GraphQL based logins not working

[sebhoss]

Describe the bug
Using GraphQL mutations to login is not possible.

Steps to reproduce the behavior

1. Create a new strapi instance using the quick start guide
2. Install the GraphQL plugin
3. Open http://localhost:1337/graphql
4. Send the login mutation specified further down below in the code snippets
5. Strapi returns 400 and claims Identifier or password invalid.

Expected behavior
The login should work, a 200 status code is returned along with all query fields specified in the mutation.

Code snippets
The mutation looks like this (see https://github.com/strapi/strapi/pull/3879/files#diff-7b312dd446f2b4a1bc499c31ce3dbc01R69-R84 or https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/test/users-graphql.test.e2e.js#L66-L89 for reference):

# Write your query or mutation here
mutation login($input: UsersPermissionsLoginInput!) {
  login(input: $input) {
    jwt
    user {
      id
      email
    }
  }
}

The variables section below the query input looks like this:

{
  "input": {
    "identifier": "my-username",
    "password": "my-password"
  }
}

The returned response is:

{
  "error": {
    "errors": [
      {
        "message": "Bad Request",
        "locations": [
          {
            "line": 2,
            "column": 3
          }
        ],
        "path": [
          "login"
        ],
        "extensions": {
          "data": [
            {
              "messages": [
                {
                  "id": "Auth.form.error.invalid",
                  "message": "Identifier or password invalid."
                }
              ]
            }
          ],
          "isBoom": true,
          "isServer": false,
          "message": "Bad Request",
          "code": 400,
          "exception": {
            "data": [
              {
                "messages": [
                  {
                    "id": "Auth.form.error.invalid",
                    "message": "Identifier or password invalid."
                  }
                ]
              }
            ],
            "isBoom": true,
            "isServer": false,
            "stacktrace": [
              "Error: Bad Request",
              "    at checkBadRequest (<project>/node_modules/strapi-plugin-users-permissions/config/schema.graphql:13:11)",
              "    at resolver (<project>/node_modules/strapi-plugin-users-permissions/config/schema.graphql:222:11)"
            ]
          }
        }
      }
    ],
    "data": null
  }
}

System

• Node.js version: v10.19.0
• NPM version: 6.13.4
• Strapi version: 3.0.0-beta.18.7
• Database: SQLite
• Operating system: linux

Additional context

Original ticket was #2546 - the tests from #3879 are still in master and seem to work fine(?). Likewise using the same credentials to login via http://localhost:1337/admin/auth/login works as well.

[derrickmehaffy]

Could not reproduce on beta.18.7 seems to work fine here:

[derrickmehaffy]

@sebhoss there is no GraphQL routes for the AdminUI users, this login route is only for standard users.

https://strapi.io/blog/why-we-split-the-management-of-the-admin-users-and-end-users?redirectPage=3

The only route for logging in AdminUI users is that localhost:1337/admin/auth/login and this is intended so for now marking this as closed.

[sebhoss]

Ah - I was sure that I was missing something trivial. Using a non-admin user does work fine indeed. Thanks for the quick help!

[derrickmehaffy]

No problem 😃

[JamMaster1999]

Hi guys, do you think you can explain why graphql is giving a 400 error?

I’m following the documentation mentioned here: #5304

mutation login($input: UsersPermissionsLoginInput!) {
  login(input: $input) {
    jwt
    user {
      id
      email
    }
  }
}

With my variables being (it’s not UIAdmin account I’m trying to access

{
  "input": {
    "identifier": "sina",
    "password": "1234567890"
  }
}

Interestingly enough when I try running the script without graphql variables, everything works fine

mutation login {
        login(input: {
          identifier: "sina",
          password: "1234567890"
          }
        ){
          jwt
          user{
            username
          }
        }
}

I need the variables so I can dynamically pass in user and password from the incoming form.

Please let me know

[derrickmehaffy]

This issue has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/adding-admin-login-routes-on-graphql/1612/1