Closed sunkaifei closed 1 month ago
This seems to be a critical regression in actix-session
0.10.0? Downgrading to 0.9.0 is working for me so far. On Safari it needed a little more convincing with setting the right cookie attributes.
Additional context:
actix-files = "0.6.6"
actix-identity = "0.7.1"
actix-session = { version = "0.9.0", features = ["cookie-session"] }
actix-web = "4.9.0"
anyhow = "1.0.86"
base64 = "0.22.1"
diesel = { version = "2.2.2", features = ["postgres", "r2d2", "uuid"] }
dotenvy = "0.15.7"
hex = "0.4.3"
hmac = "0.12.1"
rand = "0.8.5"
rand_chacha = "0.3.1"
regex = "1.10.6"
secrecy = "0.8.0"
serde = { version = "1.0.206", features = ["serde_derive"] }
serde_with = { version = "3.9.0", features = ["base64"] }
sha2 = "0.10.8"
thiserror = "1.0.63"
tracing = "0.1.40"
tracing-actix-web = "0.7.11"
tracing-subscriber = "0.3.18"
uuid = "1.10.0"
Update: I think I found the root cause:
As of identity-v0.7.1
, actix-identity requires actix-session 0.9.0
https://github.com/actix/actix-extras/blob/db2193b8c5c6e8f40b9d85d7ee8618baa4af7fb5/actix-identity/Cargo.toml#L22
I'm guessing that since actix-session 0.10.0
also gets compiled as a dependency, the type magic inside actix is unable to reconcile the two Session
types. Downgrading to actix-session 0.9.0
specifically would be the solution, until a new version of actix-identity is published with the updated version bound
I have tried both versions, I have tried this way
@purefunctor Do you have any errors in version 0.9.0? I have the same version, and accessing pages that haven't been logged in will result in an error, so I can only use the session directly.
@sunkaifei You can ignore the DEBUG
log:
2024-08-13T17:30:54.181711Z DEBUG HTTP request{http.method=GET http.route=/auth/generate http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/auth/generate otel.name=HTTP GET /auth/generate otel.kind="server" request_id=3d20b23f-5d8c-4aef-b6b1-8dcc140a5a89}: actix_web::extract: Error for Option<T> extractor: There is no identity information attached to the current session
2024-08-13T17:30:54.181806Z INFO HTTP request{http.method=GET http.route=/auth/generate http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/auth/generate otel.name=HTTP GET /auth/generate otel.kind="server" request_id=3d20b23f-5d8c-4aef-b6b1-8dcc140a5a89}: server::page: No user
2024-08-13T17:31:01.854869Z INFO HTTP request{http.method=POST http.route=/api/v1/auth/login http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/api/v1/auth/login otel.name=HTTP POST /api/v1/auth/login otel.kind="server" request_id=5f18e02e-b5b3-4aee-86eb-f449e4215966}: server::api::auth: Inserted user: "4436d90f-cce5-44c1-8a77-c10ad4d3e873"
2024-08-13T17:31:24.988591Z INFO HTTP request{http.method=GET http.route=/auth/generate http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/auth/generate otel.name=HTTP GET /auth/generate otel.kind="server" request_id=1adb78c4-168f-4bfb-9ffa-f77fc0bed561}: server::page: "4436d90f-cce5-44c1-8a77-c10ad4d3e873"
It's meant for developers:
On the first line of your log, there is also an error message when the user is not logged in, just like my prompt
Yes, it's normal. You can set the log to filter DEBUG messages
Update: I think I found the root cause:
As of
identity-v0.7.1
, actix-identity requires actix-session 0.9.0I'm guessing that since
actix-session 0.10.0
also gets compiled as a dependency, the type magic inside actix is unable to reconcile the twoSession
types. Downgrading toactix-session 0.9.0
specifically would be the solution, until a new version of actix-identity is published with the updated version bound
Also seeing this issue after upgrading to 0.10.0, and works to downgrade to 0.9.0. I guess ideally that would have failed to compile, but I think because of the way the middleware works in actix web i don't think it's possible to statically guarantee that the right actix_session::SessionMiddleware
is in your app.
Easiest solution might just be to reexport actix_session
out of actix_identity
and recommend people use that, since you can't really use identity
without session
anyway.
Or add peer dependencies to cargo (jk jk)
The issue is that actix-identity
's actix-session
dependency was updated in f2339971cdbfbd42a3720d2bc6fa5478b7eef2a8 but no version increment was done or no new version was published to crates.io. The current source code on crates.io still depends on actix-session
0.9 and is 6 months old. Maybe someone can fix this by pushing a new version? @robjtede maybe?
Edit: actix-limitation probably has the same issue.
Oh – I see the problem now… that issue took me 6h to find. Could someone do the publish - even better figure out a way to avoid this? I don't think I know enough to solve it for good.
New actix-identity release published: https://github.com/actix/actix-extras/releases/tag/identity-v0.8.0
Sorry for the delay.
Thank you so much!
Thank you!
How to set it up correctly? I am copying the configuration from the code sample。
Why does this prompt appear when not logged in?