client so that further requests are authenticated. As no Path is given, the browser automatically sets its path to /auth
which causes the problem. The cookie is only sent on requests to /auth/*
. So requesting /
redirects to /login
as no user appears to be authenticated.
To fix this, you can set the cookie Path in the config/
:
Version 0.7.x:
// settings.json
{
"sessionCookiePath": "/"
}
Version 0.8.x:
// default.json
{
"session": {
"cookie": {
"path": "/"
}
}
}
Once done, you will have to delete the cookie at the path /auth
, otherwise it will be used over the cookie at /
. Here's a way to do that in chrome:
I'll open a PR today to a configure the path by default to /
so that this issue does not appear in the future.
Let me know if you have any trouble. And thanks for the report!
Yes, this seems to be working. Thanks!
After this step: https://foalts.gitbook.io/docs/tutorials/multi-user-to-do-list/5-auth-controllers-and-hooks the expected behaviour would be to be able to list todos afer authentication, however, the redirection will throw back to
/signin
again (without any error messages).Started with an empty installation (
@foal/cli@~0.7
) and the same issue arises.