search

The-Commit-Company / frappe-js-sdk

TypeScript/JavaScript library for Frappe REST API
MIT License
120 stars 43 forks source link

Getting Error whilte logging in, unable to Authenticate #55

Closed chechani closed 6 months ago

chechani commented 8 months ago

I have installed frappe js sdk via NPM.

I have setup my url and setup loginWithUsernamePassword.

Then I create a new record using db.createDoc.

It seems that I am unable to authenticate using username & password and its assumes me as a Guest.

I am getting below error

"{ exception: 'frappe.exceptions.PermissionError', exc_type: 'PermissionError', exc: '["Traceback (most recent call last):\n File \"apps/frappe/frappe/app.py\", line 110, in application\n response = frappe.api.handle(request)\n File \"apps/frappe/frappe/api/init.py\", line 49, in handle\n data = endpoint(arguments)\n File \"apps/frappe/frappe/api/v1.py\", line 42, in create_doc\n return frappe.new_doc(doctype, data).insert()\n File \"apps/frappe/frappe/model/document.py\", line 282, in insert\n self.checkert\n self.check_permission(\"create\")\n File \"apps/frappe/frappe/model/document.py\", line 218, in check_permission\n self.raise_no_permission_to(permtype)\n File \"apps/frappe/frappe/model/document.py\", line 239, in raise_no_permission_to\n raise frappe.PermissionError\nfrappe.exceptions.PermissionError\n"]', _server_messages: '["{\"message\": \"User Guest does not have doctype access via role permission for document Lead
User Guest does not have access to this document\", \"title\": \"Message\"}"]', _error_message: 'Insufficient Permission for Lead (create)', httpStatus: 403, httpStatusText: 'FORBIDDEN', message: 'There was an error while creating the document.' }"

nikkothari22 commented 8 months ago

@chechani Can you check if the cookies are set after logging in?

nikkothari22 commented 8 months ago

@chechani Can you also share the version of Frappe that you're using?

chechani commented 8 months ago

The installed frappe version is 15.17.3

chechani commented 8 months ago

The error in the console is that it's not using the logged-in credentials but taking the guest as a user

{ exception: 'frappe.exceptions.PermissionError:

You are not permitted to access this resource.Function frappe.auth.get_logged_user is not whitelisted.
', exc_type: 'PermissionError', exc: '["Traceback (most recent call last):\n File \"apps/frappe/frappe/app.py\", line 110, in application\n response = frappe.api.handle(request)\n File \"apps/frappe/frappe/api/init.py\", line 49, in handle\n data = endpoint(**arguments)\n File \"apps/frappe/frappe/api/v1.py\", line 36, in handle_rpc_call\n return frappe.handler.handle()\n File \"apps/frappe/frappe/handler.py\", line 49, in handle\n data = execute_cmd(cmd)\n File \"apps/frappe/frappe/handler.py\", line 82, in execute_cmd\n is_whitelisted(method)\n File \"apps/frappe/frappe/init.py\", line 855, in is_whitelisted\n throw(msg, PermissionError, title=\"Method Not Allowed\")\n File \"apps/frappe/frappe/init.py\", line 600, in throw\n msgprint(\n File \"apps/frappe/frappe/init.py\", line 565, in msgprint\n _raise_exception()\n File \"apps/frappe/frappe/init.py\", line 516, in _raise_exception\n raise exc\nfrappe.exceptions.PermissionError:
You are not permitted to access this resource.Function frappe.auth.get_logged_user is not whitelisted.
\n"]',
_server_messages: '["{\"message\": \"
You are not permitted to access this resource.Function frappe.auth.get_logged_user is not whitelisted.
\", \"title\": \"Method Not Allowed\", \"indicator\": \"red\", \"raise_exception\": 1, \"__frappe_exc_id\": \"a8e55d1d22d5363a04e2bf5e4a6e52ba97aff6abe3a8bdb9eaaaec59\"}"]', httpStatus: 403, httpStatusText: 'FORBIDDEN', message: 'There was an error while fetching the logged in user' }

nikkothari22 commented 8 months ago

The issue most probably is that the cookies are not being sent with the request. (SameSite)

This might be because of cross domain requests. What's the URL of your Frappe backend and the URL of the site you're running this on?

chechani commented 8 months ago

I have installed frappe js-sdk on a different Nodebase site domain, say https://wa.smartyerp.in, and my frappe is installed at https://clients.smartysoft.in clientsv15.20(upgradedtoo). I have added https://wa.smartyerp.in in allow_cors so cross domain should be not a problem . I have noticed an error reporting that Function frappe.auth.get_logged_user is not whitelisted.\n"]', though we can see that it's a whitelisted function in auth.py file of frappe app . | @frappe.whitelist() def get_logged_user(): return frappe.session.user

I am not clear why the error message is requiring that get_logged_user is not a white-listed function.

nikkothari22 commented 8 months ago

Yeah the problem isn't with CORS, but with the cookies not being set because SameSite is set to Strict/Lax on Frappe.

Recommended way to authenticate for cross domain would be either OAuth or Token based auth instead of cookies.

The method is whitelisted, but not for a Guest user which is what the server thinks the user is as no cookies are being sent over to the server.

chechani commented 8 months ago

Ok, We will try Token based, if any docs and content in readme will help , though we used Axios connectivity with frappe rest API, so your information will help us