Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix no session on social logins #1165

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Conversation

larixer
Copy link
Member

@larixer larixer commented Nov 13, 2019

What's the problem this PR addresses?

Fixes session absence on social logins

How did you fix it?

grantAccess used passwordHash as a part of a refresh secret key. Since passwordHash were not set by registerUser it was sometimes null, sometimes undefined and session was invalidated because of that. I'm using identityId instead of passwordHash, which should be unique and always defined.

@larixer
Copy link
Member Author

larixer commented Nov 13, 2019

@MassivDash Could you test this PR, please?

@MassivDash
Copy link
Contributor

I just saw the changes you made, I'll test them out soon and let you know

@MassivDash
Copy link
Contributor

So, I have tested this version, but unfortunately, it does not work correctly without somekind of passwordHash inserted into a table. Without the passwordHash, the csrf token gets created but the JSON web token gets an error.

server: backend debug read session { csrfToken: 'c8715cce6f1b96004e9700bcfaf2aca8' }
frontend debug loading <= refreshTokens({"refreshToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTMsImlhdCI6MTU3NDYxNzAyMiwiZXhwIjoxNTc1MjIxODIyfQ.cbulc-OAScAWBmXfnWyN92Urx22tXOgNBQZ1cMaF530"})
server: backend debug read session { csrfToken: 'c8715cce6f1b96004e9700bcfaf2aca8' }
server: backend debug {"errors":[{"message":"JsonWebTokenError: invalid signature","locations":[{"line":2,"column":3}],"path":["refreshTokens"],"extensions":{"code":"UNAUTHENTICATED","exception":{"stacktrace":["AuthenticationError: JsonWebTokenError: invalid signature","    at refreshTokens (/mnt/data/git/whatsoner/packages/server/build/index.js:2192:15)"]}}}],"data":null} <= undefined

With whatever passwordHash in the user table, it works correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants