Open juliusge opened 6 years ago
Hey everyone! I figured out, that PouchAuthentication/PouchDB did not set my Cookie with the AuthSession correctly, although it's said that it would do so when POSTing to _session (which is done when I call db.login(..)). In the network-tab of Chrome's DevTools, I was able to see that the Cookie was absent in the response header and could therefore not be set.
By adding x-csrf-token to the headers of cors in the config file (local.ini) of CouchDB and by applying changes to the login-function as follows, I could make the cookie be set. But: It was set empty (no value, "AuthSession=") (although I could see, that the POST request did include the AuthSession value (!)).
` db.login(user.name, user.password, {
fetch: function (url, opts) {
opts.headers.set('Authorization', 'Basic ' + window.btoa(user.name + ':' + user.password));
opts.credentials='same-origin';
opts.crossDomain='true';
return PouchDB.fetch(url, opts);
}
}, function..handle stuff...
`
In order to set the Cookie successfully with value, I had to call the following function after login:
`getAuthSession: function(options) {
fetch('https://mydomain.com:6984/_session', {
method: "POST",
mode: "cors",
credentials: "include",
withCredentials: "true",
crossDomain: "true",
headers: {
"Content-Type": "application/json; charset=utf-8"
},
referrer: "no-referrer",
body: JSON.stringify({"name": user.name, "password": user.password})
})
.then(function(response) {
app.log("headers: " +JSON.stringify(response.headers)); //sadly, I can't access the Cookie myself, but works without - at least on android
return response.json();
})
.then(function(myJson) {
app.log(JSON.stringify(myJson));
});
}`
Now the Cookie is being set with the correct value and is being sent with every request and authenticates the user successfully.
Tested successfully on Android device, Android emulator and OSX/Chrome with Phonegap
Note for browser-platform/Phonegap-serve: Here, some "io" and "session.sid" Cookies are set, too. This lead to one of them being sent instead of the AuthSession-Cookie in further requests, so that the authentication of the user did not work. This disappears when actually building the app and running it on a device.
I hope this helps! I found quite many threads where the Cookie/Auth-thing did not work out of the box although following the docs.
Expected Behavior
When I log in and reload the page, I should remain logged in.
Current Behavior
I use pouchdb-authentication in my Cordova-App. Login/Register works just fine, but a user cannot stay logged in after a page-reload. So something with this plugin's cookie-auth seems to fail. I use Couch-Per-User functionality with CouchDB 2.2.
When I log in on Chrome, I receive a session-object as expected:
{"ok":true,"userCtx":{"name":"julius","roles":[]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","default"],"authenticated":"default"}}
Also, I can sync, put docs, etc. When I reload the page, read out the user's name and database-name from the local document, I receive a 401 "unauthorized" error:and the following DB/Session-objects:
{"error":"unauthorized","reason":"You are not authorized to access this db.","host":"https://domain.com:6984/userdb-6a756c697573/","db_name":"https://domain.com:6984/userdb-6a756c697573","auto_compaction":false,"adapter":"https"}
{"ok":true,"userCtx":{"name":null,"roles":[]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","default"]}}
Steps to Reproduce (for bugs)
Context
Here I provide all the code needed for reproduction of the error: `onDeviceReady: function() {
},`
`login: function(){
},`
`sync: function(){
},`
Here is my CouchDB Configuration:
And here are is another screenshot:
Your Environment
I am quite desperately trying to get this to work. Any hint is very welcome!