ra-data-feathers icon indicating copy to clipboard operation
ra-data-feathers copied to clipboard

Published 20 hours ago verified publisher icon josx

How to access logged-in user data

Open JayGajjar opened this issue 4 years ago • 3 comments

I am currently running feathers v4, and using custom JWTStrategy to add user role into JWT token. With this implementation i am unable to access authenticated web-services. Is there any way to get permission with default JWTStrategy ?

Please check my code

authentication.js

const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication');
const { LocalStrategy } = require('@feathersjs/authentication-local');
const { expressOauth } = require('@feathersjs/authentication-oauth');

class LegacyAuthenticationService extends AuthenticationService {
  async getPayload(authResult, params) {
    // Call original `getPayload` first
    const payload = await super.getPayload(authResult, params);
    const { user } = authResult;

    if (user && user.roles) {
      payload.roles = user.roles;
    }

    return payload;

  }
}

class LegacyJWTStrategy extends JWTStrategy {
  getEntityId(authResult) {
    const { authentication: { payload } } = authResult;

    return payload.roles || payload.sub;
  }
}

module.exports = app => {
  const authentication = new LegacyAuthenticationService(app);

  authentication.register('jwt', new LegacyJWTStrategy());
  authentication.register('local', new LocalStrategy());

  app.use('/authentication', authentication);
  // app.configure(expressOauth());
};

`

users.hooks.js

`const { authenticate } = require('@feathersjs/authentication').hooks;

const {
  hashPassword, protect
} = require('@feathersjs/authentication-local').hooks;

module.exports = {
  before: {
    all: [],
    find: [ authenticate('jwt') ], 
    get: [ authenticate('jwt') ], <--- This function is unable to decode custom JWT
    create: [ hashPassword('password') ],
    update: [ hashPassword('password'),  authenticate('jwt') ],
    patch: [ hashPassword('password'),  authenticate('jwt') ],
    remove: [ authenticate('jwt') ]
  },

  after: {
    all: [ 
      // Make sure the password field is never sent to the client
      // Always must be the last hook
      protect('password')
    ],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  },

  error: {
    all: [],
    find: [],
    get: [],
    create: [],
    update: [],
    patch: [],
    remove: []
  }
};
`

Error

GET Api Url: http://localhost:3030/users

{"name":"BadRequest","message":"Cast to ObjectId failed for value "admin" at path "_id" for model "users"","code":400,"className":"bad-request","errors":{}}

JayGajjar avatar Sep 28 '19 15:09 JayGajjar

I am not using feather v4, here an example with working permissions https://github.com/kfern/feathers-aor-test-integration

josx avatar Oct 02 '19 13:10 josx

I have started my project by referring this example, but due to some major changes in authentication of feathersjs i am not able to figure out the issue i mentioned.

JayGajjar avatar Oct 03 '19 08:10 JayGajjar

I am using feathers v4 with a similar configuration as you described without issues. Are you sure the error is due to authentication config? From your error message, Cast to ObjectId failed for value "admin" at path "_id" for model "users" It seems like it is trying to cast value "admin" to ObjectId type, which would fail as expected. Could the problem be that _id has the value "admin" and it might not be correct?

lijoantony avatar May 16 '20 07:05 lijoantony