Cookie is not attached - Githubissues

jeff-zucker / solid-auth-cli

a node/command-line Solid client with persistent login

MIT License

10 stars 8 forks source link

Cookie is not attached #7

Closed linonetwo closed 4 years ago

linonetwo commented 4 years ago

I can PUT with

session.fetch(`${publicFolder}/zhihu/aa.txt`, {
    method: 'PUT',
    headers: { 'Content-Type': 'text', origin: session.webId, cookie: 'nssidp.sid=s%3AtDGDfwwArX4hSoa5L5tVh4YPV9hHjF4D.y%2FSka9fedhN7JGUnrZ8aKN9PzsfZH9gRzCe5fFdWOdw' },
    body: 'asdf',
  });

where cookie is copy from the browser.

Can you calculate this cookie and attach it automatically?

jeff-zucker commented 4 years ago

I have no idea what you are asking or what it would accomplish. What are you trying to do?

On Fri, Jan 10, 2020 at 12:18 AM lin onetwo notifications@github.com wrote:

I can PUT with

session.fetch(${publicFolder}/zhihu/aa.txt, { method: 'PUT', headers: { 'Content-Type': 'text', origin: session.webId, cookie: 'nssidp.sid=s%3AtDGDfwwArX4hSoa5L5tVh4YPV9hHjF4D.y%2FSka9fedhN7JGUnrZ8aKN9PzsfZH9gRzCe5fFdWOdw' }, body: 'asdf', });

where cookie is copy from the browser.

Can you calculate this cookie and attach it automatically?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jeff-zucker/solid-auth-cli/issues/7?email_source=notifications&email_token=AKVJCJEDWYFJRVTDLETZP7LQ5AVMJA5CNFSM4KFECI62YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IFIYZDQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKVJCJF3ZKIG6OURXRKCXJTQ5AVMJANCNFSM4KFECI6Q .

jeff-zucker commented 4 years ago

Why would someone want to attach a browser cookie to a non-browser request? Why would someone want to make a PUT like that rather than use the normal login and session? Maybe you should start by describing what the problem is you are trying to solve.

linonetwo commented 4 years ago

I wanna PUT a file to localhost POD, and I actually logined

solidAuth.login({
    idp: 'https://localhost:8443/',
    username: config.solidUserName,
    password: config.solidPassword,
  });

and fetch using session.fetch

But I found in the server-side, its req.session.userId always null if there is no cookie, and that makes ACL reasoning failed.

I'm trying to locate the bug that made ACL fail, maybe it is due to oidc token (https://github.com/solid/node-solid-server/issues/1386#issuecomment-572903929), maybe it is due to req.session.userId is null (https://github.com/solid/node-solid-server/issues/1386#issuecomment-572921110)

jeff-zucker commented 4 years ago

This doesn't work? In which situation doesn't it work?

const auth  = require("solid-auth-cli")
const newResource = // some URL in a container only you have access to

auth.login(
  {
    idp: 'https://localhost:8443',
    username: config.solidUserName,
    password: config.solidPassword,
  }
).then( ()=>{
    auth.fetch(
       newResource,
       {
          method:"PUT",
          body:"some words",
          headers:{"content-type":"text/plain"}
       }
    )
})

linonetwo commented 4 years ago

Wow, that works!

I was using:

const session = await auth.login(
  {
    idp: 'https://localhost:8443',
    username: config.solidUserName,
    password: config.solidPassword,
  }
)
session.fetch(
       newResource,
       {
          method:"PUT",
          body:"some words",
          headers:{"content-type":"text/plain"}
       }
    )
})

and that always fails ACL check...

Thank you for this!