Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GraphQL @auth transformer not working #142

Closed
daaru00 opened this issue Sep 9, 2018 · 8 comments

Comments

Projects
None yet
6 participants
@daaru00
Copy link

commented Sep 9, 2018

Hi,

I added API in my project with command amplify add api, then I choose "GraphQL" as service and "Amazon Cognito User Pool" as authorization type. When CLI ask me what type of application I'm designed I select the "blog post" template for model relationship, it create the GraphQL schema, resolvers, DynamoDB tables and so on.

Then I decide to add auth role in order to allow user to get/create/update only their objects, so I add the @auth(rules: [{allow: owner}]) transformer to the schema like this:

type Widget
  @model 
  @auth(rules: [{allow: owner}])
{
  id: ID!
  name: String!
  hashtags: [Hashtag] @connection(name: "WidgetHashtags")
}

type Hashtag 
  @model 
  @auth(rules: [{allow: owner}])
{
  id: ID!
  hashtag: String!
  widget: Widget @connection(name: "WidgetHashtags")
  images: [Image] @connection(name: "HashtagImages")
}

type Image 
  @model
  @auth(rules: [{allow: owner}])
{
  id: ID!
  src: String
  hashtag: Hashtag @connection(name: "HashtagImages")
}

and I run amplify push command but at the end of update nothing happens.. resolvers are not updated, tables are not update, "owner" field is not created and the auth logic not working (every user can still update/list/delete every object).

I did something wrong? I need to run a command to rebuild the GraphQL resolvers?

@daaru00

This comment has been minimized.

Copy link
Author

commented Sep 9, 2018

I found the command amplify api gql-compile, when I edit/create models it generate the resolvers but auth transformer still not working, not even for the new models..

About system:

amplify: 0.1.18
node: v8.10.0
npm: 3.5.2
@chrisco255

This comment has been minimized.

Copy link

commented Sep 10, 2018

Make sure your AppSync API is pointing to the correct Cognito User Pool by checking under AppSync settings in the AWS Console.

@daaru00

This comment has been minimized.

Copy link
Author

commented Sep 10, 2018

Hi @chrisco255,

Make sure your AppSync API is pointing to the correct Cognito User Pool by checking under AppSync settings in the AWS Console.
yep, I check it and is correct, I'm testing the API directly from AppSync console using query editor.

I think the problem reside in the resolvers generator, for example the createImage request

## START: Prepare DynamoDB PutItem Request. ** 
$util.qr($context.args.input.put("createdAt", $util.time.nowISO8601())) 
$util.qr($context.args.input.put("updatedAt", $util.time.nowISO8601())) 
$util.qr($context.args.input.put("__typename", "Image")) 
{ 
  "version": "2017-02-28", 
  "operation": "PutItem", 
  "key": { 
      "id": { 
          "S": "$util.autoId()" 
    } 
  }, 
  "attributeValues": $util.dynamodb.toMapValuesJson($context.args.input), 
  "condition": { 
      "expression": "attribute_not_exists(#id)", 
      "expressionNames": { 
          "#id": "id" 
    } 
  } 
} 
## END: Prepare DynamoDB PutItem Request. **

does not store the "owner" field, inside DynamoDB the situation is the same, every object stored does not have "owner".. so I think is impossible to detect it.

@jaxondu

This comment has been minimized.

Copy link

commented Sep 11, 2018

A week ago @auth transformer injected authentication codes into the resolver but with bugs as reported here #100. I tried today and all the authentication codes are gone!

@mikeparisstuff

This comment has been minimized.

Copy link
Collaborator

commented Sep 11, 2018

This bug has been fixed. You can fix this in current builds by explicitly passing mutations:[create,update,delete] and queries:[get,list] to @auth. This was fixed in #153

@kaustavghosh06

This comment has been minimized.

Copy link
Contributor

commented Sep 11, 2018

We just published to npm with a fix for this. Please use the version -> 0.1.19.
Closing the issue, feel free to re-open if the issue persists.

@daaru00

This comment has been minimized.

Copy link
Author

commented Sep 11, 2018

Awesome! I will try ASAP both solutions (specifying mutation and update the CLI) just to provide you an accurate feedback.

ps: congratulations for the excellent work 😉

@blazestudios23

This comment has been minimized.

Copy link

commented Jan 9, 2019

Hello I'm still having this issue.
I added @auth(rules: [{ allow: owner }])
to an existing type. Ran "amplify update api" and then "amplify push".

The code in appsync does not update to account for @auth and no column is created to store the user in the DynamoDB table. I am using the correct Cognito App client.

The follow code is added to the resolvers file on my local computer:
"## Authorization rule: { allow: "owner", ownerField: "owner", identityField: "cognito:username" } **"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.