search

jacekschae / learn-reitit-course-files

🎦 Learn Reitit course files for building Cheffy REST API
https://www.learnreitit.com
37 stars 16 forks source link

wrap-manage-recipes fails even though I have the manage-recipes role on my user #4

Closed jennet closed 2 years ago

jennet commented 3 years ago

My auth0 middleware to check whether the user has the role manage-recipes keeps failing and I'm not sure what I've missed.

I'm up to lesson 49, but I've not found any adjustments to the code so I must have something wrong in my code I'm just not sure where.

I've completed the tests reformatting lesson, and create an account during the fixture. I can see this being created via the Auth0 management panel, and can see the role added successfully. I can also see the expected keys in the updated token by copying and pasting into jwt.io:

https://cheffy.jennet-dummy-domain.com/roles": [
    "manage-recipes"
  ],

The get recipes test runs fine, but then the create recipe fails with "You need to be a cook to manager recipes"

Full request diffs are:


--- :request---

  {:body #<java.io.ByteArrayInputStream@2ce8269>,
   :content-length 206,
   :content-type "application/json",
   :headers {"authorization" "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IllwQnhQdHAycmVsQXVyRGJ0cktLRSJ9.eyJodHRwczovL3RlbXAtamVuLnB1Ymxpc2hteWRhdGEuY29tL3JvbGVzIjpbIm1hbmFnZS1yZWNpcGVzIl0sImlzcyI6Imh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjAwNWFjNWVmODQ3ODEwMDY5NjVkOThiIiwiYXVkIjpbImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vYXBpL3YyLyIsImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNjEwOTg0NTQ1LCJleHAiOjE2MTEwNzA5NDUsImF6cCI6ImE5eW40cU5rYTZqWFBaZmZZalowenhFaGM3T3Rqamh3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCByZWFkOmN1cnJlbnRfdXNlciB1cGRhdGU6Y3VycmVudF91c2VyX21ldGFkYXRhIGRlbGV0ZTpjdXJyZW50X3VzZXJfbWV0YWRhdGEgY3JlYXRlOmN1cnJlbnRfdXNlcl9tZXRhZGF0YSBjcmVhdGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyBkZWxldGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyB1cGRhdGU6Y3VycmVudF91c2VyX2lkZW50aXRpZXMiLCJndHkiOiJwYXNzd29yZCJ9.RnOF6FOvs8vCxAqPPiDiJ5_a6n8F0dfM2YCfKzLSzjSOSCIFU1D9Cn8tUlFKRJE10zuJWkm6w78enxPPp2NX1kuP19-UXdRh5JsHU5-xDE9kgRzhvKX4AJ-UgPPeWlU1SMArY4xZNQ_5oqHjioW9dSV-H75LGllh7VSq3fCm3E3s0GOPlcRTQ8hIxrcVwFcX2oyBJtn1MXIWcWHApJQX0FWPceWwWHhDLMAbG2a7KiT-IkDWp-3Ee-dutMv6zxshUiyImPr9XYcgrO3KG7fuwRqfEIkyLagYUTfBDVpSk-YQXpmH5UD9AidRCCPoIr0RWCRSGlr5w4vo_2cnHO9Cdg",
             "content-length" "206",
             "content-type" "application/json",
             "host" "localhost"},
   :path-params {},
   :protocol "HTTP/1.1",
   :remote-addr "127.0.0.1",
   :request-method :post,
   :scheme :http,
   :server-name "localhost",
   :server-port 80,
   :uri "/v1/recipes"}

