actix-extras
actix-extras copied to clipboard
actix
How to solve the error when not logged in after setting actix_identity?
How to set it up correctly? I am copying the configuration from the code sample。
.wrap(IdentityMiddleware::default())
.wrap(
SessionMiddleware::builder(CookieSessionStore::default(), signing_key.clone())
.cookie_secure(false)
.build(),
)
Why does this prompt appear when not logged in?
DEBUG [actix_web::extract] - Error for Option<T> extractor: There is no identity information attached to the current session
This seems to be a critical regression in actix-session 0.10.0? Downgrading to 0.9.0 is working for me so far. On Safari it needed a little more convincing with setting the right cookie attributes.
Additional context:
actix-files = "0.6.6"
actix-identity = "0.7.1"
actix-session = { version = "0.9.0", features = ["cookie-session"] }
actix-web = "4.9.0"
anyhow = "1.0.86"
base64 = "0.22.1"
diesel = { version = "2.2.2", features = ["postgres", "r2d2", "uuid"] }
dotenvy = "0.15.7"
hex = "0.4.3"
hmac = "0.12.1"
rand = "0.8.5"
rand_chacha = "0.3.1"
regex = "1.10.6"
secrecy = "0.8.0"
serde = { version = "1.0.206", features = ["serde_derive"] }
serde_with = { version = "3.9.0", features = ["base64"] }
sha2 = "0.10.8"
thiserror = "1.0.63"
tracing = "0.1.40"
tracing-actix-web = "0.7.11"
tracing-subscriber = "0.3.18"
uuid = "1.10.0"
Update: I think I found the root cause:
As of identity-v0.7.1, actix-identity requires actix-session 0.9.0
https://github.com/actix/actix-extras/blob/db2193b8c5c6e8f40b9d85d7ee8618baa4af7fb5/actix-identity/Cargo.toml#L22
I'm guessing that since actix-session 0.10.0 also gets compiled as a dependency, the type magic inside actix is unable to reconcile the two Session types. Downgrading to actix-session 0.9.0 specifically would be the solution, until a new version of actix-identity is published with the updated version bound
@purefunctor Do you have any errors in version 0.9.0? I have the same version, and accessing pages that haven't been logged in will result in an error, so I can only use the session directly.
@sunkaifei You can ignore the DEBUG log:
2024-08-13T17:30:54.181711Z DEBUG HTTP request{http.method=GET http.route=/auth/generate http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/auth/generate otel.name=HTTP GET /auth/generate otel.kind="server" request_id=3d20b23f-5d8c-4aef-b6b1-8dcc140a5a89}: actix_web::extract: Error for Option<T> extractor: There is no identity information attached to the current session
2024-08-13T17:30:54.181806Z INFO HTTP request{http.method=GET http.route=/auth/generate http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/auth/generate otel.name=HTTP GET /auth/generate otel.kind="server" request_id=3d20b23f-5d8c-4aef-b6b1-8dcc140a5a89}: server::page: No user
2024-08-13T17:31:01.854869Z INFO HTTP request{http.method=POST http.route=/api/v1/auth/login http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/api/v1/auth/login otel.name=HTTP POST /api/v1/auth/login otel.kind="server" request_id=5f18e02e-b5b3-4aee-86eb-f449e4215966}: server::api::auth: Inserted user: "4436d90f-cce5-44c1-8a77-c10ad4d3e873"
2024-08-13T17:31:24.988591Z INFO HTTP request{http.method=GET http.route=/auth/generate http.flavor=1.1 http.scheme=http http.host=localhost:3000 http.client_ip=127.0.0.1 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 http.target=/auth/generate otel.name=HTTP GET /auth/generate otel.kind="server" request_id=1adb78c4-168f-4bfb-9ffa-f77fc0bed561}: server::page: "4436d90f-cce5-44c1-8a77-c10ad4d3e873"
It's meant for developers:
https://github.com/actix/actix-web/blob/f61fcbe8407019ad6ec958ab78ef2401f2ccd68f/actix-web/src/extract.rs#L173-L184
On the first line of your log, there is also an error message when the user is not logged in, just like my prompt
Update: I think I found the root cause:
As of
identity-v0.7.1, actix-identity requires actix-session 0.9.0https://github.com/actix/actix-extras/blob/db2193b8c5c6e8f40b9d85d7ee8618baa4af7fb5/actix-identity/Cargo.toml#L22
I'm guessing that since
actix-session 0.10.0also gets compiled as a dependency, the type magic inside actix is unable to reconcile the twoSessiontypes. Downgrading toactix-session 0.9.0specifically would be the solution, until a new version of actix-identity is published with the updated version bound
Also seeing this issue after upgrading to 0.10.0, and works to downgrade to 0.9.0. I guess ideally that would have failed to compile, but I think because of the way the middleware works in actix web i don't think it's possible to statically guarantee that the right actix_session::SessionMiddleware is in your app.
Easiest solution might just be to reexport actix_session out of actix_identity and recommend people use that, since you can't really use identity without session anyway.
Or add peer dependencies to cargo (jk jk)
The issue is that actix-identity's actix-session dependency was updated in f2339971cdbfbd42a3720d2bc6fa5478b7eef2a8 but no version increment was done or no new version was published to crates.io. The current source code on crates.io still depends on actix-session 0.9 and is 6 months old. Maybe someone can fix this by pushing a new version? @robjtede maybe?
Edit: actix-limitation probably has the same issue.
Oh – I see the problem now… that issue took me 6h to find. Could someone do the publish - even better figure out a way to avoid this? I don't think I know enough to solve it for good.
New actix-identity release published: https://github.com/actix/actix-extras/releases/tag/identity-v0.8.0
Sorry for the delay.
