Closed gaizkaeu closed 1 year ago
Hi, what's intercepting your request is probably rodauth.require_authentication
being called somewhere during that request, either in your Rodauth app's route
block or a before filter in your controller. If you're not calling Rodauth during the request, it should not attempt to read the Authorization
header.
If you think Rodauth isn't being called, could you produce a self-contained example reproducing the problem? Here is a Roda example showing the Authorization
header being accepted:
require "roda"
require "sequel"
require "rack/test"
DB = Sequel.sqlite
class App < Roda
plugin :rodauth do
enable :jwt
end
route do |r|
r.rodauth
r.post "custom" do
"Custom"
end
end
end
session = Rack::Test::Session.new(App)
session.post("/custom", {}, "HTTP_AUTHORIZATION" => "Bearer foobar")
session.last_response.body #=> "Custom"
Hello. Thank you for your reply. CloudTasker isn't calling rodauth.require_authentcation (as far as I can tell), but I have narrowed the problem to rodauth.load_memory
class RodauthApp < Rodauth::Rails::App
# primary configuration
configure RodauthMain
# secondary configuration
# configure RodauthAdmin, :admin
route do |r|
rodauth.load_memory # autologin remembered users
r.rodauth # route rodauth requests
end
end
OUTPUT with load_memory
Started POST "/cloudtasker/run" for ::1 at 2023-05-17 18:17:39 +0200
Started POST "/cloudtasker/run" for ::1 at 2023-05-17 18:17:50 +0200
Started POST "/cloudtasker/run" for ::1 at 2023-05-17 18:17:58 +0200
Started POST "/cloudtasker/run" for ::1 at 2023-05-17 18:17:59 +0200
OUTPUT without load_memory working
Processing by Cloudtasker::WorkerController#run as */*
Parameters: {"worker"=>"CalcrTrainJob", "job_queue"=>"default", "job_id"=>"a6fca894-1b98-457f-9468-b380b91f091c", "job_meta"=>{}, "job_args"=>["calcr_W7lQWe1MRcPI"]}
[ahoy] Visit excluded
[Cloudtasker][CalcrTrainJob][a6fca894-1b98-457f-9468-b380b91f091c] Starting job... -- {:worker=>"CalcrTrainJob", :job_id=>"a6fca894-1b98-457f-9468-b380b91f091c", :job_meta=>{}, :job_queue=>"default", :task_id=>"b0d1527f-585d-4b3b-9cad-20051ce81f61"}
[Cloudtasker][CalcrTrainJob][a6fca894-1b98-457f-9468-b380b91f091c] Job failed after 0.013s -- {:worker=>"CalcrTrainJob", :job_id=>"a6fca894-1b98-457f-9468-b380b91f091c", :job_meta=>{}, :job_queue=>"default", :task_id=>"b0d1527f-585d-4b3b-9cad-20051ce81f61", :duration=>0.013}
If you have a route that's a webhook with its own authentication, you don't want to call any Rodauth methods in that request. The Rodauth app's route
block is called for each request before it reaches the Rails router, so can easily skip things for /cloudtasker/*
routes:
route do |r|
rodauth.load_memory unless r.path.start_with?("/cloudtasker")
r.rodauth
end
Or maybe even skip the whole route
block:
route do |r|
next if r.path.start_with?("/cloudtasker")
rodauth.load_memory
r.rodauth
end
Hello.
I'm using Rodauth with the jwt plugin enabled, it works wonders. However, I'm having some trouble with non-authenticated routes.
Cloudtasker sends a POST request to /cloudtasker/run with an Authentication Header (including Bearer word). The problem is that Rodauth is intercepting that request and throwing an error displaying that the JWT is invalid.
Without the JWT plugin enabled works fine.
Is there any way to disable rodauth for that specific path?
Thanks in advance.