Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hook.params.user is null using REST #678

Closed
greyivy opened this Issue Jun 5, 2018 · 10 comments

Comments

Projects
None yet
3 participants
@greyivy
Copy link

greyivy commented Jun 5, 2018

Using the socketio transport, hook.params.user is populated and can be used in hooks. Using REST, however, I am able to authenticate but I see no user.

Here is what I get in the before hook:

debug: Hook Context {
  "type": "before",
  "method": "find",
  "path": "tags",
  "params": {
    "query": {},
    "route": {},
    "provider": "rest",
    "headers": {
      "content-type": "application/json",
      "authorization": "{TOKEN}",
      "cache-control": "no-cache",
      "postman-token": "7aae0712-7d16-4d67-9290-8935e5c3a698",
      "user-agent": "PostmanRuntime/7.1.1",
      "accept": "*/*",
      "host": "localhost:3030",
      "accept-encoding": "gzip, deflate",
      "connection": "keep-alive"
    }
  }
}

In my before all hooks I have authenticate('jwt').

Why is there a user param when using websockets? How do I enable this using REST?

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jun 5, 2018

Try setting the Authorization header to using the bearer scheme "authorization": "Bearer {TOKEN}"

@greyivy

This comment has been minimized.

Copy link
Author

greyivy commented Jun 5, 2018

Unfortunately not helping. Same problem.

I know authentication is happening because if I change a character of the JWT I get:

{
    "name": "NotAuthenticated",
    "message": "invalid algorithm",
    "code": 401,
    "className": "not-authenticated",
    "data": {
        "name": "JsonWebTokenError",
        "message": "invalid algorithm"
    },
    "errors": {}
}

...and none of my other hooks run. Using the correct JWT, my hooks after authenticate('jwt') do run but without the params.user object.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jun 5, 2018

How does the decoded token look then? Does it have userId? Can you share a repository to reproduce the issue?

@greyivy

This comment has been minimized.

Copy link
Author

greyivy commented Jun 5, 2018

Here's the decoded token:

{
  "userId": 1,
  "iat": 1528215672,
  "exp": 1528302072,
  "aud": "https://yourdomain.com",
  "iss": "feathers",
  "sub": "anonymous",
  "jti": "0c83ca60-ffe5-4c63-87b5-2a9ff3bc7b2b"
}

Also, calling /authentication with my username and password does return the user object in the result, but it's not there on subsequent calls.

Unfortunately I'm unable to share the code at the moment (not mine to share).

@greyivy

This comment has been minimized.

Copy link
Author

greyivy commented Jun 5, 2018

Also, hook.params.user is present in the hooks in the /authentication service.

@greyivy

This comment has been minimized.

Copy link
Author

greyivy commented Jun 5, 2018

Figured it out.

Didn't realize socketio wasn't calling the /users service on every call to pull user data like REST was. One of my hooks was preventing REST from getting a user.

Is socketio not getting a user on each call normal behavior?

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jun 5, 2018

Trying to create a reproducible issue can help you to figure out the problem as well. I'm not able to reproduce it for example in the feathers-chat.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jun 5, 2018

Currently yes but that will change in the next version (see #517)

@daffl daffl closed this Jun 5, 2018

@greyivy

This comment has been minimized.

Copy link
Author

greyivy commented Jun 5, 2018

Appreciate the help!

@abalad

This comment has been minimized.

Copy link

abalad commented Aug 7, 2018

I'm having the same problem when making calls using the Rest Provider.
Some HOOks that I need to deal with the user do not get this value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.