New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
401 ERROR - Cookie has wrong format #62
Comments
This error is occuring because the cookie is expected to be a string not a byte array or bytes. |
Here is the environment of the creation of the cookie: @app.post("/login")
def login(request: Request, username: str = Form(...), password: str = Form(...)):
#def login(request: Request, form_data: OAuth2PasswordRequestForm = Depends()):
# Select users from database
#user = load_user(form_data.username)
loginUser = select(members.c.username, members.c.password).where(
members.c.username == username)
result = engine.execute(loginUser)
row = result.fetchone()
logger.info("Post login user is: " + row.username)
# Check exist of the username
# if user is None:
# return templates.TemplateResponse("login.html", {"request": request, "error_status": "Didn't find any user with this username! Try again or register!"})
# Check match of the password
if row.password == password:
access_token = manager.create_access_token(
data={"sub":username}
)
logger.info("Token has been created!")
response = RedirectResponse(
url="/frontpage", status_code=status.HTTP_302_FOUND)
manager.set_cookie(response, access_token)
#logger.info("Cookie has been created!")
# return {'access_token': access_token, 'token_type': 'bearer'}
return response
else:
#raise InvalidCredentialsException
return templates.TemplateResponse("login.html", {"request": request, "error_status": "Password isn't correct! Try again!"}) And here is the user loader: @manager.user_loader()
def load_user(username: str):
loginUser = select(members.c.username, members.c.password).where(
members.c.username == username)
result = engine.execute(loginUser)
row = result.fetchone()
if row:
logger.info("Loaded user is: " + row.username)
print("Loaded user is: " + row.username)
return row.username
else:
logger.error("User not found")
print("User not found")
return None |
Honestly I have no idea why your code is not working. This is the code I used to try if cookies are working as expected: from fastapi import FastAPI, Depends
from starlette.status import HTTP_302_FOUND
from starlette.requests import Request
from starlette.responses import HTMLResponse, RedirectResponse
from fastapi_login import LoginManager
DB = {"test-user@example.org": {"email": "test-user@example.org", "password": "hunter2"}}
app = FastAPI()
manager = LoginManager(secret="your-secret-key", token_url="/login", use_cookie=True)
@manager.user_loader()
def get_user(email: str):
return DB[email]
@app.get('/login')
def login():
"""
For testing purposes this automatically creates a access token and the redirects to /cookies
"""
access_token = manager.create_access_token(
data={'sub': 'test-user@example.org'}
)
print(f"Access token is: {access_token}")
response = RedirectResponse(url="/cookies", status_code=HTTP_302_FOUND)
manager.set_cookie(response, access_token)
print(f"Response headers are: {response.headers}")
print(f"Redirecting to '/cookies'")
return response
@app.get('/cookies')
async def list_cookies(request: Request, user=Depends(manager)):
"""
Returns a json response containing all cookies set in the request
and tries to load the user from the token, if this fails a InvalidCredentialsException is returned
"""
print('Authentication was successfull.')
print(f'Authorization cookie: {request.cookies.get(manager.cookie_name)}')
return {
'cookies': request.cookies,
'auth': {
'successful': True, # Otherwise a exception is returned
'user': user
}
}
if __name__ == "__main__":
import uvicorn
uvicorn.run(app) |
Did this help? |
Sorry for the late reply, but I had not too much time in the last few days.
I suspect if I am the only one, who having this problem, that there is something wrong with the wsl. Interesting. |
Interestingly the access-token in your case still contains the |
I am using Edge chromium lastest build, but this issue also exist in Firefox. I will try it on my native linux machine tomorrow and I will reply back! |
Thank you. |
Hi!
I think I have found a bug in the login with cookies. I always got 401 error, so I started to dig down in the script. Finally I have found the problem and the "hotfix" solution.
Well:
The byte array somewhere will be converted into string so in the cookie the
b' * '
identifiers are remamining in the cookie and the jwt parser can not parse the data. For example:Token (cookie):
If I cuted down the first two byte and the last byte the decode works like a charm.
Cutted token:
Have you experienced this error?
The text was updated successfully, but these errors were encountered: