search

jeff-zucker / solid-auth-cli

a node/command-line Solid client with persistent login
MIT License
10 stars 8 forks source link

UserID is not attached to request when fetch #6

Closed linonetwo closed 4 years ago

linonetwo commented 4 years ago

I'm login and fetching as:

  const session = await solidAuth.login({
    idp: 'https://localhost:8443/',
    username: config.solidUserName,
    password: config.solidPassword,
  });

  const publicFolder = session.webId.replace('profile/card#me', 'public')
  console.log(`${publicFolder}/zhihu/aa.txt`);

  await session.fetch(`${publicFolder}/zhihu/aa.txt`, {
    method: 'PUT',
    headers: { 'Content-Type': 'text' },
    body: 'asdf',
  })

but it failed with 401, after digging NSS, I found in following line

https://github.com/solid/node-solid-server/blob/dcc5f9074669bb5c0a936ac3450aba18b16fd13a/lib/handlers/allow.js#L51-L52

the req.session.userId is undefined, which resulted in fail in ACL check.

If I manually change that line to

const userId = req.session.userId || 'https://zhihucrawler.localhost:8443/profile/card#me'

then fetch will be a success, ACL check passed.

So the question is, why req.session.userId is undefined in NSS? Is solid-auth-cli not attaching such field in req.session?

linonetwo commented 4 years ago

Oh, there is log

solid:authentication User is already authenticated as https://zhihucrawler.localhost:8443/profile/card#me +41ms

on the up, so actually NSS get the userID, but just not passing it to handlers/allow.js, it is a NSS bug.