--- :request :reitit.swagger/swagger ---

  {:body #<java.io.ByteArrayInputStream@2ce8269>,
   :content-length 206,
   :content-type "application/json",
   :headers {"authorization" "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IllwQnhQdHAycmVsQXVyRGJ0cktLRSJ9.eyJodHRwczovL3RlbXAtamVuLnB1Ymxpc2hteWRhdGEuY29tL3JvbGVzIjpbIm1hbmFnZS1yZWNpcGVzIl0sImlzcyI6Imh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjAwNWFjNWVmODQ3ODEwMDY5NjVkOThiIiwiYXVkIjpbImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vYXBpL3YyLyIsImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNjEwOTg0NTQ1LCJleHAiOjE2MTEwNzA5NDUsImF6cCI6ImE5eW40cU5rYTZqWFBaZmZZalowenhFaGM3T3Rqamh3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCByZWFkOmN1cnJlbnRfdXNlciB1cGRhdGU6Y3VycmVudF91c2VyX21ldGFkYXRhIGRlbGV0ZTpjdXJyZW50X3VzZXJfbWV0YWRhdGEgY3JlYXRlOmN1cnJlbnRfdXNlcl9tZXRhZGF0YSBjcmVhdGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyBkZWxldGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyB1cGRhdGU6Y3VycmVudF91c2VyX2lkZW50aXRpZXMiLCJndHkiOiJwYXNzd29yZCJ9.RnOF6FOvs8vCxAqPPiDiJ5_a6n8F0dfM2YCfKzLSzjSOSCIFU1D9Cn8tUlFKRJE10zuJWkm6w78enxPPp2NX1kuP19-UXdRh5JsHU5-xDE9kgRzhvKX4AJ-UgPPeWlU1SMArY4xZNQ_5oqHjioW9dSV-H75LGllh7VSq3fCm3E3s0GOPlcRTQ8hIxrcVwFcX2oyBJtn1MXIWcWHApJQX0FWPceWwWHhDLMAbG2a7KiT-IkDWp-3Ee-dutMv6zxshUiyImPr9XYcgrO3KG7fuwRqfEIkyLagYUTfBDVpSk-YQXpmH5UD9AidRCCPoIr0RWCRSGlr5w4vo_2cnHO9Cdg",
             "content-length" "206",
             "content-type" "application/json",
             "host" "localhost"},
   :path-params {},
   :protocol "HTTP/1.1",
   :remote-addr "127.0.0.1",
   :request-method :post,
   :scheme :http,
   :server-name "localhost",
   :server-port 80,
   :uri "/v1/recipes"}

--- :request :reitit.ring.middleware.muuntaja/format ---

  {:body #<java.io.ByteArrayInputStream@2ce8269>,
   :content-length 206,
   :content-type "application/json",
   :headers {"authorization" "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IllwQnhQdHAycmVsQXVyRGJ0cktLRSJ9.eyJodHRwczovL3RlbXAtamVuLnB1Ymxpc2hteWRhdGEuY29tL3JvbGVzIjpbIm1hbmFnZS1yZWNpcGVzIl0sImlzcyI6Imh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjAwNWFjNWVmODQ3ODEwMDY5NjVkOThiIiwiYXVkIjpbImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vYXBpL3YyLyIsImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNjEwOTg0NTQ1LCJleHAiOjE2MTEwNzA5NDUsImF6cCI6ImE5eW40cU5rYTZqWFBaZmZZalowenhFaGM3T3Rqamh3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCByZWFkOmN1cnJlbnRfdXNlciB1cGRhdGU6Y3VycmVudF91c2VyX21ldGFkYXRhIGRlbGV0ZTpjdXJyZW50X3VzZXJfbWV0YWRhdGEgY3JlYXRlOmN1cnJlbnRfdXNlcl9tZXRhZGF0YSBjcmVhdGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyBkZWxldGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyB1cGRhdGU6Y3VycmVudF91c2VyX2lkZW50aXRpZXMiLCJndHkiOiJwYXNzd29yZCJ9.RnOF6FOvs8vCxAqPPiDiJ5_a6n8F0dfM2YCfKzLSzjSOSCIFU1D9Cn8tUlFKRJE10zuJWkm6w78enxPPp2NX1kuP19-UXdRh5JsHU5-xDE9kgRzhvKX4AJ-UgPPeWlU1SMArY4xZNQ_5oqHjioW9dSV-H75LGllh7VSq3fCm3E3s0GOPlcRTQ8hIxrcVwFcX2oyBJtn1MXIWcWHApJQX0FWPceWwWHhDLMAbG2a7KiT-IkDWp-3Ee-dutMv6zxshUiyImPr9XYcgrO3KG7fuwRqfEIkyLagYUTfBDVpSk-YQXpmH5UD9AidRCCPoIr0RWCRSGlr5w4vo_2cnHO9Cdg",
             "content-length" "206",
             "content-type" "application/json",
             "host" "localhost"},
   :path-params {},
   :protocol "HTTP/1.1",
   :remote-addr "127.0.0.1",
   :request-method :post,
   :scheme :http,
   :server-name "localhost",
   :server-port 80,
   :uri "/v1/recipes",
   +:body-params {:img "https://images.unsplash.com/photo-1563282397-cdc218eccfda?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1950&q=80",
                  :name "My test recipe",
                  :prep-time 30},
   +:muuntaja/request #muuntaja.core.FormatAndCharset
   {:charset "utf-8",
    :format "application/json",
    :raw-format "application/json"},
   +:muuntaja/response #muuntaja.core.FormatAndCharset
   {:charset "utf-8", :format "application/json", :raw-format nil}}

--- :request :reitit.ring.coercion/coerce-request ---

  {:body #<java.io.ByteArrayInputStream@2ce8269>,
   :body-params {:img "https://images.unsplash.com/photo-1563282397-cdc218eccfda?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1950&q=80",
                 :name "My test recipe",
                 :prep-time 30},
   :content-length 206,
   :content-type "application/json",
   :headers {"authorization" "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IllwQnhQdHAycmVsQXVyRGJ0cktLRSJ9.eyJodHRwczovL3RlbXAtamVuLnB1Ymxpc2hteWRhdGEuY29tL3JvbGVzIjpbIm1hbmFnZS1yZWNpcGVzIl0sImlzcyI6Imh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjAwNWFjNWVmODQ3ODEwMDY5NjVkOThiIiwiYXVkIjpbImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vYXBpL3YyLyIsImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNjEwOTg0NTQ1LCJleHAiOjE2MTEwNzA5NDUsImF6cCI6ImE5eW40cU5rYTZqWFBaZmZZalowenhFaGM3T3Rqamh3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCByZWFkOmN1cnJlbnRfdXNlciB1cGRhdGU6Y3VycmVudF91c2VyX21ldGFkYXRhIGRlbGV0ZTpjdXJyZW50X3VzZXJfbWV0YWRhdGEgY3JlYXRlOmN1cnJlbnRfdXNlcl9tZXRhZGF0YSBjcmVhdGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyBkZWxldGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyB1cGRhdGU6Y3VycmVudF91c2VyX2lkZW50aXRpZXMiLCJndHkiOiJwYXNzd29yZCJ9.RnOF6FOvs8vCxAqPPiDiJ5_a6n8F0dfM2YCfKzLSzjSOSCIFU1D9Cn8tUlFKRJE10zuJWkm6w78enxPPp2NX1kuP19-UXdRh5JsHU5-xDE9kgRzhvKX4AJ-UgPPeWlU1SMArY4xZNQ_5oqHjioW9dSV-H75LGllh7VSq3fCm3E3s0GOPlcRTQ8hIxrcVwFcX2oyBJtn1MXIWcWHApJQX0FWPceWwWHhDLMAbG2a7KiT-IkDWp-3Ee-dutMv6zxshUiyImPr9XYcgrO3KG7fuwRqfEIkyLagYUTfBDVpSk-YQXpmH5UD9AidRCCPoIr0RWCRSGlr5w4vo_2cnHO9Cdg",
             "content-length" "206",
             "content-type"  "application/json",
             "host" "localhost"},
   :path-params {},
   :protocol "HTTP/1.1",
   :remote-addr "127.0.0.1",
   :request-method :post,
   :scheme :http,
   :server-name "localhost",
   :server-port 80,
   :uri "/v1/recipes",
   :muuntaja/request {:charset "utf-8",
                      :format "application/json",
                      :raw-format "application/json"},
   :muuntaja/response {:charset "utf-8",
                       :format "application/json",
                       :raw-format nil},
   +:parameters {:body {:img "https://images.unsplash.com/photo-1563282397-cdc218eccfda?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1950&q=80",
                        :name "My test recipe",
                        :prep-time 30}}}

--- :request :reitit.ring.coercion/coerce-response ---

  {:body #<java.io.ByteArrayInputStream@2ce8269>,
   :body-params {:img "https://images.unsplash.com/photo-1563282397-cdc218eccfda?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1950&q=80",
                 :name "My test recipe",
                 :prep-time 30},
   :content-length 206,
   :content-type "application/json",
   :headers {"authorization" "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IllwQnhQdHAycmVsQXVyRGJ0cktLRSJ9.eyJodHRwczovL3RlbXAtamVuLnB1Ymxpc2hteWRhdGEuY29tL3JvbGVzIjpbIm1hbmFnZS1yZWNpcGVzIl0sImlzcyI6Imh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjAwNWFjNWVmODQ3ODEwMDY5NjVkOThiIiwiYXVkIjpbImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vYXBpL3YyLyIsImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNjEwOTg0NTQ1LCJleHAiOjE2MTEwNzA5NDUsImF6cCI6ImE5eW40cU5rYTZqWFBaZmZZalowenhFaGM3T3Rqamh3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCByZWFkOmN1cnJlbnRfdXNlciB1cGRhdGU6Y3VycmVudF91c2VyX21ldGFkYXRhIGRlbGV0ZTpjdXJyZW50X3VzZXJfbWV0YWRhdGEgY3JlYXRlOmN1cnJlbnRfdXNlcl9tZXRhZGF0YSBjcmVhdGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyBkZWxldGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyB1cGRhdGU6Y3VycmVudF91c2VyX2lkZW50aXRpZXMiLCJndHkiOiJwYXNzd29yZCJ9.RnOF6FOvs8vCxAqPPiDiJ5_a6n8F0dfM2YCfKzLSzjSOSCIFU1D9Cn8tUlFKRJE10zuJWkm6w78enxPPp2NX1kuP19-UXdRh5JsHU5-xDE9kgRzhvKX4AJ-UgPPeWlU1SMArY4xZNQ_5oqHjioW9dSV-H75LGllh7VSq3fCm3E3s0GOPlcRTQ8hIxrcVwFcX2oyBJtn1MXIWcWHApJQX0FWPceWwWHhDLMAbG2a7KiT-IkDWp-3Ee-dutMv6zxshUiyImPr9XYcgrO3KG7fuwRqfEIkyLagYUTfBDVpSk-YQXpmH5UD9AidRCCPoIr0RWCRSGlr5w4vo_2cnHO9Cdg",
             "content-length" "206",
             "content-type"  "application/json",
             "host" "localhost"},
   :parameters {:body {:img "https://images.unsplash.com/photo-1563282397-cdc218eccfda?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1950&q=80",
                       :name "My test recipe",
                       :prep-time 30}},
   :path-params {},
   :protocol "HTTP/1.1",
   :remote-addr "127.0.0.1",
   :request-method :post,
   :scheme :http,
   :server-name "localhost",
   :server-port 80,
   :uri "/v1/recipes",
   :muuntaja/request {:charset "utf-8",
                      :format "application/json",
                      :raw-format "application/json"},
   :muuntaja/response {:charset "utf-8",
                       :format "application/json",
                       :raw-format nil}}

--- :request :cheffy-api.middleware/auth0 ---

  {:body #<java.io.ByteArrayInputStream@2ce8269>,
   :body-params {:img "https://images.unsplash.com/photo-1563282397-cdc218eccfda?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1950&q=80",
                 :name "My test recipe",
                 :prep-time 30},
   :content-length 206,
   :content-type "application/json",
   :headers {"authorization" "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IllwQnhQdHAycmVsQXVyRGJ0cktLRSJ9.eyJodHRwczovL3RlbXAtamVuLnB1Ymxpc2hteWRhdGEuY29tL3JvbGVzIjpbIm1hbmFnZS1yZWNpcGVzIl0sImlzcyI6Imh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjAwNWFjNWVmODQ3ODEwMDY5NjVkOThiIiwiYXVkIjpbImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vYXBpL3YyLyIsImh0dHBzOi8vZGRqLWxlYXJuLXJlaXRpdC5ldS5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNjEwOTg0NTQ1LCJleHAiOjE2MTEwNzA5NDUsImF6cCI6ImE5eW40cU5rYTZqWFBaZmZZalowenhFaGM3T3Rqamh3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCByZWFkOmN1cnJlbnRfdXNlciB1cGRhdGU6Y3VycmVudF91c2VyX21ldGFkYXRhIGRlbGV0ZTpjdXJyZW50X3VzZXJfbWV0YWRhdGEgY3JlYXRlOmN1cnJlbnRfdXNlcl9tZXRhZGF0YSBjcmVhdGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyBkZWxldGU6Y3VycmVudF91c2VyX2RldmljZV9jcmVkZW50aWFscyB1cGRhdGU6Y3VycmVudF91c2VyX2lkZW50aXRpZXMiLCJndHkiOiJwYXNzd29yZCJ9.RnOF6FOvs8vCxAqPPiDiJ5_a6n8F0dfM2YCfKzLSzjSOSCIFU1D9Cn8tUlFKRJE10zuJWkm6w78enxPPp2NX1kuP19-UXdRh5JsHU5-xDE9kgRzhvKX4AJ-UgPPeWlU1SMArY4xZNQ_5oqHjioW9dSV-H75LGllh7VSq3fCm3E3s0GOPlcRTQ8hIxrcVwFcX2oyBJtn1MXIWcWHApJQX0FWPceWwWHhDLMAbG2a7KiT-IkDWp-3Ee-dutMv6zxshUiyImPr9XYcgrO3KG7fuwRqfEIkyLagYUTfBDVpSk-YQXpmH5UD9AidRCCPoIr0RWCRSGlr5w4vo_2cnHO9Cdg",
             "content-length" "206",
             "content-type" "application/json",
             "host" "localhost"},
   :parameters {:body {:img "https://images.unsplash.com/photo-1563282397-cdc218eccfda?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1950&q=80",
                       :name "My test recipe",
                       :prep-time 30}},
   :path-params {},
   :protocol "HTTP/1.1",
   :remote-addr "127.0.0.1",
   :request-method :post,
   :scheme :http,
   :server-name "localhost",
   :server-port 80,
   :uri "/v1/recipes",
   :muuntaja/request {:charset "utf-8",
                      :format "application/json",
,
                      :raw-format "application/json"},
   :muuntaja/response {:charset "utf-8",
                       :format "application/json",
                       :raw-format nil},
   +:claims {:aud ["https://ddj-learn-reitit.eu.auth0.com/api/v2/"
                   "https://ddj-learn-reitit.eu.auth0.com/userinfo"],
             :azp "a9yn4qNka6jXPZffYjZ0zxEhc7Otjjhw",
             :exp 1611070945,
             :gty "password",
             :iat 1610984545,
             :iss "https://ddj-learn-reitit.eu.auth0.com/",
             :scope "openid profile email read:current_user update:current_user_metadata delete:current_user_metadata create:current_user_metadata create:current_user_device_credentials delete:current_user_device_credentials update:current_user_identities",
             :sub "auth0|6005ac5ef84781006965d98b",
             :https://cheffy.jennet-dummy-domain.com/roles ["manage-recipes"]}}

--- :response :cheffy-api.middleware/auth0 ---

  {:body {:data "/v1/recipes",
          :message "You need to be a cook to manager recipes",
          :type :authorization-required},
   :headers {},
   :status  401}

--- :response :reitit.ring.coercion/coerce-response ---

  {:body {:data "/v1/recipes",
          :message "You need to be a cook to manager recipes",
          :type :authorization-required},
   :headers {},
   :status  401}

--- :response :reitit.ring.coercion/coerce-request ---

  {:body {:data "/v1/recipes",
          :message "You need to be a cook to manager recipes",
          :type :authorization-required},
   :headers {},
   :status  401}

--- :response :reitit.ring.middleware.muuntaja/format ---

  {:body {:data "/v1/recipes",
          :message "You need to be a cook to manager recipes",
          :type :authorization-required},
   :headers {},
   :status  401}

--- :response :reitit.swagger/swagger ---

  {:body -{:data "/v1/recipes",
           :message "You need to be a cook to manager recipes",
           :type :authorization-required}
         +#<java.io.ByteArrayInputStream@5ff82ba3>,
   :headers {+"Content-Type" "application/json; charset=utf-8"},
   :status  401}

--- :response---

  {:body #<java.io.ByteArrayInputStream@5ff82ba3>,
   :headers {"Content-Type" "application/json; charset=utf-8"},
   :status  401}

Does anything obvious stand out to you in that diff that would point me in the direction of where I might have gone wrong?

jennet commented 3 years ago

from middleware.clj:

(def wrap-manage-recipes
  {:name ::manage-recipes
   :description "Middleware to check if a user can manage recipes"
   :wrap (fn [handler]
           (fn [request]
             (let [roles (get-in request [:claims "https://cheffy.jennet-dummy-domain.com/roles"])]
               (if (some #{"manage-recipes"} roles)
                 (handler request)
                 (-> (rr/response {:message "You need to be a cook to manager recipes"
                                   :data    (:uri request)
                                   :type    :authorization-required})
                     (rr/status 401))))))})

from recipe/routes.clj:


