Closed elhakeem closed 4 years ago
I started debugging and found something that may effect the issue.
app-admin-ui/index.js
isAccessAllowed(req) {
if (!this.authStrategy) {
return true;
}
return (
req.user &&
this._isAccessAllowed({ authentication: { item: req.user, listKey: req.authedListKey } }) &&
req.session.audiences &&
req.session.audiences.includes('admin')
);
}
isAccessAllowed
function depends on req.session
key, but when I checked the req
object I found that the key is called req.Session.session
in some requests. so I tried fixing it this way:
const sessionKey = req.session || (req.Session && req.Session.session);
return (
req.user &&
this._isAccessAllowed({ authentication: { item: req.user, listKey: req.authedListKey } }) &&
sessionKey.audiences &&
sessionKey.audiences.includes('admin')
);
but this solution doesn't fix anything in the issue.
This can be resolved by setting the sessionStore
option to a compatible session store (e.g connect-mongo). https://www.keystonejs.com/keystonejs/keystone/#sessionstore
const expressSession = require('express-session');
const MongoStore = require('connect-mongo')(expressSession);
const keystone = new Keystone({
/* ...config */
sessionStore: new MongoStore({ url: 'mongodb://localhost/my-app' }),
});
This should really be surfaced as a prerequisite to publishing keystone sites. They've got "This should be configured before deploying your app." written next to the section, but it's very easy to miss. I might submit a PR to the docs regarding this tidbit.
Funnily enough, this was an issue with sites in v4 as well- I remember scratching my head for days before someone helped me out.
If you don't use HTTPS disabled secureCookies : https://www.keystonejs.com/keystonejs/keystone/#securecookies
@MichaelZaporozhets Thank you for your reply. I solved it like @Heolink mentioned. It was just setting secureCookies: false
Thank you guys.
When I used App Admin UI in development mode the signin page and redirection after signing in worked correctly.
but after building the app I started it locally to ensure that everything works fine before the deployment, then I found that the admin UI signin page doesn't work correctly, I used the same user authentication I used in development, the same database. it called the api correctly and received 200 status for the login authentication call. and also it triggered the reload. but I redirected to the signin page again.
Expected behaviour
After signing in call completes successfully the app should redirect me to the main page.
Actual behaviour
After signing in call completes successfully the app reloads and redirect me to the signin page again.
System information