Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to access logged-in user data #127

Open
JayGajjar opened this issue Sep 28, 2019 · 3 comments
Open

How to access logged-in user data #127

JayGajjar opened this issue Sep 28, 2019 · 3 comments

Comments

@JayGajjar
Copy link

I am currently running feathers v4, and using custom JWTStrategy to add user role into JWT token. With this implementation i am unable to access authenticated web-services.
Is there any way to get permission with default JWTStrategy ?

Please check my code

authentication.js

const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication');
const { LocalStrategy } = require('@feathersjs/authentication-local');
const { expressOauth } = require('@feathersjs/authentication-oauth');

class LegacyAuthenticationService extends AuthenticationService {
  async getPayload(authResult, params) {
    // Call original `getPayload` first
    const payload = await super.getPayload(authResult, params);
    const { user } = authResult;

    if (user && user.roles) {
      payload.roles = user.roles;
    }

    return payload;

  }
}

class LegacyJWTStrategy extends JWTStrategy {
  getEntityId(authResult) {
    const { authentication: { payload } } = authResult;

    return payload.roles || payload.sub;
  }
}

module.exports = app => {
  const authentication = new LegacyAuthenticationService(app);

  authentication.register('jwt', new LegacyJWTStrategy());
  authentication.register('local', new LocalStrategy());

  app.use('/authentication', authentication);
  // app.configure(expressOauth());
};

`

users.hooks.js

`const { authenticate } = require('@feathersjs/authentication').hooks;

const {
  hashPassword, protect
} = require('@feathersjs/authentication-local').hooks;

module.exports = {
  before: {
    all: [],
    find: [ authenticate('jwt') ], 
    get: [ authenticate('jwt') ], <--- This function is unable to decode custom JWT
    create: [ hashPassword('password') ],
    update: [ hashPassword('password'),  authenticate('jwt') ],
    patch: [ hashPassword('password'),  authenticate('jwt') ],
    remove: [ authenticate('jwt') ]
  },

  after: {
    all: [ 
      // Make sure the password field is never sent to the client
      // Always must be the last hook
      protect('password')
    ],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  },

  error: {
    all: [],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  }
};
`

Error

GET Api Url: http://localhost:3030/users

{"name":"BadRequest","message":"Cast to ObjectId failed for value "admin" at path "_id" for model "users"","code":400,"className":"bad-request","errors":{}}

@josx
Copy link
Owner

josx commented Oct 2, 2019

I am not using feather v4, here an example with working permissions
https://github.com/kfern/feathers-aor-test-integration

@JayGajjar
Copy link
Author

I have started my project by referring this example, but due to some major changes in authentication of feathersjs i am not able to figure out the issue i mentioned.

@lijoantony
Copy link
Contributor

I am using feathers v4 with a similar configuration as you described without issues. Are you sure the error is due to authentication config? From your error message,
Cast to ObjectId failed for value "admin" at path "_id" for model "users"
It seems like it is trying to cast value "admin" to ObjectId type, which would fail as expected. Could the problem be that _id has the value "admin" and it might not be correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants