Authentication via REST returns token without finding user on db

[jlpellicer]

Hey guys. Started to migrate authentication from v0.7.12 to v1.1.0 over the app generated originally by feathers.

I had the REST authentication working just fine, but had problems getting it to work with Sockets.io, so we switched to the new version.

Now, we got Sockets.io authentication working, but REST doesn't. It doesn't matter what I send to the server (user:password), it always returns an access token, without checking for the user credentials on the database.

What am I missing?

I turned on authentication debug (very cool), this is what I get when I make a request:

2017-03-03T14:25:36.432458+00:00 heroku[router]: at=info method=POST path="/authentication" host=asc-dev-api.herokuapp.com request_id=5f7a5023-b626-466d-8c92-82c0fc7422e4 fwd="187.189.195.137" dyno=web.1 connect=1ms service=11ms status=201 bytes=541
2017-03-03T14:25:36.430456+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:express:expose-headers Exposing Express headers to hooks and services
2017-03-03T14:25:36.431399+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:authentication:utils Creating JWT using options { header: { typ: 'access' },
2017-03-03T14:25:36.431401+00:00 app[web.1]:   audience: 'https://yourdomain.com',
2017-03-03T14:25:36.431402+00:00 app[web.1]:   subject: 'anonymous',
2017-03-03T14:25:36.431403+00:00 app[web.1]:   issuer: 'ASC Authority',
2017-03-03T14:25:36.431403+00:00 app[web.1]:   algorithm: 'HS256',
2017-03-03T14:25:36.431404+00:00 app[web.1]:   expiresIn: '1day' }
2017-03-03T14:25:36.432762+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:authentication:utils New JWT issued with payload {}
2017-03-03T14:25:36.433024+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:express:emit-events Sending 'login' event for REST provider. Token is eyJhbGciOiJIUzI1NiIsInR5cCI6ImFjY2VzcyJ9.eyJpYXQiOjE0ODg1NTExMzYsImV4cCI6MTQ4ODYzNzUzNiwiYXVkIjoiaHR0cHM6Ly95b3VyZG9tYWluLmNvbSIsImlzcyI6IkFTQyBBdXRob3JpdHkiLCJzdWIiOiJhbm9ueW1vdXMifQ.AmsjXOx8RWQGioZ211SeU-hBlRzM8RTMLTDjEYEhgtc
2017-03-03T14:25:36.433195+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:middleware:set-cookie Running setCookie middleware with options: { enabled: false,
2017-03-03T14:25:36.433197+00:00 app[web.1]:   name: 'feathers-jwt',
2017-03-03T14:25:36.433198+00:00 app[web.1]:   httpOnly: false,
2017-03-03T14:25:36.433198+00:00 app[web.1]:   secure: true }

Versions:

"feathers": "^2.1.0",
"feathers-authentication": "^1.1.0",
"feathers-authentication-jwt": "^0.3.1",
"feathers-authentication-local": "^0.3.3",
"feathers-configuration": "^0.4.1",
"feathers-errors": "^2.5.0",
"feathers-hooks": "^1.8.0",
"feathers-rest": "^1.7.0",
"feathers-seeder": "^1.0.7",
"feathers-sequelize": "^1.4.0",
"feathers-socketio": "^1.5.0",

config/default.json

{
   "host": "localhost",
   "port": 5000,
   "postgres": "postgres://xxx:@localhost:5432/xxx",
   "public": "../public/",
   "auth": {
   	"usernameField": "username",
   	"secret": "ssshh",
   	"jwt": {
   		"issuer": "ASC Authority",
   		"expiresIn": "1day"
   	},
   	"local": {
   		"name": "local",
   		"usernameField": "username"
   	}
   }
}

src/app.js

'use strict';

const path = require('path');
const serveStatic = require('feathers').static;
const favicon = require('serve-favicon');
const compress = require('compression');
const cors = require('cors');
const feathers = require('feathers');
const configuration = require('feathers-configuration');
const hooks = require('feathers-hooks');
const rest = require('feathers-rest');
const bodyParser = require('body-parser');
const socketio = require('feathers-socketio');
const middleware = require('./middleware');
const services = require('./services');

const app = feathers();

app.configure(configuration(path.join(__dirname, '..')));

app.use(compress())
	.options('*', cors())
	.use(cors())
	.use(favicon(path.join(app.get('public'), 'favicon.ico')))
	.use('/', serveStatic(app.get('public')))
	.use(bodyParser.json())
	.use(bodyParser.urlencoded({extended: true}))
	.configure(hooks())
	.configure(rest())
	.configure(socketio())
	.configure(services)
	.configure(middleware);

module.exports = app;

src/services/index.js

'use strict';

/* models stuff */
const authentication = require('feathers-authentication');
const local = require('feathers-authentication-local');
const jwt = require('feathers-authentication-jwt');

module.exports = function() {
	const app = this;
	let config = app.get('auth');
	app.configure(authentication(config));
	app.configure(local());
	app.configure(jwt());

	const sequelize = new Sequelize(app.get('postgres'), {
		dialect: 'postgres'
	});
	app.set('sequelize', sequelize);
	/* models stuff */
};

src/services/authentication/index.js

'use strict';

const globalHooks = require('../../../hooks');
const hooks = require('feathers-hooks');
const auth = require('feathers-authentication');
const local = require('feathers-authentication-local');

exports.before = {
	create: [
		console.log('HEY AUTH'), //<-- I never see this execute
		auth.hooks.authenticate(['local'])
	]
};

[daffl]

The create console.log won't run because a hook is a function:

exports.before = {
  create: [
    function(hook) {
      console.log('HEY AUTH'), //<-- I never see this execute
    },
    auth.hooks.authenticate(['local'])
  ]
};

Also, have a look how the new generator (npm install feathers-cli@pre -g) sets everything up. Just returning that object that you have from src/services/authentication/index.js will probably not do anything.

[jlpellicer]

Thanks! I created a new project using the new feathers-cli@pre and feathers-authentication and I got a clear picture about what I need to do.