search

pouchdb-community / pouchdb-authentication

User authentication plugin for PouchDB and CouchDB.
Apache License 2.0
774 stars 118 forks source link

Login not working on PhoneGap's http://192.168.0.3:3000/ #226

Open nijakobius opened 6 years ago

nijakobius commented 6 years ago

Trying to implement a login system with this plugin (in PhoneGap):

Code

remoteDB = new PouchDB('https://MYACCOUNT.cloudant.com/DATABASE');

remoteDB.logIn('USER', 'PASSWORD').then(function(response) { console.log(response); });

remoteDB.getSession(function (error, response) { console.log(response); });

Current Behaviour

  1. It works if I open the index.html from the macOS Finder, such that the address bar reads file:///Users/USER/Documents/pouchdblogin/www/index.html.

  2. However, if I run it via PhoneGap (http://192.168.0.3:3000/), the login doesn't seem to work:

In both cases, the logIn response is

{roles: Array(0), ok: true, name: "fb10213293253078466"}

But the getSession responses are different:

1. For file:///..........:

info.authenticated: "cookie" userCtx.name: "USER"

-> Expected behaviour

2. but for http://192.168.0.3:3000/ it is:

info.authenticated: "local" userCtx.name: null

-> Login didn't work properly

Am I doing something wrong?

Environment

ptitjes commented 6 years ago

Hi @nielsjakob, thanks very much for your detailed report.

I have difficulties figuring out what your problem is, also maybe because I don't Cloudant. I will think about it and come back to you if I understand what is going on.

In the meantime, would you mind:

Thank you in advance.

nijakobius commented 6 years ago

Thanks for your reply, @ptitjes

screen shot 2018-03-14 at 12 06 11

When I encounter the problem described in my original post, I get the normal browser authentication popup. When I type in my login info, the session gets stored and everything. So while it doesn't work exactly how it should, with this workaround, it's fine for testing on my computer.

Also, I found out that after compiling my PhoneGap app and running it on iOS and Android, it works as expected. It's really just when I run it on PhoneGap's local server.

ptitjes commented 6 years ago

@nielsjakob If you have the browser authentication popup, this means you have Basic Authentication activated on you database. You might want to disable it and just use Cookie Authentication (+ SSL on production server). I think that would solve your problem.

nijakobius commented 6 years ago

Is this something that's done in new PouchDB()? Some header I have to set?

remoteDB = new PouchDB('https://MYACCOUNT.cloudant.com/DATABASE', {
    ajax: { headers: { authorization: ??? } }
});
ptitjes commented 6 years ago

@nielsjakob Sorry for the late reply.

To disable Basic Authentication on your remote database, you must modify the configuration of your remote CouchDB database host.

If you cannot disable it (which maybe you can't on Cloudant), then in order to suppress the authentication popup on the client side, try to add some skip_setup and auth options to the PouchDB constructor call:

remoteDB = new PouchDB('https://MYACCOUNT.cloudant.com/DATABASE', {

   // to disable contacting the database before logging (and show the popup)
   skip_setup: true,

   // to configure the Basic Authentication credentials
   auth: {
      username: 'username',
      password: 'password'
   }
});