New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue with acs.Users.showMe after upgrading to 0.9.3 #22

Open
nicco opened this Issue Oct 2, 2014 · 6 comments

Comments

Projects
None yet
4 participants
@nicco

nicco commented Oct 2, 2014

Hey everyone, I'm having an issue with this new version.
In my app I use acs.Users.showMe to authenticate my users towards the API, this is done:

  • In the Titanium app I get the sessionId of the authenticated user and I pass it as an header to all my API calls.
  • In the Node app I do get the session Id and add it to the session in this way:
var acsSessionId = req.headers['acs-session-id'];
    if (!req.cookies) {
        req.cookies = {};
    }
    req.cookies._session_id = acsSessionId;
    req.session = {};

then I call acs.Users.showMe

After updating to 0.9.3 I notice that when my sessionId changes (I restart the titanium app etc) acs.Users.showMe does return

{"success":false,"error":true,"code":401,"message":"You need to sign in or sign up before continuing."}

So first time i do connect with a newly started server it works and then when I change the sessionId it does not work.

Works perfectly in 0.9.2

Thanks

@baobeimm

This comment has been minimized.

Show comment
Hide comment
@baobeimm

baobeimm Oct 3, 2014

Can you please provide your code ? we can't reproduce this issue. Here is the code we tried

app.get('/showMe', function showMe(req, res) {
    console.log(JSON.stringify(req.headers));
    var acsSessionId = req.headers['acs-session-id'];
    // try assign a valid session here, it works well
    if (!req.cookies) {
        req.cookies = {};
    }
    req.cookies._session_id = acsSessionId;
    req.session = {};

    ACS.Users.showMe(function(data){
        console.log("######showMe######");
        console.log(JSON.stringify(data, null, 2));
        if(data.success) {
            var user = data.users[0];
            if(user.first_name && user.last_name) {
                user.name = user.first_name + ' ' + user.last_name;
            } else {
                user.name = user.username;
            }
            req.session.user = user;
            res.redirect('/');
        } else {
            console.log(“ShowMe error: " + data.meta.message);
            res.render('login', {message: data.meta.message});
        }
    }, req, res);
});

baobeimm commented Oct 3, 2014

Can you please provide your code ? we can't reproduce this issue. Here is the code we tried

app.get('/showMe', function showMe(req, res) {
    console.log(JSON.stringify(req.headers));
    var acsSessionId = req.headers['acs-session-id'];
    // try assign a valid session here, it works well
    if (!req.cookies) {
        req.cookies = {};
    }
    req.cookies._session_id = acsSessionId;
    req.session = {};

    ACS.Users.showMe(function(data){
        console.log("######showMe######");
        console.log(JSON.stringify(data, null, 2));
        if(data.success) {
            var user = data.users[0];
            if(user.first_name && user.last_name) {
                user.name = user.first_name + ' ' + user.last_name;
            } else {
                user.name = user.username;
            }
            req.session.user = user;
            res.redirect('/');
        } else {
            console.log(“ShowMe error: " + data.meta.message);
            res.render('login', {message: data.meta.message});
        }
    }, req, res);
});
@nicco

This comment has been minimized.

Show comment
Hide comment
@nicco

nicco Oct 3, 2014

Thank you so much for the quick response, here is my code:

I notice that the main difference is that I do the check in a middleware and it's a REST API

var acs = require('acs-node');
var config = require('./config');
acs.initACS(config.acs.appKey);
var express = require('express');
var router = express.Router();

router.use(function(req, res, next) {
    var acsSessionId = req.headers['acs-session-id'];
    if (!req.cookies) {
        req.cookies = {};
    }
    req.cookies._session_id = acsSessionId;
    req.session = {};
    acs.Users.showMe(function(e) {
        if (e.success && e.success === true) {
            var user = e.users[0];
            req.session.user = user;
            next();
        } else {
            req.session.controller = "";
            console.log('Error: ' + JSON.stringify(e));
            delete req.session.user;
            req.session.flash = {
                msg : "Please login first.",
                r : 0
            };
            res.send(401);
            return;
        }
    }, req, res);
});

This will work with the first sessionId but when the sessionId changes i get 401

nicco commented Oct 3, 2014

Thank you so much for the quick response, here is my code:

I notice that the main difference is that I do the check in a middleware and it's a REST API

var acs = require('acs-node');
var config = require('./config');
acs.initACS(config.acs.appKey);
var express = require('express');
var router = express.Router();

router.use(function(req, res, next) {
    var acsSessionId = req.headers['acs-session-id'];
    if (!req.cookies) {
        req.cookies = {};
    }
    req.cookies._session_id = acsSessionId;
    req.session = {};
    acs.Users.showMe(function(e) {
        if (e.success && e.success === true) {
            var user = e.users[0];
            req.session.user = user;
            next();
        } else {
            req.session.controller = "";
            console.log('Error: ' + JSON.stringify(e));
            delete req.session.user;
            req.session.flash = {
                msg : "Please login first.",
                r : 0
            };
            res.send(401);
            return;
        }
    }, req, res);
});

This will work with the first sessionId but when the sessionId changes i get 401

@jhaynie

This comment has been minimized.

Show comment
Hide comment
@jhaynie

jhaynie Oct 3, 2014

Contributor

There was a change that was made to support both instance and singleton uses. My guess is that it's related to that. You have two options until we can fully refactor this module: (a) pass session_id in each data payload you pass (for example in the acs.Users.showMe) you retrieve from the response or (b) use the previous version of this library (which had the older behavior).

Contributor

jhaynie commented Oct 3, 2014

There was a change that was made to support both instance and singleton uses. My guess is that it's related to that. You have two options until we can fully refactor this module: (a) pass session_id in each data payload you pass (for example in the acs.Users.showMe) you retrieve from the response or (b) use the previous version of this library (which had the older behavior).

@definitelycarter

This comment has been minimized.

Show comment
Hide comment
@definitelycarter

definitelycarter Oct 3, 2014

Looks related to #18.

definitelycarter commented Oct 3, 2014

Looks related to #18.

@jhaynie

This comment has been minimized.

Show comment
Hide comment
@jhaynie

jhaynie Oct 3, 2014

Contributor

@definitelycarter yes, the same issue.

Contributor

jhaynie commented Oct 3, 2014

@definitelycarter yes, the same issue.

@nicco

This comment has been minimized.

Show comment
Hide comment
@nicco

nicco Oct 12, 2014

hi @jhaynie should it be the 4th parameter?

callback, res, req, sessionId

it did not work for me!

Thanks!

nicco commented Oct 12, 2014

hi @jhaynie should it be the 4th parameter?

callback, res, req, sessionId

it did not work for me!

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment