blitz icon indicating copy to clipboard operation
blitz copied to clipboard

Published 20 hours ago verified publisher icon blitz-js

Page role authentication does not work when using `roles` instead of `role`

Open mjyoung opened this issue 1 year ago • 7 comments

What is the problem?

When creating a session and setting publicData.roles = ["Role1", "Role2"], using Page.authenticate = { role: "Role1" } does not work and will always result in an AuthenticationError.

It looks like this assumes we're always setting a single publicData.role instead of an array of roles: https://github.com/blitz-js/blitz/blob/fb232d126ebdbb9183417336a4ce461dc89b2a56/packages/blitz-auth/src/client/index.tsx#L352

Paste all your error logs here:

AuthenticationError

Paste all relevant code snippets here:

mutations/login.tsx

  await ctx.session.$create({ userId: user.id, roles: ["Role1", "Role2"] })

pages/protected.tsx

const Protected = () => {
  return <div>Hi</div>
}

export default Protected

Protected.authenticate = { role: ["Role1"] }

What are detailed steps to reproduce this?

  1. On login:
  await ctx.session.$create({ userId: user.id, roles: ["Role1", "Role2"] })
  1. Create pages/protected.tsx:
const Protected = () => {
  return <div>Hi</div>
}

export default Protected

Protected.authenticate = { role: ["Role1"] }
  1. Open browser and navigate to /protected

Will always get an error because the auth client only checks against the publicData.role instead of publicData.roles

Run blitz -v and paste the output here:

Blitz version: 2.0.0-beta.35 (global)
Blitz version: 2.0.0-beta.35 (local)
macOS Ventura | darwin-arm64 | Node: v20.8.1


 Package manager: pnpm

  System:
    OS: macOS 13.5.2
    CPU: (10) arm64 Apple M1 Pro
    Memory: 524.55 MB / 32.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 20.8.1 - ~/.asdf/installs/nodejs/20.8.1/bin/node
    Yarn: 1.22.19 - /opt/homebrew/bin/yarn
    npm: 10.1.0 - ~/.asdf/plugins/nodejs/shims/npm
  npmPackages:
    @blitzjs/auth: 2.0.0-beta.35 => 2.0.0-beta.35 
    @blitzjs/next: 2.0.0-beta.35 => 2.0.0-beta.35 
    @blitzjs/rpc: 2.0.0-beta.35 => 2.0.0-beta.35 
    @prisma/client: 5.4.2 => 5.4.2 
    blitz: 2.0.0-beta.35 => 2.0.0-beta.35 
    next: 13.5.4 => 13.5.4 
    prisma: 5.4.2 => 5.4.2 
    react: 18.2.0 => 18.2.0 
    react-dom: 18.2.0 => 18.2.0 
    typescript: ^4.8.4 => 4.9.5

Please include below any other applicable logs and screenshots that show your problem:

No response

mjyoung avatar Nov 22 '23 16:11 mjyoung

thanks for the issue @mjyoung! It would be better to handle this case. Marking it as ready to work on.

siddhsuresh avatar Nov 28 '23 12:11 siddhsuresh

Any update or ETA on this? :)

mjyoung avatar Dec 29 '23 21:12 mjyoung

@siddhsuresh just another gentle ping on this. is this planned to be fixed in the near future?

mjyoung avatar Jan 05 '24 19:01 mjyoung

@mjyoung Hello ! If needed I can work on it :)

cmoileo avatar Jan 09 '24 15:01 cmoileo

that's great @cmoileo! It would be good to handle this. Let me know if I can help in any way.

@siddhsuresh just another gentle ping on this. is this planned to be fixed in the near future?

not planned per se, but I am ready to review the code for the fix if done by the community,

siddhsuresh avatar Jan 09 '24 16:01 siddhsuresh

@siddhsuresh Alright, I will work on it this week-end. I'll come to you if needed :)

cmoileo avatar Jan 10 '24 11:01 cmoileo

@siddhsuresh I've sent the PR -> https://github.com/blitz-js/blitz/pull/4275

cmoileo avatar Jan 13 '24 13:01 cmoileo