angular-drupal icon indicating copy to clipboard operation
angular-drupal copied to clipboard

Published 20 hours ago verified publisher icon signalpoint

Anonymous user is always returned after logging in.

Open jonnadams opened this issue 8 years ago • 9 comments

As the title states the anonymous user is always returned when trying to log in.

angular.module('angular-drupal').config(function($provide) {
  $provide.value('drupalSettings', {
    sitePath: 'http://api.circuit-territory.vm'
  });
});

   drupal.userLogin('test', 'test!').then(function(data) {
      console.log(data);
      var user = drupal.currentUser();
      var msg = user.isAuthenticated() ?
      'Hello ' + user.getAccountName() : 'Hello Anonymous User';
      console.log(msg);
    });
screen shot 2016-10-02 at 2 40 26 am

You can see my drupal configuration here. I wanted to make sure that permissions weren't the issue so I opened them up.

screen shot 2016-10-02 at 2 19 19 am screen shot 2016-10-02 at 2 20 47 am

Any help on the matter would be greatly appreciated.

jonnadams avatar Oct 02 '16 06:10 jonnadams

@jonnadams I'm not familiar with D7 REST, so I can't tell for sure: are you working with D8?

kentr avatar Oct 02 '16 20:10 kentr

Looks like he is using D8 there. I think there is now a problem this module alongside Drupal 8.2, I believe the login mechanism has changed: https://www.drupal.org/documentation/modules/rest/javascript#comment-11731955

So I think we need to change this in jDrupal here: https://github.com/easystreet3/jDrupal/blob/8.x-1.x/src/includes/rest.inc.js#L82

Plus, for both D7 and D8, I believe the new X-CSRF-Token may be included (it for sure is in D7) in the response, so if we use that when it comes back, the subsequent connect call won't need to fetch another token.

signalpoint avatar Oct 27 '16 14:10 signalpoint

I believe your correct signalpoint I am unable to login with D8.2.3. I think it "may" have something to do with: https://www.drupal.org/node/2403307? I am unsure though. I cannot seem to find out what changed in the api.

webdobe avatar Dec 11 '16 06:12 webdobe

@webdobe Last week I updated jDrupal to work properly with D8.2.*, so I think if you just download the latest jdrupal.min.js and include it in your index.html file, then angular-drupal should start working again for user login.

signalpoint avatar Dec 11 '16 16:12 signalpoint

Hmm I have the latest... I think it may have something to do with CORS. With the change of adding CORS config to a separate YAML file. I am having a hard time finding out how to make this work correctly....

Ok so While I was typing this I logged some connections. It appears that I need to be sending my requests to drupal using withCredentials set to true. Since jdrupal is using XMLHttpRequest; I am unable to use angular's httpprovider interceptor to change the withCredentials on the request.

$httpProvider.interceptors.push([
      function() {
        return {
          request: function(config) {
            config.withCredentials = true;
            return config;
          }
        };
      }
    ]);

Instead I have to be able to do this:

jDrupal.connect = function() {
  return new Promise(function(resolve, reject) {
    var req = new XMLHttpRequest();
    req.withCredentials = true;

Maybe you have an idea?

webdobe avatar Dec 12 '16 00:12 webdobe

Well I found the:

/**
 * Pre process a rest call.
 * @param {XMLHttpRequest} xhr
 * @param {*} data
 */
function hook_rest_pre_process(xhr, data) {
  // Do stuff before the rest call...
}

So I bet I can do something with that. But where do I use the hook?

webdobe avatar Dec 12 '16 00:12 webdobe

Figured it out. I had to add drupal.modules['modulename'] = true; to my user service and add the

modulename_res_pre_process(xhr) {
 xhr.withCredentials = true;
}

Outside the service.

webdobe avatar Dec 12 '16 01:12 webdobe

@webdobe Can you go into more detail in how/where you implemented this in your angular app?

jsheffers avatar Jun 20 '17 15:06 jsheffers

@jsheffers So the modulename_res_pre_process(xhr) function I placed in my user service file but outside the service. But you need to add the drupal.modules['modulename'] within your service. This is then added to every rest call stating that your sending withCredentials. The rest of the CORS configuration is done in the services.yml file in drupal 8.x-3.x+

My Cors config looks like this (sites/default/services.yml):

  cors.config:
    enabled: true
    # Specify allowed headers, like 'x-allowed-header'.
    allowedHeaders: ['*']
    # Specify allowed request methods, specify ['*'] to allow all possible ones.
    allowedMethods: ['*']
    # Configure requests allowed from specific origins. 
    allowedOrigins: ['http://localhost:9000'] // or to my live site https://jesselongacre.com you need this otherwise the browser will say the drupal side rejected it.
    # Sets the Access-Control-Expose-Headers header.
    exposedHeaders: false
    # Sets the Access-Control-Max-Age header.
    maxAge: false
    # Sets the Access-Control-Allow-Credentials header. // this is where the withCredentials is supported
    supportsCredentials: true

Make sure to clear your cache after making the cors changes as drupal 8 I believe caches all this.

Additionally, you may need to setup # cookie_domain: '.example.com' in your services.yml file this will make sure that your cookies are passed to the app. Hense the withCredentials bit.

webdobe avatar Jun 20 '17 16:06 webdobe