search

signalpoint / angular-drupal

An Angular JS module for Drupal.
GNU General Public License v2.0
116 stars 33 forks source link

Login response is correct, but printing out the user id still shows anonymous #43

Closed jsheffers closed 7 years ago

jsheffers commented 7 years ago

I'm using node.js and browserSync to spin up a static server at localhost:3000 which runs my angular application. I then have a Drupal 8.3.3 site setup using MAMP at a vhost "example.com." I'm using the following call in my applications run function and it (Drupal) properly returns me the correct response.

Function call: 

drupal.userLogin('username', 'password').then(function() {
        alert('Logged in!');
        alert(jDrupal.currentUser().id());
    }, function() {
        alert('Not logged in');
});

When I load my app I get an alert saying "Logged in!" and I see the response in chrome dev tools below:

{"current_user":{"uid":"1","roles":["authenticated"],"name":"username"},"csrf_token":"wtP7auf0MyDqoiR4j6htpGqSIfAYKgmnKVzZVD3kvDA","logout_token":"MSFu1mBZ7mFuy65pOauuA15FjFTqth8Q5QLEHjIMxjU"}

However, when I alert using this alert(jDrupal.currentUser().id()); I still get 0, or Anonymous user. Any ideas what could be causing this? Is it a CORS issue?

Further background: After looking at the code it looks like jDrupal calls jDrupal.connect() after the login, and the response from that is where I get the anonymous user.

signalpoint commented 7 years ago

@jsheffers Yes, this does sound like a CORS issue. Since the login result is successful, and this is in turn feeds into the jDrupal.connect() (as you noticed, which makes a call off to Drupal requesting new session info) and then the connect mechanism reports it as anonymous. This definitely sounds like a CORS issue then. I personally haven't ran into this issue, but there has been a lot of chatter about CORS in jDrupal's issue queue, as well as DrupalGap's issue queue(s), and I think the solution that folks have arrived at will work in both D7 and D8.

jsheffers commented 7 years ago

I changed this so that they are on the same domain, and the cookie still won't persist. I have the URL's set up like this:

Angular: example.com:3000 Drupal: example.com

When I call the login function this is the full network tab below. I've blocked out the domain name for privacy purposes.

Call 1: response1

Call 2: response2

As you can see here the SET cookie value is working

Call 3: response3

Any other ideas? I'd love to use this, but I need user authentication to be working. You can also see the withCredentials header in each of the requests, so I don't think that's the issue. Could it be a Drupal 8.3.3 issue?

jsheffers commented 7 years ago

Ended up adding the following JS to the top of my index.html page.

    <script>
      window.XMLHttpRequest_ = XMLHttpRequest;
      XMLHttpRequest = function(){
       var xhr = new window.XMLHttpRequest_;
       xhr.withCredentials = true;
       return xhr;
      }
    </script>