search

lucia-auth / lucia

Authentication, simple and clean
https://lucia-auth.com
MIT License
8.32k stars 447 forks source link

[Bug]: MongoDB Prisma Adapter and Lucia Sessions. #1599

Closed Blankeos closed 2 weeks ago

Blankeos commented 2 weeks ago

Package

lucia

Describe the bug

Idk how else to describe the error. Seems to me that Lucia doesn't have a way to change the createID function for sessions? Correct me if I'm wrong though. Preferably, I could use MongoDB's ObjectId which is a 24 character hexstring

PrismaClientKnownRequestError: 
Invalid `prisma.session.create()` invocation:

Inconsistent column data: Malformed ObjectID: invalid character 'u' was found at index 0 in the provided hex string: "uv55tbyfibhh2xtujbwxdzdytztp2pme6eghm2iq" for the field 'id'.
    at In.handleRequestError (/Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/@prisma+client@5.15.0_prisma@5.15.0/node_modules/@prisma/client/runtime/library.js:122:6877)
    at In.handleAndLogRequestError (/Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/@prisma+client@5.15.0_prisma@5.15.0/node_modules/@prisma/client/runtime/library.js:122:6211)
    at In.request (/Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/@prisma+client@5.15.0_prisma@5.15.0/node_modules/@prisma/client/runtime/library.js:122:5919)
    at async l (/Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/@prisma+client@5.15.0_prisma@5.15.0/node_modules/@prisma/client/runtime/library.js:127:11167)
    at async PrismaAdapter.setSession (file:///Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/@lucia-auth+adapter-prisma@4.0.1_@prisma+client@5.15.0_prisma@5.15.0__lucia@3.2.0/node_modules/@lucia-auth/adapter-prisma/dist/index.js:52:9)
    at async Lucia.createSession (file:///Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/lucia@3.2.0/node_modules/lucia/dist/core.js:95:9)
    at async Module.register (/Users/carlo/Desktop/Projects/uccc-website/src/server/modules/auth/services/register.service.ts:34:19)
    at async eval (/Users/carlo/Desktop/Projects/uccc-website/src/server/modules/auth/auth.controller.ts:55:39)
    at async resolveMiddleware (file:///Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/@trpc+server@11.0.0-rc.403/node_modules/@trpc/server/dist/unstable-core-do-not-import/procedureBuilder.mjs:102:30)
    at async callRecursive (file:///Users/carlo/Desktop/Projects/uccc-website/node_modules/.pnpm/@trpc+server@11.0.0-rc.403/node_modules/@trpc/server/dist/unstable-core-do-not-import/procedureBuilder.mjs:152:32)

Model:

model User {
  id           String @id @map("_id")
  username     String @unique
  passwordHash String

  createdTimestamp DateTime @default(now())
  updatedTimestamp DateTime @default(now()) @updatedAt

  sessions Session[]
}

model Session {
  id        String   @id @map("_id")
  userId    String
  expiresAt DateTime
  user      User     @relation(references: [id], fields: [userId], onDelete: Cascade)
}

const adapter = new PrismaAdapter(prisma.session, prisma.user);

export const lucia = new Lucia(adapter, {...});
Blankeos commented 2 weeks ago

Oh well. spoke too soon. Can change this to a docs enhancement maybe? 

const session = await lucia.createSession(userId, {}, { 
  sessionId: new ObjectId().toString() 
});

Actually idk if it even fits the docs at the moment. Might just make it more cluttered. I guess an issue is enough. Someone'll probably search for this anyway.

pilcrowOnPaper commented 2 weeks ago

I would not use Object IDs for session IDs as they, at best, only provide 96 bits of entropy (in reality it only provides 24 bits of true randomness).

Looks like the sessionId option is undocumented, even in the API reference - sorry about that! Can you create a new issue for that?