Authentication does not work with Drupal

drunomics / nuxtjs-drupal-ce

A Nuxt module to easily connect Drupal via custom elements.

https://lupus-decoupled.org/

MIT License

22 stars 4 forks source link

Authentication does not work with Drupal #126

Closed TurtlBbx closed 1 year ago

TurtlBbx commented 1 year ago

In Nuxt 2 & Axios, there was an option (enabled by default), proxyHeaders, which would take care of cookie based auth.

In Nuxt 3, there is a Nuxt composable, useRequestHeaders, which can be used with this module, like this: await fetchPage(useRoute().path, { query: useRoute().query, credentials: 'include', headers: useRequestHeaders(['cookie']) })

We want to simplify cookie auth, to work out-of-the-box, so we'll enable it by default for every request to Drupal, but it should be overridable by specifying headers in an object in 2nd param of fetchPage and fetchMenu (useFetchOptions).

fago commented 1 year ago

So what about the following config options and defaults @TurtlBbx ?

fetchOptions; {} - optional defaults to be merged on runtime at https://github.com/drunomics/nuxtjs-drupal-ce/blob/7aa2273e86bd96c955624cb5f40313921b488c97/src/runtime/composables/useDrupalCe.ts#L17
proxyHeaders: ['cookie'] - if not empty, passed to useRequestHeaders() and merged with fetchOptions['headers'] ?

fago commented 1 year ago

Above PR implements this and applies the config also to menu requests.

I've seen it working correctly for SSR requests, but I did not see it working with client-side generated requests yet. It seems the "include" credentials options is not picked up there.

fago commented 1 year ago

I also noticed we have an issue with menu caching, opened #128

fago commented 1 year ago

Note: For testing I fixed lupus-decoupled gitpod.io to allow CORS from "localhost", so nuxt dev server can be used from localhost:3000

fago commented 1 year ago

Turns out "npm run prepack" was failing on some type-error:

      src/module.ts(39,7): error TS2322: Type 'UseFetchOptions<any, _Transform<any, any>, KeyOfRes<_Transform<any, any>>, string & {}, "get" | "head" | "patch" | "post" | "put" | "delete" | "connect" | "options" | "trace">' is not assignable to type '{ credentials: string; }'.
        Types of property 'credentials' are incompatible.
          Type 'RequestCredentials | Ref<RequestCredentials | undefined> | undefined' is not assignable to type 'string'.

I did not get it working with that default. :-( So I dropped it for now, possibly, this is why it's not working: https://github.com/drunomics/nuxtjs-drupal-ce/pull/127/commits/280b5c73c94214112b38ed1c16cd2f21bc63fba1

fago commented 1 year ago

ok, I've tested passing-through the cookie works correctly during SSR by publishing nuxtjs-drupal-ce@2.0.0-alpha-test-126-3

Client-side authentication works when setting

  drupalCe: {
      fetchOptions: {
              credentials: 'include',
      }
  }

in nuxt.config.js. so I've merged #127 as first interim step.

We need to solve setting credentials: include by default still and address this typing-issues for that.

fago commented 1 year ago

solved via #129