search

RIDICS / Authentication

BSD 3-Clause "New" or "Revised" License
1 stars 0 forks source link

Ridics.Authentication.DataEntities.Exceptions.NoResultException unhandled when attempting to log in as PortalAdmin(@example.com) #1

Open lenoch opened 4 years ago

lenoch commented 4 years ago

Can you reproduce the exception from $subj? Is there a way to fix it?

Steps to reproduce:

  1. Prepare the environment for development or even deploy it to a server, as described in the readme. (Including an initial DB migration, of course.)
  2. Log in successfully as "admin" or "admin@example.com" to the deployed instance. (In the development environment, only logging in with an e-mail address works. Logging with the "admin" username throws the same exception.
  3. Log out.
  4. Try to log in as PortalAdmin or with their e-mail address. This is the result:
Ridics.Authentication.DataEntities.Exceptions.NoResultException`1
  HResult=0x80131501
  Message=Could not find any matching result
  Source=Ridics.Authentication.DataEntities
  StackTrace:
   at Ridics.Authentication.DataEntities.UnitOfWork.UserUoW.GetUserByContact(String contactValue, ContactTypeEnum contactType, LevelOfAssuranceEnum minLevelOfAssurance) in C:\Pool\Authentication\Solution\Ridics.Authentication.DataEntities\UnitOfWork\UserUoW.cs:line 733
   at Castle.Proxies.Invocations.UserUoW_GetUserByContact.InvokeMethodOnTarget()
   at Castle.DynamicProxy.AbstractInvocation.Proceed()
   at DryIoc.Facilities.AutoTx.TransactionInterceptor.SynchronizedCase(IInvocation invocation, ITransaction transaction)
  1. The service now returns 403/404 errors when trying to access it. Thankfully, /Auth/Account/Logout can be used to log out (alternatively, remove cookies).

Admin and PortalAdmin look very similar in User > Details (Auth/User/{Id}/View), except for the role. The roles also look very similar; there is no obvious explanation why PortalAdmin appears as nonexistent to the service.

When trying to log in with usernames in the development environment, ContactTypeEnum contactType was actually Email. Does this mean something?

vladapokorny commented 4 years ago

The exception NoResultException is actually handled. Just let code to continue execution and login process will finish.

The main difference between Admin user and PortalAdmin user is that the Admin has all permissions including the permission for managing Authentication service. The PortalAdmin user has permissions required for complete portal (Vokabulář webový) management including users and permissions management, but doesn't have permission to manage Authentication service. That's the reason why you get 403 error.

lenoch commented 4 years ago

This is true, my bad. The process really finishes.

So PortalAdmin is not supposed to do any business in the Authentication service settings? In that case, is there a more user-friendly version of the "Error/403" page (which would say "you're not authorized"), or should we configure/implement it somehow?

vladapokorny commented 4 years ago

Authentication service itself contains Error pages. The only thing which I just found is the wrong redirect on error when Auth Service is deployed in some subpath, e.g. /Auth/. In this case, the error middleware incorrectly redirects to /Error/{code} instead of /Auth/Error/{code}.