angular-drupal icon indicating copy to clipboard operation
angular-drupal copied to clipboard
verified publisher icon signalpoint

Login issue with different token and sessid

Open Saneesh opened this issue 9 years ago • 7 comments

Hello, I'm trying to build a mobile app using angular-drupal. After configure everything, when I call the user_login() in my controller, it shows 'NOT A VALID USER!' message.

myApp.controller("TestController", ['$scope', '$http', 'shared', 'drupal', function ($scope, $http, shared, drupal) {
  var qsStoreId = 1;

  drupal.user_login('Admin', 'Admin@123').then(function(data) {
    console.log(data);
    if (data.user.uid) {
      console.log('User exists!');
    }
    else {
      console.log('NOT A VALID USER!');
    }
  });
}]);

In Firefox console, I can see three calls as follows (user/login.json, session/token and connect.json )

Call : POST http://mysite/?q=drupalgap/user/login.json
Response:
{
  "sessid": "SZHvoUQY76BR0EphigNuROAhlSosveXyOW17bsUD2VE",
  "session_name": "SESS31bd58610f7362c1ad5ccecaf06b294e",
  "token": "7Wwtz-akDJoF-4bNBbW_4w1z1EljPVRYsyXw4dh0JAE",
  "user": {
    "uid": "1",
    "name": "Admin",
    ...
  }
}

When it gets the token it returns a new token.

http://mysite/?q=services/session/token
Response:
lxmxpeboGGyH3hc88zZ2uj4RNKRHbqhY_hMa8yfGxIw

When it calls 'connect', session_name is same but the sessid is different.

http://mysite/?q=drupalgap/system/connect.json
Response:
{
  "sessid": "ei4lHs9z8_W5i4XypOgjPJLwph8Bx_Brvh8Odk_aUaA",
  "session_name": "SESS31bd58610f7362c1ad5ccecaf06b294e",
  "user": {
    "uid": 0,
    "hostname": "127.0.0.1",
    "roles": { "1": "anonymous user" },
    "cache": 0,
    "timestamp": 1476790053
  },
  "remote_addr": "127.0.0.1",
  ...
}

Might be because of this reason, I'm not getting user login success message.

I'm using Drupal 7 as backend. Instead of 'drupalgap' service endpoint I tried with a service called 'api' as mentioned in the tutorial(https://www.npmjs.com/package/angular-drupal) but still shows 'NOT A VALID USER!' message.

How can I fix this issue?

Saneesh avatar Oct 18 '16 11:10 Saneesh

@Saneesh what URL does your app live at? What URL does your Drupal site live at? Are they in the same domain? It sounds like you're having a cross domain issue, where the domain that Drupal wants to store the cookie is different than the domain of your app, so the cookie from Drupal doesn't get written properly to the app, and the app's user always appears to be logged out.

signalpoint avatar Oct 27 '16 14:10 signalpoint

Hello Tyler, Yes, as you guess I'm running my application using the command cordova serve I run application in the following URL: http://localhost:8000/android/www/index.html#!/user/login

From this URL I'm accessing the Drupal instance in different server.

To make it work, what are the settings I need to change in Drupal instance? sessid and token return from login.json, how do I pass to drupal before accessing the drupal.user_login() function?

Thanks, Saneesh

Saneesh avatar Oct 28 '16 11:10 Saneesh

@Saneesh You don't need to worry about the X-CSRF-Token, once it's retrieved, angular-drupal will properly use it with each of its Service commands. The user login function in angular-drupal just needs to be modified to set aside the token, instead of asking for the new token, then setting it aside:

https://github.com/easystreet3/angular-drupal/blob/7.x-1.x/src/angular-drupal.js#L99 https://github.com/easystreet3/angular-drupal/blob/7.x-1.x/src/angular-drupal.js#L60

Other than that, you need to set up CORS policies (something I am not familiar with) to allow your application to connect to a different domain.

signalpoint avatar Oct 28 '16 16:10 signalpoint

Hello Tyler, if I understand well your reply there are two points. 1) "The user login function in angular-drupal just needs to be modified to set aside the token". 2) Check CORS in Drupal. For the first point, angular-drupal handles the token by itself. For the second point I have installed CORS drupal module and added the settings as they mentioned there.

But still I'm facing the same issue.

Saneesh avatar Oct 28 '16 17:10 Saneesh

Is there anything I need to set in AngularJS side?

Saneesh avatar Oct 28 '16 17:10 Saneesh

@Saneesh

  1. Yes.

I don't know much further than this, many others have this "issue", and I don't know where entirely the solution lies, but others have gotten around this and it mostly has to do with configuration on a per project basis. Check out the following issue queues and you'll find many discussions about this related issue, and you'll hear from others who have identified the ways they've gotten around this situation:

  • https://github.com/easystreet3/jDrupal/issues?utf8=%E2%9C%93&q=is%3Aissue%20cors%20
  • https://github.com/easystreet3/angular-drupal/issues?utf8=%E2%9C%93&q=is%3Aissue%20cors%20
  • https://github.com/signalpoint/DrupalGap/issues?utf8=%E2%9C%93&q=is%3Aissue%20cors%20

Although the projects are different, the problem(s) seems to be one in the same.

signalpoint avatar Oct 28 '16 17:10 signalpoint

@Saneesh If you’re running into CORS problems with just with dev on local, use Chrome with web security disabled or use the CORS plugin to disable it.

kentr avatar Oct 28 '16 17:10 kentr