search

websanova / vue-auth

A simple light-weight authentication library for Vue.js
MIT License
2.35k stars 383 forks source link

Keeps redirecting to 403 when the user has admin rights #150

Closed kyoukhana closed 7 years ago

kyoukhana commented 7 years ago

If I login and the user has permissions to access the vue route it keeps redirecting to 403

http://www.kevinyoukhana.com/admin/login

app.js code

import Vue from 'vue'
import VueRouter from 'vue-router'
import VueAuth from '@websanova/vue-auth'
import App from './components/app.vue'
import mdl from 'material-design-lite'
import VueMdl from 'vue-mdl'
import axios from 'axios'
import VueAxios from 'vue-axios'
import VueResource from 'vue-resource'

Vue.use(VueRouter);
Vue.use(VueMdl);
Vue.use(VueAxios, axios);
Vue.use(VueResource);

const router = new VueRouter({
    hashbang: false,
    linkActiveClass: 'active',
    mode: 'history',
    routes: [{
        path: '/',
        component: (resolve) => { require(['./components/views/home.vue'], resolve)}
    },

        {
            path: '/403',
            component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}
        },
    {
        path: '/admin/login',
        name:'adminlogin',
        component: (resolve) => { require(['./components/views/admin/login.vue'], resolve)}
    },
    {
    path: '/admin/dashboard',
    name:'dashadmin',
     meta: {auth: ['admin']},
    component: (resolve) => { require(['./components/views/admin/dashboard.vue'], resolve)},
     children:[
        {
            path: '', component: (resolve) => { require(['./components/views/admin/dashboardHome.vue'], resolve)}
        }
      ]

    }
  ]
});

/*Set VUE ROUTER */
Vue.router = router;

//Vue.axios.defaults.baseURL = domainUrl;
//Vue.axios.defaults.headers.common['X-CSRF-TOKEN'] = document.querySelector('#token').getAttribute('content');
Vue.http.headers.common['X-CSRF-TOKEN'] = document.querySelector('#token').getAttribute('content');
Vue.http.options.root="http://www.kevinyoukhana.com";

Vue.use(VueAuth,{
    authRedirect:'/',
    auth: require('@websanova/vue-auth/drivers/auth/bearer.js'),
    http: require('@websanova/vue-auth/drivers/http/vue-resource.1.x.js'),
    router: require('@websanova/vue-auth/drivers/router/vue-router.2.x.js'),
    token: [{request: 'token', response: 'token', authType: 'bearer', foundIn: 'header'}],
    tokenName:'token',
    loginData: {url: 'api/auth', method: 'POST', redirect: 'dashboard'},
    logoutData: {url: 'api/logout', method: 'POST', redirect: 'login',  makeRequest: false},
    fetchData: {url: 'api/account', method: 'GET' , enabled: true},
    refreshData: {enabled: false}
});

const app = new Vue({
    router,
    ...App
})

app.$mount('#app');

Libraries used

 "@websanova/vue-auth": "^2.10.0-beta",
    "axios": "^0.15.3",
    "babel-core": "^6.24.1",
    "babel-eslint": "^7.2.1",
    "babel-loader": "^6.4.1",
    "babel-plugin-transform-object-rest-spread": "^6.23.0",
    "babel-plugin-transform-runtime": "^6.23.0",
    "babel-preset-es2015": "^6.24.1",
    "babel-preset-stage-2": "^6.24.1",
    "bootstrap-sass": "^3.3.7",
    "css-loader": "^0.23.0",
    "dropzone": "^4.3.0",
    "file-loader": "^0.9.0",
    "gulp": "^3.9.1",
    "image-webpack-loader": "^3.3.0",
    "jimp": "^0.2.27",
    "jquery": "^3.1.0",
    "laravel-elixir": "^6.0.0-9",
    "laravel-elixir-vue-2": "^0.2.0",
    "laravel-elixir-webpack-official": "^1.0.2",
    "lodash": "^4.16.2",
    "material-design-lite": "^1.3.0",
    "path": "^0.12.7",
    "responsive-loader": "^0.7.0",
    "style-loader": "^0.13.0",
    "svg-url-loader": "^1.1.0",
    "url-loader": "^0.5.8",
    "v-qrcode": "^1.0.3",
    "vee-validate": "^1.0.0-beta.10",
    "vue": "^2.2.6",
    "vue-axios": "^1.2.2",
    "vue-hot-reload-api": "^2.0.11",
    "vue-html-loader": "1.2.3",
    "vue-lazyload": "^1.0.3",
    "vue-loader": "^11.3.4",
    "vue-mdl": "^1.1.1",
    "vue-progressbar": "^0.7.1",
    "vue-resource": "^1.3.1",
    "vue-router": "^2.4.0",
    "vue-scrollto": "^2.4.2",
    "vue-strap": "^1.0.11",
    "vue-style-loader": "^1.0.0",
    "vue-template-compiler": "^2.2.6",
    "vue2-dropzone": "^2.2.5",
    "vuelidate": "^0.2.0",
    "vuex": "^2.3.0",
    "webpack": "^2.3.3",
    "webpack-dev-server": "^1.16.1"

Github repo

https://github.com/kyoukhana/jwtvue

websanova commented 7 years ago

Do you have any other interceptors in your app?

On Tue, Apr 25, 2017 at 8:56 AM, kyoukhana notifications@github.com wrote:

If I login and the user has permissions to access the vue route it keeps redirecting to 403

http://www.kevinyoukhana.com/admin/login app.js code

import Vue from 'vue' import VueRouter from 'vue-router' import VueAuth from '@websanova/vue-auth' import App from './components/app.vue' import mdl from 'material-design-lite' import VueMdl from 'vue-mdl' import axios from 'axios' import VueAxios from 'vue-axios' import VueResource from 'vue-resource'

Vue.use(VueRouter); Vue.use(VueMdl); Vue.use(VueAxios, axios); Vue.use(VueResource);

const router = new VueRouter({ hashbang: false, linkActiveClass: 'active', mode: 'history', routes: [{ path: '/', component: (resolve) => { require(['./components/views/home.vue'], resolve)} },

    {
        path: '/403',
        component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}
    },
{
    path: '/admin/login',
    name:'adminlogin',
    component: (resolve) => { require(['./components/views/admin/login.vue'], resolve)}
},
{
path: '/admin/dashboard',
name:'dashadmin',
 meta: {auth: ['admin']},
component: (resolve) => { require(['./components/views/admin/dashboard.vue'], resolve)},
 children:[
    {
        path: '', component: (resolve) => { require(['./components/views/admin/dashboardHome.vue'], resolve)}
    }
  ]

}

] });

/Set VUE ROUTER / Vue.router = router;

//Vue.axios.defaults.baseURL = domainUrl; //Vue.axios.defaults.headers.common['X-CSRF-TOKEN'] = document.querySelector('#token').getAttribute('content'); Vue.http.headers.common['X-CSRF-TOKEN'] = document.querySelector('#token').getAttribute('content'); Vue.http.options.root="http://www.kevinyoukhana.com";

Vue.use(VueAuth,{ authRedirect:'/', auth: require('@websanova/vue-auth/drivers/auth/bearer.js'), http: require('@websanova/vue-auth/drivers/http/vue-resource.1.x.js'), router: require('@websanova/vue-auth/drivers/router/vue-router.2.x.js'), token: [{request: 'token', response: 'token', authType: 'bearer', foundIn: 'header'}], tokenName:'token', loginData: {url: 'api/auth', method: 'POST', redirect: 'dashboard'}, logoutData: {url: 'api/logout', method: 'POST', redirect: 'login', makeRequest: false}, fetchData: {url: 'api/account', method: 'GET' , enabled: true}, refreshData: {enabled: false} });

const app = new Vue({ router, ...App })

app.$mount('#app');

