-
Notifications
You must be signed in to change notification settings - Fork 973
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug?]: v7.0.0 RC: dbAuth immediately invalidates cookie if using an id field other than "id" #10005
Comments
Hello! Thanks so much for the issue! I think I realized why this wasn't an issue prior to this 7.0 release: In 7.0 we introduce the But, even if you did set session.id = user[this.options.authFields.id] So no matter what you called the column in your own database, as far as dbAuth and the cookies are concerned, it's now called But now, we sanitize the user data (all keys not present in So yes, we'd love a PR that fixes this! When I wrote this code originally, all of my testing involved the default |
We were hoping to do an official release of 7.0 on Thursday or Friday of this week, so if that's too short of a timetable for a PR we totally understand—just say the word and we'll fix it real quick! We'll make sure to give you credit, you already did all the work. ;) |
…ny user data defined by `allowedUserFields` not only `id` Closes #10005
Fixes bug when User table had a primary key other than `id`. Shout out to @will-ks for finding this! ### Impact For apps which had a primary key other than `id`, all users will be logged out on their next request after this is deployed. Not sure if we consider that breaking? But it is 7.0 so anything goes! Closes #10005
Fixes bug when User table had a primary key other than `id`. Shout out to @will-ks for finding this! ### Impact For apps which had a primary key other than `id`, all users will be logged out on their next request after this is deployed. Not sure if we consider that breaking? But it is 7.0 so anything goes! Closes #10005
What's not working?
I upgraded my RW project to the v7.0.0 RC and encountered the following issue with dbAuth. I am unable to sign up using the dbAuth signup function, which was working fine before the upgrade.
What happens when I use the signup function is:
First off, this request is made:
the response headers for this request returned successfully sets the cookie as expected:
Then immediately following this, this request is made:
however, the response headers for this request now clear the cookie by setting an expire date in the past:
I dug in to the dbAuth code and found that the issue is with these two lines:
redwood/packages/auth-providers/dbAuth/api/src/DbAuthHandler.ts
Line 1387 in eba906e
redwood/packages/auth-providers/dbAuth/api/src/DbAuthHandler.ts
Line 1404 in eba906e
These fail in my case because
this.session.id
is undefined. I use a different id field on my user object calleduserId
, notid
(which I have set in the dbAuth optionsoptions.authFields.id
). In my casethis.session
is:Changing the two lines to:
and
fixes the issue. If this sounds like a sensible fix I am glad to submit a PR.
I'm not really sure why this issue didn't show itself before upgrading to v7 🤔
How do we reproduce the bug?
No response
What's your environment? (If it applies)
Are you interested in working on this?
The text was updated successfully, but these errors were encountered: