Closed laurentlouk closed 1 year ago
Hi @laurentlouk 👋 thanks for raising this issue! At a glance it seems like you might be running into this scenario described in the documentation because you have field level auth enabled on each model listed by the console warnings.
To prevent sensitive data from being sent over subscriptions, the GraphQL Transformer needs to alter the response of mutations for those fields by setting them to null. Therefore, to facilitate field-level authorization with subscriptions, you need to either apply field-level authorization rules to all required fields, make the other fields nullable, or disable subscriptions by setting it to public or off.
So, you can try adding field level auth to all the other fields to match the model level auth and keep them non-nullable.
Let me know if that helps.
Otherwise, I'm currently deploying the schema you've shared to test the behavior as well.
@chrisbonifacio thank you for your fast feedback ✨ I'm not sure to understand here what you mean by apply field-level authorization rules to all required fields
Do you mean something like that?
type User
@model
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }]) {
id: ID! @auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
username: String @auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
description: String @auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
photo: S3Object @auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
showImage: Boolean! @auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
colorLogo: String! @auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
owner: String @auth(rules: [{ allow: owner, operations: [read, create, delete] }])
walletID: ID! @auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
}
I tried with the following schema it didn't work 😣
I removed all the owner: String @auth(rules: [{ allow: owner, operations: [read, create, delete] }])
to owner: String
@chrisbonifacio I tested all the GQL schema you recommended, but nothing seemed to work. I'm saving the new types with owner: `${sub::owner}` that's the only change I've made recently, but according to the documentation it should work the same way as before.
oh, you're manually setting the value of the owner field? I would check those values in DynamoDB and make sure that they are correct.
@chrisbonifacio I spent the whole day running some extra tests, I have done this from scratch (new amplify + new RN) with a smaller GQL schema (see below). No matter if I add manually the owner field or not I have the same bug.
I have also tested on the console appsync : listening to a subscription to "onCreateUser" and I still have the same problem.
have you tried to reproduce it ?
type User
@model
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }]) {
id: ID!
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
username: String
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
description: String
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
showImage: Boolean!
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
colorLogo: String!
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
owner: String
@auth(
rules: [
{ allow: owner, operations: [read, create, delete] }
{ allow: private, operations: [read] }
]
)
walletID: ID!
@auth(rules: [{ allow: owner }, { allow: private, operations: [read] }])
}
Hi @laurentlouk 👋 can you check in the Network tab of the browser, and share the logs from the websocket connection?
We're curious to see how the subscription queries are being generated, particularly whether there is an owner
argument included. Please share for both devices/users.
hi @chrisbonifacio unfortunately I had to restructure my code and remove the datastore, as it is not suitable anymore due to hazard bugs. I needed to get on with my product and stop spending time on datastore 😣 I'm sorry I don't have more time to check with you (hard times 😅) and thank you again for your time trying to help me 🙏🏻.
I'll let you decide if you need to close this issue or not.
hi @laurentlouk: i am having the same issue. what are you using instead of datastore? i have both a web and mobile front end, so i chose the datastore to be able to sync (when on mobile). i'm not sure that calling the API directly would work either, as i can't get anything from the AppSync query.
hi @laurentlouk: i am having the same issue. what are you using instead of datastore? i have both a web and mobile front end, so i chose the datastore to be able to sync (when on mobile). i'm not sure that calling the API directly would work either, as i can't get anything from the AppSync query.
Hey I stopped using datastore and did my own caching with subscriptions and persisting caching similar to useQuery. It's more cording but way more stable.
thanks for the info! This is the only thing holding up a launch, and my customer is getting anxious. i'll have to give that a think.
See related item https://github.com/aws-amplify/amplify-category-api/issues/1018 for information on resolution.
Before opening, please confirm:
JavaScript Framework
React Native
Amplify APIs
DataStore
Amplify Categories
auth, storage, function, api
Environment information
Describe the bug
When I auth with a user(A) save information and observe it's working good When I auth with a user(B) on a second iPhone emulator (or physical iPhone) and replicate the above line the observe method doesn't return anything from the user(A).
I tried this with different types of my GQL.
Meanwhile I keep having these alerts : [WARN] 17:20.125 DataStore - queryError User is unauthorized to query syncLabs, some items could not be returned. [WARN] 17:20.134 DataStore - queryError User is unauthorized to query syncUsers, some items could not be returned. [WARN] 17:20.139 DataStore - queryError User is unauthorized to query syncParticipants, some items could not be returned. [WARN] 17:20.142 DataStore - queryError User is unauthorized to query syncRooms, some items could not be returned.
Expected behavior
When DataStore.observe I want to be able to have both information from user(A) or user(B) independently from who has the owner of the data.
with the following auth rules:
Reproduction steps
Yarn packages
Amplify add API : with Amazon Cognito User Pool and Datastore Auto Merge (no override)
Code Snippet
Log output
aws-exports.js
Manual configuration
No response
Additional configuration
No response
Mobile Device
iPhone 13 emulators and physical iPhone 12
Mobile Operating System
16
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
full package.json