Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation not understanding #563

Closed
idealley opened this Issue Aug 31, 2017 · 18 comments

Comments

Projects
None yet
2 participants
@idealley
Copy link

idealley commented Aug 31, 2017

I am trying to access protected endpoints with http requests.

I do not understand this passage in the documentation:

If you are not using the feathers-authentication-client and you have registered this module server side then you can simply include the access token in an Authorization header.

Where should I register this on the server and how?

Sam

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

Yeah. That line is hurt by a bit of ambiguity. This line is talking about how to connect from the client. So, on the client, you can either use the feathers-authentication-client or just connect manually with Ajax. If you decide to use your favorite Ajax library, just pass the JWT in the Authorization header when you want to perform an authenticated request to the server.

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

Actually it is not... it is under Direct usage:

Direct Usage

Using a HTTP Request

If you are not using the feathers-authentication-client and you have registered this module server side then you can simply include the access token in an Authorization header.

Thus I do not understand why I would need a client module on the server and if it is necessary how to register it. I have tried few versions but I am getting errors :(

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

It is not what?

You use the client package any time you want to connect to another server. It doesn't matter if the client is a web browser or a Node.js application.

I am trying to access protected endpoints with http requests.

From where to where?

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

It seems that this passage of the documentation is about Direct calls to an API endpoint that is protected.

I have generated an auth in my api with feathers generate authentication which added some boiler plate to my API.

now I am trying to call the /authentication endpoint to get a JWT token in order to call protected endpoints.

If I send a payload with post man as follow:

{
  "strategy": "local",
  "email": "<email>",
  "password": "<password>"
}

I get

{
    "name": "BadRequest",
    "message": "Missing credentials",
    "code": 400,
    "className": "bad-request",
    "data": {
        "message": "Missing credentials"
    },
    "errors": {}
}

if I send the same payload but with the stategy jwt I get:

{
    "name": "NotAuthenticated",
    "message": "No auth token",
    "code": 401,
    "className": "not-authenticated",
    "data": {},
    "errors": {}
}

Then I found the passage I mentioned in the doc.

I do not know what to do.

Sorry for being unlcear

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

You might be missing a header. I clarified the docs just now.

Set Content-Type to application/json.

Otherwise, the parser can't read the data.

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

I have it.

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

Set a before hook on the authentication service on the server and inspect that the email and password are both making it into the request.

Double check your feathers-authentication-local config to make sure you haven't changed the usernameField and passwordField to something besides email and password.

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

So I have set up a quick look and I get an object data with the values I sent

{ data:
   { strategy: 'jwt',
     email: 'test@test.com',
     password: 'password' },

for the local strategy I have:

    "local": {
      "entity": "user",
      "service": "users",
      "usernameField": "email",
      "passwordField": "password"
    }
@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

Can you post the contents of your authentication.js file?

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

const authentication = require('feathers-authentication');
const jwt = require('feathers-authentication-jwt');
const local = require('feathers-authentication-local');

const test = require('./hooks/test').test;



module.exports = function () {
  const app = this;
  const config = app.get('authentication');


  
  app.configure(authentication(config));

  app.configure(jwt());
  app.configure(local(config.local));

  // The `authentication` service is used to create a JWT.
  // The before `create` hook registers strategies that can be used
  // to create a new valid JWT (e.g. local or oauth2)
  app.service('authentication').hooks({
    before: {
      create: [
        test(),
        authentication.hooks.authenticate(config.strategies)
      ],
      remove: [
        authentication.hooks.authenticate('jwt')
      ]
    }
  });
};

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

Looks fine. What are the strategies in your config?

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

    "strategies": [
      "jwt",
      "local"
    ],
@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

Your config looks fine. How about your user.hooks file?

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

module.exports = {
  before: {
    all: [],
    find: [ authenticate('jwt') ],
    get: [ ...restrict ],
    create: [ hashPassword() ],
    update: [ ...restrict, hashPassword() ],
    patch: [ ...restrict, hashPassword() ],
    remove: [ ...restrict ]
  },

  after: {
    all: [
      commonHooks.when(
        hook => hook.params.provider,
        commonHooks.discard('password')
      )
    ], ...

I did not restrict the create, in order to be able to create users. I am storing them in a mongo db. By the way I have noticed that now the password is not hashed on create... thus I cannot create new users.

I have those installed:

 "feathers-authentication": "^1.2.7",
    "feathers-authentication-client": "^0.3.3",
    "feathers-authentication-hooks": "^0.1.4",
    "feathers-authentication-jwt": "^0.3.2",
    "feathers-authentication-local": "^0.4.4",
@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

I am testing with both users some that have a hashed password and others that don't. Same results.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Aug 31, 2017

Message me in the Feathers Slack and we'll pair on this.

@idealley

This comment has been minimized.

Copy link
Author

idealley commented Aug 31, 2017

Thanks to @marshallswain and his precious help.

We discovered that I had an environment variable called password that was messing up the default.json configuration file. The passwordField was taking the value of the environment variable and not the string "password"

The solution was quite easy, escaping the "password" with two backslashes "\\password"

This solved the authentication issue as well as the password hashing issue.

@idealley idealley closed this Aug 31, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.