Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication via REST returns token without finding user on db #430

Closed
jlpellicer opened this Issue Mar 3, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@jlpellicer
Copy link

jlpellicer commented Mar 3, 2017

Hey guys. Started to migrate authentication from v0.7.12 to v1.1.0 over the app generated originally by feathers.

I had the REST authentication working just fine, but had problems getting it to work with Sockets.io, so we switched to the new version.

Now, we got Sockets.io authentication working, but REST doesn't. It doesn't matter what I send to the server (user:password), it always returns an access token, without checking for the user credentials on the database.

What am I missing?

I turned on authentication debug (very cool), this is what I get when I make a request:

2017-03-03T14:25:36.432458+00:00 heroku[router]: at=info method=POST path="/authentication" host=asc-dev-api.herokuapp.com request_id=5f7a5023-b626-466d-8c92-82c0fc7422e4 fwd="187.189.195.137" dyno=web.1 connect=1ms service=11ms status=201 bytes=541
2017-03-03T14:25:36.430456+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:express:expose-headers Exposing Express headers to hooks and services
2017-03-03T14:25:36.431399+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:authentication:utils Creating JWT using options { header: { typ: 'access' },
2017-03-03T14:25:36.431401+00:00 app[web.1]:   audience: 'https://yourdomain.com',
2017-03-03T14:25:36.431402+00:00 app[web.1]:   subject: 'anonymous',
2017-03-03T14:25:36.431403+00:00 app[web.1]:   issuer: 'ASC Authority',
2017-03-03T14:25:36.431403+00:00 app[web.1]:   algorithm: 'HS256',
2017-03-03T14:25:36.431404+00:00 app[web.1]:   expiresIn: '1day' }
2017-03-03T14:25:36.432762+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:authentication:utils New JWT issued with payload {}
2017-03-03T14:25:36.433024+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:express:emit-events Sending 'login' event for REST provider. Token is eyJhbGciOiJIUzI1NiIsInR5cCI6ImFjY2VzcyJ9.eyJpYXQiOjE0ODg1NTExMzYsImV4cCI6MTQ4ODYzNzUzNiwiYXVkIjoiaHR0cHM6Ly95b3VyZG9tYWluLmNvbSIsImlzcyI6IkFTQyBBdXRob3JpdHkiLCJzdWIiOiJhbm9ueW1vdXMifQ.AmsjXOx8RWQGioZ211SeU-hBlRzM8RTMLTDjEYEhgtc
2017-03-03T14:25:36.433195+00:00 app[web.1]: Fri, 03 Mar 2017 14:25:36 GMT feathers-authentication:middleware:set-cookie Running setCookie middleware with options: { enabled: false,
2017-03-03T14:25:36.433197+00:00 app[web.1]:   name: 'feathers-jwt',
2017-03-03T14:25:36.433198+00:00 app[web.1]:   httpOnly: false,
2017-03-03T14:25:36.433198+00:00 app[web.1]:   secure: true }

screen shot 2017-03-03 at 9 28 20 am

Versions:

"feathers": "^2.1.0",
"feathers-authentication": "^1.1.0",
"feathers-authentication-jwt": "^0.3.1",
"feathers-authentication-local": "^0.3.3",
"feathers-configuration": "^0.4.1",
"feathers-errors": "^2.5.0",
"feathers-hooks": "^1.8.0",
"feathers-rest": "^1.7.0",
"feathers-seeder": "^1.0.7",
"feathers-sequelize": "^1.4.0",
"feathers-socketio": "^1.5.0",

config/default.json

{
   "host": "localhost",
   "port": 5000,
   "postgres": "postgres://xxx:@localhost:5432/xxx",
   "public": "../public/",
   "auth": {
   	"usernameField": "username",
   	"secret": "ssshh",
   	"jwt": {
   		"issuer": "ASC Authority",
   		"expiresIn": "1day"
   	},
   	"local": {
   		"name": "local",
   		"usernameField": "username"
   	}
   }
}

src/app.js

'use strict';

const path = require('path');
const serveStatic = require('feathers').static;
const favicon = require('serve-favicon');
const compress = require('compression');
const cors = require('cors');
const feathers = require('feathers');
const configuration = require('feathers-configuration');
const hooks = require('feathers-hooks');
const rest = require('feathers-rest');
const bodyParser = require('body-parser');
const socketio = require('feathers-socketio');
const middleware = require('./middleware');
const services = require('./services');

const app = feathers();

app.configure(configuration(path.join(__dirname, '..')));

app.use(compress())
	.options('*', cors())
	.use(cors())
	.use(favicon(path.join(app.get('public'), 'favicon.ico')))
	.use('/', serveStatic(app.get('public')))
	.use(bodyParser.json())
	.use(bodyParser.urlencoded({extended: true}))
	.configure(hooks())
	.configure(rest())
	.configure(socketio())
	.configure(services)
	.configure(middleware);

module.exports = app;

src/services/index.js

'use strict';

/* models stuff */
const authentication = require('feathers-authentication');
const local = require('feathers-authentication-local');
const jwt = require('feathers-authentication-jwt');

module.exports = function() {
	const app = this;
	let config = app.get('auth');
	app.configure(authentication(config));
	app.configure(local());
	app.configure(jwt());

	const sequelize = new Sequelize(app.get('postgres'), {
		dialect: 'postgres'
	});
	app.set('sequelize', sequelize);
	/* models stuff */
};

src/services/authentication/index.js

'use strict';

const globalHooks = require('../../../hooks');
const hooks = require('feathers-hooks');
const auth = require('feathers-authentication');
const local = require('feathers-authentication-local');

exports.before = {
	create: [
		console.log('HEY AUTH'), //<-- I never see this execute
		auth.hooks.authenticate(['local'])
	]
};
@daffl

This comment has been minimized.

Copy link
Member

daffl commented Mar 3, 2017

The create console.log won't run because a hook is a function:

exports.before = {
  create: [
    function(hook) {
      console.log('HEY AUTH'), //<-- I never see this execute
    },
    auth.hooks.authenticate(['local'])
  ]
};

Also, have a look how the new generator (npm install feathers-cli@pre -g) sets everything up. Just returning that object that you have from src/services/authentication/index.js will probably not do anything.

@jlpellicer

This comment has been minimized.

Copy link
Author

jlpellicer commented Mar 3, 2017

Thanks! I created a new project using the new feathers-cli@pre and feathers-authentication and I got a clear picture about what I need to do.

@jlpellicer jlpellicer closed this Mar 3, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.