Libraries used

"@websanova/vue-auth": "^2.10.0-beta", "axios": "^0.15.3", "babel-core": "^6.24.1", "babel-eslint": "^7.2.1", "babel-loader": "^6.4.1", "babel-plugin-transform-object-rest-spread": "^6.23.0", "babel-plugin-transform-runtime": "^6.23.0", "babel-preset-es2015": "^6.24.1", "babel-preset-stage-2": "^6.24.1", "bootstrap-sass": "^3.3.7", "css-loader": "^0.23.0", "dropzone": "^4.3.0", "file-loader": "^0.9.0", "gulp": "^3.9.1", "image-webpack-loader": "^3.3.0", "jimp": "^0.2.27", "jquery": "^3.1.0", "laravel-elixir": "^6.0.0-9", "laravel-elixir-vue-2": "^0.2.0", "laravel-elixir-webpack-official": "^1.0.2", "lodash": "^4.16.2", "material-design-lite": "^1.3.0", "path": "^0.12.7", "responsive-loader": "^0.7.0", "style-loader": "^0.13.0", "svg-url-loader": "^1.1.0", "url-loader": "^0.5.8", "v-qrcode": "^1.0.3", "vee-validate": "^1.0.0-beta.10", "vue": "^2.2.6", "vue-axios": "^1.2.2", "vue-hot-reload-api": "^2.0.11", "vue-html-loader": "1.2.3", "vue-lazyload": "^1.0.3", "vue-loader": "^11.3.4", "vue-mdl": "^1.1.1", "vue-progressbar": "^0.7.1", "vue-resource": "^1.3.1", "vue-router": "^2.4.0", "vue-scrollto": "^2.4.2", "vue-strap": "^1.0.11", "vue-style-loader": "^1.0.0", "vue-template-compiler": "^2.2.6", "vue2-dropzone": "^2.2.5", "vuelidate": "^0.2.0", "vuex": "^2.3.0", "webpack": "^2.3.3", "webpack-dev-server": "^1.16.1"

Github repo

https://github.com/kyoukhana/jwtvue

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/websanova/vue-auth/issues/150, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkcyzz-KOIpJDKjv-UTgo7eQo_Iyrwaks5rzVLXgaJpZM4NG6Rc .

kyoukhana commented 7 years ago

Nope none at all here is the login.vue. Here is what the vues look like.

Login.vue

<template>
    <div>
    <div class="mdl-layout mdl-layout-login mdl-js-layout" v-if="!$auth.check()">

        <main class="mdl-layout__content">

            <main class="mdl-layout__content mdl-layout__content-login">
                <div class="mdl-card mdl-shadow--6dp">
                    <div class="mdl-card__title mdl-color--primary mdl-color-text--white">
                        <h2 class="mdl-card__title-text">Login</h2>
                    </div>
                    <div class="mdl-card__supporting-text">

                        <form  role="form" action="#" method="post"  @submit.prevent="processlogin">

                            <div class="mdl-textfield mdl-js-textfield">
                                <mdl-textfield floating-label="Email:" type="email" v-model="data.body.email" id="email" email="email"></mdl-textfield>
                            </div>

                            <div class="mdl-textfield mdl-js-textfield">
                                <mdl-textfield floating-label="Password:" type="password" v-model="data.body.password" id="pass" password="password"></mdl-textfield>
                            </div>

                            <div class="mdl-card__actions">
                                <button type="submit" class="mdl-button mdl-button--colored mdl-js-button mdl-js-ripple-effect">Sign in</button>
                            </div>
                        </form>

                    </div>
                </div>
            </main>
        </main>
    </div>

    </div>

</template>

<script>
    export default {
        data() {
            return {
                context: 'login context',
                data: {
                    body: {
                        email: 'vueauth@gmail.com',
                        password: 'vue123'
                    },
                    rememberMe: false
                },
                error: null
            };
        },

        mounted: function () {
            this.$nextTick(function () {
                componentHandler.upgradeDom();
                componentHandler.upgradeAllRegistered();
            })
        },

        methods: {
            processlogin: function () {

                var redirect = this.$auth.redirect();
                this.$auth.login({
                    body: this.data.body,
                    rememberMe: true,
                    redirect: '/admin/dashboard',
                });

            }
            /*End process form */
        }
    }
</script>

<style>
    body{
        height:100%;
    }
    .mdl-layout-login {
        align-items: center;
        justify-content: center;
    }
    .mdl-layout__content-login {
        padding: 24px;
        flex: none;
    }

    .bg-row {
        background: url('https://getmdl.io/assets/demos/transparent.jpg') center / cover;
    }
    .demo-layout-transparent .mdl-layout__header,
    .demo-layout-transparent .mdl-layout__drawer-button {
        /* This background is dark, so we set text to white. Use 87% black instead if
           your background is light. */
        color: white;
    }

</style>

Dashboard

<template>
        <main class="mdl-layout__content mdl-color--grey-100">
              <router-view></router-view>
        </main>
</template>

<script>
    export default {
    }
</script>
<style>

</style>

Dashboard Home

<template>
    <div><h2>Your Logged IN</h2></div>
</template>

<script>
    export default{}
</script>

Forbidden

<template>
    <h1>Forbidden</h1>
</template>
<script>
    export default {
    }
</script>

<style>
</style>
websanova commented 7 years ago

I guess it's just your routes. The page you are redirecting to after login must be missing. Also probably no /403 or /404 so it's looping.

On Apr 25, 2017 3:12 PM, "kyoukhana" notifications@github.com wrote:

Nope none at all here is the login.vue. Here is what the vues look like. Login.vue

Dashboard

Dashboard Home

Forbidden

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/websanova/vue-auth/issues/150#issuecomment-296954299, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkcyyaWCcXi7yxrHpReOu9hHEp39n8Zks5rzarSgaJpZM4NG6Rc .

kyoukhana commented 7 years ago

if you look at the original code at the top the dashboard route exists

/admin/dashboard

403 exists but i didn't create a 404 route

websanova commented 7 years ago

ok, add the 404 route, or change it in the $auth config so it least it will stop looping.

Why it's coming up as 404 though is another issue, maybe because you are trying to access admin with improper role?

On Tue, Apr 25, 2017 at 7:01 PM, kyoukhana notifications@github.com wrote:

if you look at the original code at the top the dashboard route exists

/admin/dashboard

403 exists but i didn't create a 404 route

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/websanova/vue-auth/issues/150#issuecomment-297008000, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkcy47WNhj7mj2mcf4SyVh3w211QlOBks5rzeCjgaJpZM4NG6Rc .

kyoukhana commented 7 years ago

the user has the role admin but i will add the other routes.

websanova commented 7 years ago

can see your routes code?

On Tue, Apr 25, 2017 at 9:25 PM, kyoukhana notifications@github.com wrote:

the user has the role admin but i will add the other routes.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/websanova/vue-auth/issues/150#issuecomment-297047137, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkcy-SMgBKVAOYiie7gRVZxd0Hs6JDjks5rzgJmgaJpZM4NG6Rc .

kyoukhana commented 7 years ago

Here are my routes


const router = new VueRouter({
    hashbang: false,
    linkActiveClass: 'active',
    mode: 'history',
    routes: [{
        path: '/',
        component: (resolve) => { require(['./components/views/home.vue'], resolve)}
    },

        {
            path: '/403',
            component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}
        },
    {
        path: '/admin/login',
        name:'adminlogin',
        component: (resolve) => { require(['./components/views/admin/login.vue'], resolve)}
    },
    {
    path: '/admin/dashboard',
    name:'dashadmin',
     meta: {auth: ['admin']},
    component: (resolve) => { require(['./components/views/admin/dashboard.vue'], resolve)},
     children:[
        {
            path: '', component: (resolve) => { require(['./components/views/admin/dashboardHome.vue'], resolve)}
        }
      ]

    }
  ]
});

/*Set VUE ROUTER */
Vue.router = router;
websanova commented 7 years ago

Ok, and how do you store the roles var in your user object?

On Apr 25, 2017 23:01, "kyoukhana" notifications@github.com wrote:

Here are my routes

const router = new VueRouter({ hashbang: false, linkActiveClass: 'active', mode: 'history', routes: [{ path: '/', component: (resolve) => { require(['./components/views/home.vue'], resolve)} },

    {
        path: '/403',
        component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}
    },
{
    path: '/admin/login',
    name:'adminlogin',
    component: (resolve) => { require(['./components/views/admin/login.vue'], resolve)}
},
{
path: '/admin/dashboard',
name:'dashadmin',
 meta: {auth: ['admin']},
component: (resolve) => { require(['./components/views/admin/dashboard.vue'], resolve)},
 children:[
    {
        path: '', component: (resolve) => { require(['./components/views/admin/dashboardHome.vue'], resolve)}
    }
  ]

}

] });

/Set VUE ROUTER / Vue.router = router;

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/websanova/vue-auth/issues/150#issuecomment-297078779, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkcy-8t-JeNqhrFlr5uVIJkXfCq1pUzks5rzhjrgaJpZM4NG6Rc .

kyoukhana commented 7 years ago

it's stored like this

$table->enum('role', ['user', 'admin'])->index();

websanova commented 7 years ago

https://github.com/websanova/vue-auth/blob/master/README.md#rolesvar-roles

On Apr 26, 2017 06:23, "kyoukhana" notifications@github.com wrote:

it's stored like this

$table->enum('role', ['user', 'admin'])->index();

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/websanova/vue-auth/issues/150#issuecomment-297193417, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkcy-C37tw0nAQh1sekKaHp0ZKfwH_Vks5rzoBbgaJpZM4NG6Rc .

kyoukhana commented 7 years ago

I added the rolesVar: and set it to role. But still not working. If you visit.

http://www.kevinyoukhana.com/admin/login

Open the console and login. 

Vue.use(VueAuth,{
    authRedirect:'/',
    auth: require('@websanova/vue-auth/drivers/auth/bearer.js'),
    http: require('@websanova/vue-auth/drivers/http/vue-resource.1.x.js'),
    router: require('@websanova/vue-auth/drivers/router/vue-router.2.x.js'),
    token: [{request: 'token', response: 'token', authType: 'bearer', foundIn: 'header'}],
    tokenName:'token',
    loginData: {url: 'api/auth', method: 'POST', redirect: 'dashboard'},
    logoutData: {url: 'api/logout', method: 'POST', redirect: 'login',  makeRequest: false},
    fetchData: {url: 'api/account', method: 'GET' , enabled: true},
    rolesVar: 'role',
    refreshData: {enabled: false}
});
websanova commented 7 years ago

link doesn't work.

websanova commented 7 years ago

btw, what happened to that last issue, everything work out? lol

kyoukhana commented 7 years ago

Thanks for the help. The link works. Takes a little time to load. Keep in mind its InMotion Hosting. Only North America.

http://www.kevinyoukhana.com/admin/login

I am still getting that error in this new build.

Firefox Error 53.0 (64-bit)

DOMException [NotFoundError: "Node was not found"
code: 8
nsresult: 0x80530008
location: http://www.kevinyoukhana.com/js/app.js:16475]

Chrome Error version 58.0.3029.81 (64-bit)

app.js:12537 DOMException: Failed to execute 'insertBefore' on 'Node': The node before which the new node is to be inserted is not a child of this node

This app is very small so not sure what I am missing. Again thanks for the help.

kyoukhana commented 7 years ago

So the DOMEXCEPTION is solved. The problem is let's say you want to login to a route to dashboard. You can't have the login route like this /login. /login has to be within the dashboard route otherwise it will throw the DOMException Error

const router = new VueRouter({
    hashbang: false,
    linkActiveClass: 'active',
    mode: 'history',
    routes: [
        {path: '/', component: (resolve) => { require(['./components/views/home.vue'], resolve)}},
        {path: '/403', component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}},
        {path: '/404', component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}},
        {path: '/dashboard', component: (resolve) => { require(['./components/views/admin/dashboard.vue'], resolve)},
            children:[
                {path: '', meta: {auth: ['admin']}, component: (resolve) => { require(['./components/views/admin/dashboardHome.vue'], resolve)}},
                {path: 'login', component: (resolve) => { require(['./components/views/admin/login.vue'], resolve)},
                    children:[
                        { path: '', component: (resolve) => { require(['./components/views/admin/loginhome.vue'], resolve)}}
                    ]
                }

            ]
        }

    ]
});

When using Children the routes become more complex. Also this shined some light on the situation

https://github.com/vuejs/vue/issues/3406

websanova commented 7 years ago

lol, ok

On Apr 27, 2017 10:13, "kyoukhana" notifications@github.com wrote:

So the DOMEXCEPTION is solved. The problem is let's say you want to login to a route to dashboard. You can't have the login route like this /login. /login has to be within the dashboard route otherwise it will throw the DOMException Error

const router = new VueRouter({ hashbang: false, linkActiveClass: 'active', mode: 'history', routes: [ {path: '/', component: (resolve) => { require(['./components/views/home.vue'], resolve)}}, {path: '/403', component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}}, {path: '/404', component: (resolve) => { require(['./components/views/forbidden.vue'], resolve)}}, {path: '/dashboard', component: (resolve) => { require(['./components/views/admin/dashboard.vue'], resolve)}, children:[ {path: '', meta: {auth: ['admin']}, component: (resolve) => { require(['./components/views/admin/dashboardHome.vue'], resolve)}}, {path: 'login', component: (resolve) => { require(['./components/views/admin/login.vue'], resolve)}, children:[ { path: '', component: (resolve) => { require(['./components/views/admin/loginhome.vue'], resolve)}} ] }

        ]
    }

]

});

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/websanova/vue-auth/issues/150#issuecomment-297592039, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkcy-x8lDnEJZMnrXAXXRr9WtCUy-8Nks5rz_nTgaJpZM4NG6Rc .

websanova commented 7 years ago

So this is all good for you now?