[Bug?]: Authentication Error After Upgrading from Version 6.6.4 to 7.4.3 about redwood HOT 8 CLOSED

Hello everyone,

To solve my issue, I've tried various methods and paid particular attention to the suggestions from @dthyresson and @Tobbe. After updating, I reinstalled dbAuth using the command yarn rw setup auth dbAuth and logged in successfully. However, when I modify the id field in the authFields of the authHandler variable in the 'api/src/functions/auth.ts' file to id: 'user_id', I encounter an error.

The error occurs with the request sent to http://localhost:8910/.redwood/functions/auth?method=webAuthnAuthOptions, returning "Cannot retrieve user details without being logged in". Additionally, the request sent to http://localhost:8910/.redwood/functions/auth returns a 200 status code and the response is as follows:

{
  "id": 3,
  "email": "my email address"
}

Shouldn't it return the user_id I've specified instead of "id": 3?

In summary, when I reinstall dbAuth with yarn rw setup auth dbAuth, my issue is resolved, but it reoccurs when I set id:'user_id'.

Thank you.

from redwood.

Thanks for opening this issue and providing so much detail!

I'm going to be debugging a potentially related bug to do with our request context which has been reported to be broken between the v6->v7 upgrade. I'll follow up to this issue after checking the context one. I aim to get back to you in a day or two - if that sounds okay?

from redwood.

Thank you for the quick response and for looking into the issue! I am happy to wait for the updates you mentioned. Your assistance is greatly appreciated.

from redwood.

Hi @furkanhalkan I'm having a look at this and helping @Josh-Walker-GM and as I investigated, I did notice a change in the way getCurrentUser is implemented in 6.6.4 and 7.4.3:

Compare

6.6.4

      user = await this.dbAccessor.findUnique({
        where: { [this.options.authFields.id]: this.session?.id },
        select,
      })

7.4.3.

      user = await this.dbAccessor.findUnique({
        where: {
          [this.options.authFields.id]:
            this.session?.[this.options.authFields.id],
        },
        select,
      })

The value for the session is a little different.

Note sure that is your issue, but the error Cannot retrieve user details without being logged in. happens when

  async _getCurrentUser() {
    if (!this.session?.[this.options.authFields.id]) {
      throw new DbAuthError.NotLoggedInError()
    }

Or actually it could be that, too.

Either that or the this.session?.[this.options.authFields.id isn't set properly.

Let me know if that helps.

from redwood.

Hello @dthyresson

Firstly, I would like to express my gratitude for your support. Unfortunately, the issue persists and has not been resolved. The same problem continues to occur.

Thank you for your understanding.

from redwood.

@furkanhalkan Could you please try adding some console.log statements in the code to see what value you have for this.options.authFields.id? You'd have to dig into node_modules/@redwoodjs/... to find the correct place to add it.

When you're at it, might as well log this.session too 🙂

Please let us know what info that gives you.
And don't be afraid to ask if you need more guidance 🙂

from redwood.

HI @furkanhalkan I was going to suggest the same as @Tobbe here -- to log more info to determine the ids and values.

One other thought I had is that you have a rather complex transaction in the signup:

const transactionResult = await db.$transaction([
          db.user.create({
            data: {
              user_id: userid,
              email: username,
              hashedPassword: hashedPassword,
              salt: salt,
              Clinic_id: clinicID,
              phone_number: userAttributes.phonenumber,
            },
          }),
          db.userDetails.create({
            data: {
              user_id: userid,
              Clinic_id: clinicID,
              name_surname: userAttributes.namesurname,
              Clinic_name: userAttributes.clinicname,
              email: username,
              phone_number: userAttributes.phonenumber,
            },
          }),
          db.clinic.create({
            data: {
              Clinic_id: clinicID,
              Clinic_name: userAttributes.clinicname,
              Kurucu_ID: userid,
            },
          }),
          db.doctor.create({
            data:{
              doctor_id:doctorId,
              clinic_id:clinicID,
              name_surname:userAttributes.namesurname,
              phone_number:userAttributes.phonenumber,
              creater_id:userid
            }
          })
        ])

        return transactionResult

Perhaps this fails at some point and the result is null??

I'd suggest:

• logging the result (is it null?)
• maybe a try catch to see if an error
• instead of a transaction, use nested writes: https://www.prisma.io/docs/orm/prisma-client/queries/relation-queries#create-a-related-record
• does the user get created on a signup? what happens on sign up if the user already exists? Does the create fail and then an error occurs and thus the user is null in the session?

from redwood.

I would like to update the topic one last time. As I mentioned above, I resolved my issue by reinstalling. Thank you to everyone who helped.

from redwood.