search

joselfonseca / lighthouse-graphql-passport-auth

Add GraphQL mutations to get tokens from passport for https://lighthouse-php.com/
https://lighthouse-php-auth.com/
MIT License
231 stars 55 forks source link

VerifyEmail mutation cannot decode the given session token #91

Closed canatufkansu closed 4 years ago

canatufkansu commented 4 years ago

Hi,

I'm testing all the mutations, everything is working except VerifyEmail. After I use login endpoint and get the token and use it in to verify email, mutation returns,

Trying to get property 'expiration' of non-object

When I follow the error, I found that json_decode function returns null.

I checked args array it consists the given token. I checked my token, it looks correct because I can change my current password with it by using Update Password mutation.

$decodedToken = json_decode(base64_decode($args['token']));
        $expiration = decrypt($decodedToken->expiration);
        $email = decrypt($decodedToken->hash);

base64_decode function returns the following;

b"""
{"typ":"JWT","alg":"RS256"}{"aud":"2","jti":"98523b986decc9e5e0d27b9bbae6f158f1c6a68fcd1bf6ea60fcfc721898508f0ffebaf51c601ac0","iat":1588856325,"nbf":1588856325,"exp":1620392325,"sub":"29","scopes":[]}\eØ\x01Øé\x01\x16QƒI[ú~¾┬\x08äu\x05s▄e²Iö 5xµ╝7?/l█áƒL\x16Òç¦YUPT>e4\x12\x1Cé1³U░[»{ó╗ëo-f\x10!╣Ï═ÖÁm5é'?G═÷MØl\x17┌\x17«│)Úhº9FöØÊ╚î,░╩Ï\x14}sî34ñ╔åÕP■éü░`\x10■\x10Y┌|WQÜf¯\fÊÀlT\x1Es4Âh>uG─Òë;_mª½¡\x13Tük{▀2´FY£Påð2¬wI┌f¡÷Ç»`¦÷\vÉ[èı×xÕ╠køk‗ní┴ü8\x03á┌\x00║\x10┘å;|*╬@Û
ÿúîöcÌ╦\x10Tè£└â┐.ý[\x04¿┤¼─\x08╔çU9\x08ð5¾G\x1CgØZ.z╔_ó ┼ý\x02\x17└²Ð\x07Ä│Pö─ñû±q\x05\x1Aì╠É*'â╣S¯*d\x0F\x1E\x0F┴Áûß¾w1D®CÁ┤äå║üÜ▓=
ðXm\x12║Î\x04├æmÉ3|┤xyr7bCîÖü1C£¤ý╗ªÄu¾╠0Cpu¿imûÛ\x0E=|DT£»\x01ä\x02▒1\x04\x13ªj+K絫t║q¾ÄYÙU░~»ÒK\tÓ\x06K┬Õ\x0FÝG╣│wU[Î\\x1C­\x07üêIwq«|pjP½\Ü╩╠áD╝ \x1CÐ^б╦àwÁìÂ\x08M~Wƒy÷\x17ÕÓ▄ï│Agó-ôüØBÂ┴¬t .zÊ=Ú6@9[­f­Ð\x1Eöp<╬%╦zÏ¿K\x1A\x18é#:┼5┬oç\x13▄
"""

Json looks valid at first but from some point it is getting messed up. What can be the reason of this ?

joselfonseca commented 4 years ago

@canatufkansu hello there, we are currently using this in a production app and is not giving this issue. This token is not to be used in authorization so it does not make sense that you can change a password using that token.

canatufkansu commented 4 years ago

@canatufkansu hello there, we are currently using this in a production app and is not giving this issue. This token is not to be used in authorization so it does not make sense that you can change a password using that token.

Ok my bad sorry, I used the wrong token. It is working without a problem.