Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does not populate user for other services #150

Closed
PhilWhitehurst opened this Issue Apr 5, 2016 · 6 comments

Comments

Projects
None yet
2 participants
@PhilWhitehurst
Copy link

PhilWhitehurst commented Apr 5, 2016

Hi,

I'm trying to get the user within a service find call where the user has been authenticated and there is JWT

// Register a before hook to get user for use in profile service
app.service('profile').before({
find: [
authentication.hooks.verifyToken(),
authentication.hooks.populateUser(),
function (hook) {
console.log(hook.params.user)
return hook;
}
]
});

I am using feathers authentication version 0.7.0

In the hooks params object I have the following, no matter what I do no idField gets populated and the user does not get populated.

token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NTk4NzA3MjgsImV4cCI6MTQ1OTk1NzEyOCwiaXNzIjoiZmVhdGhlcnMifQ.gUEZAciqjZTHdcVG37LhaqZbsBiIumUqlrC7vfX6hVs',
user: undefined,
payload: { iat: 1459870728, exp: 1459957128, iss: 'feathers' } }

What am I missing, why is the user not getting populated for use in my service?

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Apr 5, 2016

@PhilWhitehurst Can you post a link to your app or a gist of your configuration? The hooks look fine.

@PhilWhitehurst

This comment has been minimized.

Copy link
Author

PhilWhitehurst commented Apr 5, 2016

Will do tomorrow 'puter shut down for now. Config is just standard options with email as the user key as per default for user service.

@PhilWhitehurst

This comment has been minimized.

Copy link
Author

PhilWhitehurst commented Apr 6, 2016

Here's the gist.

http.js runs on the server side, and socketConnection.js is the client side code talking to it

https://gist.github.com/PhilWhitehurst/ceba63b595b40fac04bbcecbeccf6946.

@PhilWhitehurst

This comment has been minimized.

Copy link
Author

PhilWhitehurst commented Apr 6, 2016

Hi,

ok, I've got to the root of it.

I added some diagnostics into the Feathers Authentication plugin.

There were two things going on. My id field was email. As soon as I added that in config
// Register our authentication plugin
app.configure(authentication({idField: 'email'}));

This led to getting a not authenticated message but it was leaking the user object to the client including the hashed password. This is because it was returning the error object, because my user service had a find and create method but not a get method that feathers-authentication tried to call. Because I'd just done a local auth with email and password the user object was in the response.

So I've added a get method to my user service and now it authenticates and returns the user object in the authenticated response. I can also see it's available to my service on the server so far so good.

However the password is being returned to the client in the authenticated response and I thought feathers-authentication stripped out the password from the user object?

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Apr 8, 2016

@PhilWhitehurst the default passwordField is password so you need to set that as well if you have changed it to something else, and yes if you use something different than _id for your user id you need to set the idField.

The password does get stripped by auth but if you are monkeying with the user service and overriding methods then I can't guarantee that it will work as expected. You also would need to make sure you are on auth v0.7.0+.

In all honesty I'd have to see a link to code. The gist above doesn't show your user service.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Apr 8, 2016

Since the original issue is sorted I'm going to close this. @PhilWhitehurst feel free to open a new one for password issues if you are still having them.

@ekryski ekryski closed this Apr 8, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.