search

sourcefuse / loopback4-starter

Loopback 4 starter application. Multi-tenant architecture supported. Authentication, Authorization, Soft deletes, environment vars, Audit logs, included.
MIT License
158 stars 59 forks source link

Login Problem #43

Closed fgvicente closed 4 years ago

fgvicente commented 4 years ago

I'm testing and can't log in. But I don't know if I'm doing the right thing. as I read. I must first go to

auth/login

with these parameters 

{
  "client_id": "webapp",
  "client_secret": "saqw21!@",
  "username": "super_admin",
  "password": "test123!@#"
}

and that returns this code to me.

{ "code": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRJZCI6IndlYmFwcCIsInVzZXJJZCI6MSwiaWF0IjoxNTg2OTU3MzMzLCJleHAiOjE1ODY5NTc1MTMsImF1ZCI6IndlYmFwcCIsImlzcyI6Im1mZ3FmIiwic3ViIjoic3VwZXJfYWRtaW4ifQ.wgHgBirDz1T9YW1pG133XGBwJRM7q61GsgfCRrpC4ws" }

Then I must go to

auth/token

with these parameters 

{
  "code": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRJZCI6IndlYmFwcCIsInVzZXJJZCI6MSwiaWF0IjoxNTg2OTU3MzMzLCJleHAiOjE1ODY5NTc1MTMsImF1ZCI6IndlYmFwcCIsImlzcyI6Im1mZ3FmIiwic3ViIjoic3VwZXJfYWRtaW4ifQ.wgHgBirDz1T9YW1pG133XGBwJRM7q61GsgfCRrpC4ws",
  "clientId": "webapp",
  "username": "super_admin"
}

so that it gives me the true token but it returns a 401.

{
  "error": {
    "statusCode": 401,
    "name": "UnauthorizedError",
    "message": "Invalid Credentials"
  }
}

Can someone tell me what I'm doing wrong? thank in advance @samarpanB

fgvicente commented 4 years ago

Im debuggin an cath this

authUser.tenant = await this.userTenantRepo.tenant(userTenant.id);

AuthUser {
  deleted: false,
  createdOn: 2020-04-15T17:58:10.214Z,
  modifiedOn: 2020-04-15T17:58:10.214Z,
  createdBy: null,
  modifiedBy: null,
  id: 1,
  firstName: 'Super',
  lastName: 'Admin',
  middleName: null,
  username: 'super_admin',
  email: null,
  phone: null,
  defaultTenant: 1,
  lastLogin: null,
  permissions: [],
  tenant: undefined
}

not work

fgvicente commented 4 years ago

In Single Tenant branch work fine but multple not

samarpan-b commented 4 years ago

@fgvicente I'll check it and let you know.

fgvicente commented 4 years ago

I try update package but i get many errors. its possible to update to lasted?

samarpan-b commented 4 years ago

Yes. We are working on upgrading to latest. Give us few days time.

fgvicente commented 4 years ago

Hello @samarpan-b any suggestion?

pbalan commented 4 years ago

I have a little different problem than @fgvicente

@samarpan-b I'm creating a MySQL version.

Differences as below:

  • Adding some opinionated models instead of storing address in Tenant directly.
  • Changed field names from createdOn to createdAt and modifiedOn to modifiedAt

Problem I am facing is that its not able to get userTenant when POST /auth/token in createJWT function.

The minimum reproducible repo here.

pbalan commented 4 years ago

@IshuSF just tested the changes on SFO-7 branch. Doesn't seem like fixing the issue. 👎

Also, the following line throws an error:

src/repositories/user-tenant.repository.ts:54:9 - error TS2416: Property 'create' in type 'UserTenantRepository' is not assignable to the same property in base type 'DefaultSoftCrudRepository<UserTenant, number | undefined, UserTenantRelations>'. Type '(user: User) => Promise' is not assignable to type '(entity: DataObject, options?: AnyObject | undefined) => Promise'. Types of parameters 'user' and 'entity' are incompatible. Type 'DataObject' is not assignable to type 'User'. Type 'UserTenant' is missing the following properties from type 'User': firstName, lastName, username, defaultTenant, credentials 54 async create(user: User): Promise {

Got past the same to get going by changing type to any instead of User.

Bringing in acceptance tests, I find the login tests all pass. 👍 Wonder if any issue with boilerplate seed data?

IshuSF commented 4 years ago

@pbalan just for the confirmation, I am wondering if you had run "npm Install" after checking out the latest changes.

pbalan commented 4 years ago

@samarpan-b @IshuSF I did. I removed the package-lock.json, node_modules directory and run the npm install to be extra sure. Also can see all the vulnerabilities gone.

system info

Param Value
OS Macintosh
Node version v10.18.1

console output

Screenshot 2020-04-28 at 21 49 23

using POSTMAN for testing it

Screenshot 2020-04-28 at 21 46 57 Screenshot 2020-04-28 at 21 47 33

on jwt.io, when i copy paste this code, I see invalid signature message.

Screenshot 2020-04-28 at 21 52 53
pbalan commented 4 years ago

@IshuSF Here's the parallel sfo-7 branch in case you want to give it a go to identify the issue. I'm still trying to check for the issue at my end. In case you find the reason, please do reply.

BTW, just to mention, I haven't seen any new keys being generated in Redis. Don't know if it is supposed to.

IshuSF commented 4 years ago

@pbalan I just made some changes in the user_tenant repository Create function. Could you please take the latest pull of SFO-7 branch and see if the error is resolved at your end.

pbalan commented 4 years ago

Hi @IshuSF , I just checked and the problem is still there even if we change it to DataObject. The vscode linter shows it as well.

Screenshot 2020-04-29 at 11 10 22

so does the console

Screenshot 2020-04-29 at 11 39 22
IshuSF commented 4 years ago

@pbalan I just made some more changes to resolve the error.

Could you please take the latest pull. These changes should fix the error.

pbalan commented 4 years ago

@IshuSF Thanks. Seems the DataObject error goes away however, this change has caused something broken in login controller.

Argument of type 'User' is not assignable to parameter of type 'DataObject'

Screenshot 2020-04-29 at 15 24 54
IshuSF commented 4 years ago

@pbalan I resolved that. Please take latest pull.

pbalan commented 4 years ago

Thank you. @IshuSF it works now 👍 I have ported the MySQL version of this repo here.

pbalan commented 4 years ago

@fgvicente It works for me. Could you please share with me your minimum reproducible repo? Let me see if I could help to fix your issue.

fgvicente commented 4 years ago

ok @samarpan-b now work. but (always but) after update that. call lb4 discover and...

lb4 discover                      
The project was originally generated by @loopback/cli@<unknown>.
The following dependencies are incompatible with @loopback/cli@2.4.4:
- @loopback/boot: ^1.4.4 (cli ^2.1.1)
- @loopback/build: ^2.0.5 (cli ^5.2.0)
- @loopback/context: ^1.20.2 (cli ^3.5.1)
- @loopback/core: ^1.8.5 (cli ^2.4.1)
- @loopback/openapi-v3: ^1.7.0 (cli ^3.2.1)
- @loopback/repository: ^1.8.2 (cli ^2.2.1)
- @loopback/rest: ^1.16.3 (cli ^3.3.1)
- @loopback/testlab: ^1.6.3 (cli ^3.1.1)
- @loopback/service-proxy: ^1.2.3 (cli ^2.1.1)
- @loopback/rest-explorer: ^1.2.5 (cli ^2.1.1)
? How do you want to proceed? Upgrade project dependencies
- Dependency @loopback/boot: ^1.4.4 => ^2.1.1
- Dependency @loopback/context: ^1.20.2 => ^3.5.1
- Dependency @loopback/core: ^1.8.5 => ^2.4.1
- Dependency @loopback/openapi-v3: ^1.7.0 => ^3.2.1
- Dependency @loopback/repository: ^1.8.2 => ^2.2.1
- Dependency @loopback/rest-explorer: ^1.2.5 => ^2.1.1
- Dependency @loopback/rest: ^1.16.3 => ^3.3.1
- Dependency @loopback/service-proxy: ^1.2.3 => ^2.1.1
- DevDependency @loopback/build: ^2.0.5 => ^5.2.0
- DevDependency @loopback/testlab: ^1.6.3 => ^3.1.1
- DevDependency @types/node: ^10.11.2 => ^10.17.21
- DevDependency eslint: ^6.0.1 => ^6.8.0
- DevDependency typescript: ^3.5.2 => ~3.8.3
Upgrading dependencies may break the current project.
? Seleccione el conector que se va a descubrir (Use arrow keys)
❯ auditdb 
  pgdb 
  redis La conexión falla: error: no existe el rol «fvicente»
Se reintentará en la siguiente solicitud.

events.js:288
      throw er; // Unhandled 'error' event
      ^

error: no existe el rol «fvicente»
    at Connection.parseE (/home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/pg/lib/connection.js:601:11)
    at Connection.parseMessage (/home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/pg/lib/connection.js:398:19)
    at Socket.<anonymous> (/home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/pg/lib/connection.js:120:22)
    at Socket.emit (events.js:311:20)
    at addChunk (_stream_readable.js:294:12)
    at readableAddChunk (_stream_readable.js:275:11)
    at Socket.Readable.push (_stream_readable.js:209:10)
    at TCP.onStreamRead (internal/stream_base_commons.js:186:23)
Emitted 'error' event on AuditdbDataSource instance at:
    at AuditdbDataSource.postInit (/home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/@loopback/repository/node_modules/loopback-datasource-juggler/lib/datasource.js:486:16)
    at PendingItem.callback (/home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/loopback-connector-postgresql/lib/postgresql.js:102:17)
    at /home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/pg-pool/index.js:248:23
    at Connection.connectingErrorHandler (/home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/pg/lib/client.js:163:14)
    at Connection.emit (events.js:311:20)
    at Socket.<anonymous> (/home/fvicente/Proyectos/loopback4apps/new/marqfapp/node_modules/pg/lib/connection.js:125:12)
    at Socket.emit (events.js:311:20)
    [... lines matching original stack trace ...]
    at TCP.onStreamRead (internal/stream_base_commons.js:186:23) {
  name: 'error',
  length: 99,
  severity: 'FATAL',
  code: '28000',
  detail: undefined,
  hint: undefined,
  position: undefined,
  internalPosition: undefined,
  internalQuery: undefined,
  where: undefined,
  schema: undefined,
  table: undefined,
  column: undefined,
  dataType: undefined,
  constraint: undefined,
  file: 'miscinit.c',
  line: '607',
  routine: 'InitializeSessionUserId'
}
fgvicente commented 4 years ago

and why doesn't this work? @samarpan-b https://loopback.io/pages/en/lb4/imgs/tutorials/access-control-migration/auth_example_set_token.png