(defn routes
  [env]
  (let [db (:jdbc-url env)]
    ["/recipes" {:swagger    {:tags ["recipes"]}
                 :middleware [[mw/wrap-auth0]]}
     [""
      {:get  {:handler  (recipe/list-all-recipes db)
              :response {200 {:body responses/recipes}}
              :summary  "List all recipes"}
       :post {:handler    (recipe/create-recipe! db)
              :middleware [[mw/wrap-manage-recipes]]
              :parameters {:body {:name      string?
                                  :prep-time number?
                                  :img       string?}}
              :responses  {201 {:body {:recipe-id string?}}}
              :summary    "Create recipe"}
       }]
     ["/:recipe-id"
      [""
       {:get    {:handler    (recipe/retrieve-recipe db)
                 :parameters {:path {:recipe-id string?}}
                 :response   {200 {:body responses/recipe}}
                 :summary    "Get recipe by ID"}
        :put    {:handler    (recipe/update-recipe! db)
                 :middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]
                 :parameters {:path {:recipe-id string?}
                              :body {:name string? :prep-time int? :public boolean? :img string?}}
                 :responses  {204 {:body nil?}}
                 :summary    "Update recipe"}
        :delete {:handler    (recipe/delete-recipe! db)
                 :middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]
                 :parameters {:path {:recipe-id string?}}
                 :response   {204 {:body nil?}}
                 :summary    "Delete recipe by ID"}}]

      ["/steps" {:middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]}
       [""
        {:post   {:handler    (recipe/create-step! db)
                  :parameters {:path {:recipe-id string?}
                               :body {:description string? :sort number?}}
                  :responses  {201 {:step-id string?}}
                  :summary    "Create step"}
         :put    {:handler    (recipe/update-step! db)
                  :parameters {:path {:recipe-id string?}
                               :body {:step-id     string?
                                      :description string?
                                      :sort        number?}}
                  :responses  {204 {:body nil?}}
                  :summary    "Update step"}
         :delete {:handler    (recipe/delete-step! db)
                  :parameters {:path {:recipe-id string?}
                               :body {:step-id string?}}
                  :response   {204 {:body nil?}}
                  :summary    "Delete step"}}]]
      ["/ingredients" {:middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]}
       [""
        {:post   {:handler    (recipe/create-ingredient! db)
                  :parameters {:path {:recipe-id string?}
                               :body {:name    string?
                                      :sort    number?
                                      :amount  number?
                                      :measure string?}}
                  :responses  {201 {:ingredient-id string?}}
                  :summary    "Create ingredient"}
         :put    {:handler    (recipe/update-ingredient! db)
                  :parameters {:path {:recipe-id string?}
                               :body {:ingredient-id string?
                                      :name          string?
                                      :sort          number?
                                      :amount        number?
                                      :measure       string?}}
                  :responses  {204 {:body nil?}}
                  :summary    "Update ingredient"}
         :delete {:handler    (recipe/delete-ingredient! db)
                  :parameters {:path {:recipe-id string?}
                               :body {:ingredient-id string?}}
                  :response   {204 {:body nil?}}
                  :summary    "Delete ingredient"}}]]
      ["/favorite"                                          ;/recipes/:recipe-id/favorite
       {:post   {:handler    (recipe/favorite-recipe! db)
                 :parameters {:path {:recipe-id string?}}
                 :responses  {204 {:body nil?}}
                 :summary    "Favorite recipe"}
        :delete {:handler    (recipe/unfavorite-recipe! db)
                 :parameters {:path {:recipe-id string?}}
                 :response   {204 {:body nil?}}
                 :summary    "Unfavorite recipe"}}]]]))
jacekschae commented 3 years ago

The get recipes doesn't require manage-recipes role, that is why it passes. When it comes to create and other routes that require wrap-manage-recipes here is the problem:

When you decode your token you get:

{
  "https://temp-jen.publishmydata.com/roles": [
    "manage-recipes"
  ],
  "iss": "https://ddj-learn-reitit.eu.auth0.com/",
  "sub": "auth0|6005ac5ef84781006965d98b",
  "aud": [
    "https://ddj-learn-reitit.eu.auth0.com/api/v2/",
    "https://ddj-learn-reitit.eu.auth0.com/userinfo"
  ],
  "iat": 1610984545,
  "exp": 1611070945,
  "azp": "a9yn4qNka6jXPZffYjZ0zxEhc7Otjjhw",
  "scope": "openid profile email read:current_user update:current_user_metadata delete:current_user_metadata create:current_user_metadata create:current_user_device_credentials delete:current_user_device_credentials update:current_user_identities",
  "gty": "password"
}

As you. can see the domain that you are getting is https://temp-jen.publishmydata.com/roles and with the middleware your are checking for https://cheffy.jennet-dummy-domain.com/roles, since they are different the test fails.

PS. Sorry for my late reply, I didn't notice the issues before.

jacekschae commented 3 years ago

@jennet could we close this one?

jacekschae commented 2 years ago

stale