-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email in return results is inconsistent when using auth-refresh when an expand option is used #2173
Comments
I've tested it locally and I'm not able to reproduce the issue. The authenticated user should always have access to their email, no matter of the Or in other words, it is expected to see the email of the authenticated user in the If that's not what you are experiencing, please export your collections (Admin UI > Settings > Export collections) and I'll try to investigate it. |
So I just ran into this bug and am able to reproduce it with my set up. I have confirmed that removing the expand params from the auth refresh call will show Maybe this is something specific to the way permissions/filters are set up? Happy to share any info. |
@jmar910 As mentioned above I wasn't able to reproduce the issue. If you are not able to identify the cultprit please provide at least some steps to reproduce, for example more details about your collections structure (you can export your collections from the Admin UI > Settings > Export collections) and a code sample showing how you are sending the request. |
@jmar910 Also note that if you use Next.js it could be cache related. |
We use Ember, so I dont think that's it BUT I will double check that it isn't related to ember by trying curl or postman (AFAIK our version of ember doesn't do anything special with request caching) How the request is being made: import PocketBase from 'pocketbase';
// how we set it up
export default class PocketbaseService {
//...
pb = null;
constructor(pb) {
super(...arguments);
this.pb = pb;
}
async refreshUser() {
await this.pb.collection('users').authRefresh({ expand: 'roles' });
}
//...
}
// we initialize once for our app
const pb = new Pocketbase("/")
const ps = new PocketbaseService(pb)
// how we call it
await ps.refreshUser(); We initialize the Will get you collection export shortly. |
@jmar910 I'm not able to reproduce it. To test it on your own, please create the following <!DOCTYPE html />
<html>
<head>
<meta charset="utf-8" />
<title>Expanded user email test</title>
</head>
<body>
<script type="module">
import PocketBase from "https://cdn.jsdelivr.net/gh/pocketbase/js-sdk@0.21.1/dist/pocketbase.es.mjs"
const pb = new PocketBase("http://127.0.0.1:8090");
const result1 = await pb.collection("users").authWithPassword("test@example.com", "1234567890")
console.log("user after auth:", result1.record.email)
const result2 = await pb.collection("users").authRefresh({ expand: "roles" });
console.log("user after refresh:", result2.record.email)
</script>
</body>
</html> Navigate to Edit: Tested with PocketBase v0.21.1 and JS SDK v0.21.1. |
Was able to reproduce the issue using your example and this set of collections. My guess is it has something to do with our roles/permission/permissionSets in relation to API filters, but I still wouldn't expect the field to just disappear from the collection I do have access to. |
Thank you for the json. I was able to reproduce it (it is a side effect from the fields resolver). Will submit a fix sometime later today. |
Thank you! Not urgent as we have worked around it for my case, but glad we could get to the bottom of it. Totally appreciate your quick and helpful responses/examples. |
…authenticated user email to not being returned in the authRefresh() calls
I've updated the field resolver tests and pushed a small fix as part of PocketBase v0.21.2 release. If you are still experiencing the issue, feel free to let me know and I'll try to investigate it in more details tomorrow. |
If email visibility is not set for the record then
/api/collections/users/auth-refresh
will return the authenticated user for that token. This record will contain the email.However if
/api/collections/users/auth-refresh?expand=users_sites(user).user
is called then the top record will not contain the email. But the expanded relation record for user will contain the email.However, If I turn on email visibility for this user record then it will appear in both places (in top level record and in expand section.
So there is a bug relating to both the variables together which check email visibility and if expand is happening. Also this might be a good time to check if you're being overly protective of email visibility, or if it could slip through with other API calls.
The text was updated successfully, but these errors were encountered: