Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

404 response from populateUser() hook #258

Closed
Chris-R3 opened this Issue Aug 2, 2016 · 6 comments

Comments

Projects
None yet
3 participants
@Chris-R3
Copy link

Chris-R3 commented Aug 2, 2016

If I request a resource with a token for a user who got deleted, I get a 404 response:

{
  "name": "NotFound",
  "message": "No record found for id '579fff74c56273102c131c3b'",
  "code": 404,
  "className": "not-found",
  "errors": {}
}

How can I distinguish between a non-existent user and an actual missing resource?

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Aug 9, 2016

Right now it's not that easy. The only thing you can do is register your own error middleware to try and detect where the request went to, what they were requesting and if it is actually missing.

feathers-authentication@0.8.0 is changing so that you don't have to call the populateUser() hook. It is being moved to middleware that gets run and doesn't throw an error if the user isn't found.

I'm going to have to think about this. Any reason you can't just treat them the same? Regardless of whether they were deleted, it's still now a missing record and an invalid id.

@ekryski ekryski added the Discussion label Aug 9, 2016

@ekryski ekryski modified the milestone: 0.8 Aug 9, 2016

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Aug 9, 2016

I think the idea is to get a different error message (Invalid user or something).

In the new auth we'd just check for a params.user to exist and then throw an error though so this might not be relevant anymore.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Aug 9, 2016

agreed the new version will completely resolve this.

@Chris-R3

This comment has been minimized.

Copy link
Author

Chris-R3 commented Aug 9, 2016

A different error message would have been nice, but if that behaviour is changed in the next version of feathers-authenticate then thats fine for me.

The idea was to show a login form if the user id is wrong/no longer exists and otherwise show a 404 page for missing resources. The issue came up after resetting the database. I still had the old token stored in the browser but from the error message it wasn't really clear that the user is was no longer valid.

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Dec 30, 2016

If the user is missing it will now return a proper 404 error code with v1.x of auth. Let us know if you are still having issues and we'd be happy to revisit.

@ekryski ekryski closed this Dec 30, 2016

@Chris-R3

This comment has been minimized.

Copy link
Author

Chris-R3 commented Jan 9, 2017

Actually I'm getting no error at all!

To recap:

  1. user signs in with local auth and gets back a jwt
  2. user is deleted from the db
  3. user can still access all resources with the token from step 1!

Is this the intended behaviour until the token expires?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.