Comments (6)
riverrun
commented on August 24, 2024
Could you check to see if the current_user is being set for the protected resource? You can do this by running IO.inspect conn.assigns in the controller function of the protected resource.
from phauxth.
beckler
commented on August 24, 2024
Okay, so here's the output logs when I initially reach a protected resource the first time:
[info] GET /accounts/user
[debug] Processing with DownstageWeb.Account.UserController.index/2
Parameters: %{}
Pipelines: [:browser, :protected]
[debug] QUERY OK source="sessions" db=2.4ms queue=0.1ms
SELECT s0."id", s0."expires_at", s0."user_id", s0."inserted_at", s0."updated_at" FROM "sessions" AS s0 WHERE (s0."expires_at" > $1) AND (s0."id" = $2) [~U[2019-09-12 13:08:22Z], <<196, 143, 2, 242, 161, 76, 74, 34, 173, 20, 79, 243, 152, 92, 83, 224>>]
[debug] QUERY OK source="users" db=2.0ms
SELECT u0."id", u0."email", u0."password_hash", u0."confirmed_at", u0."reset_sent_at", u0."inserted_at", u0."updated_at" FROM "users" AS u0 WHERE (u0."id" = $1) [<<71, 42, 202, 165, 20, 187, 71, 76, 132, 210, 192, 135, 147, 242, 224, 186>>]
%{
current_user: %{
__meta__: #Ecto.Schema.Metadata<:loaded, "users">,
__struct__: Downstage.Accounts.User,
companies: #Ecto.Association.NotLoaded<association :companies is not loaded>,
confirmed_at: ~U[2019-09-03 03:38:03Z],
email: "[email protected]",
id: "472acaa5-14bb-474c-84d2-c08793f2e0ba",
inserted_at: ~N[2019-09-03 03:37:59],
reset_sent_at: nil,
sessions: #Ecto.Association.NotLoaded<association :sessions is not loaded>,
updated_at: ~N[2019-09-03 03:38:03]
}
}
[info] user=472acaa5-14bb-474c-84d2-c08793f2e0ba message="user authenticated"
[debug] QUERY OK source="users" db=1.2ms
SELECT u0."id", u0."email", u0."password_hash", u0."confirmed_at", u0."reset_sent_at", u0."inserted_at", u0."updated_at" FROM "users" AS u0 []
[info] Sent 200 in 8ms
After I delete the session from the DB, and visit that same endpoint again, here are the produced logs:
[info] GET /accounts/user
[debug] Processing with DownstageWeb.Account.UserController.index/2
Parameters: %{}
Pipelines: [:browser, :protected]
[debug] QUERY OK source="sessions" db=0.8ms
SELECT s0."id", s0."expires_at", s0."user_id", s0."inserted_at", s0."updated_at" FROM "sessions" AS s0 WHERE (s0."expires_at" > $1) AND (s0."id" = $2) [~U[2019-09-12 13:08:46Z], <<196, 143, 2, 242, 161, 76, 74, 34, 173, 20, 79, 243, 152, 92, 83, 224>>]
[info] user=nil message="no user found"
[debug] QUERY OK source="users" db=1.0ms queue=0.1ms
SELECT u0."id", u0."email", u0."password_hash", u0."confirmed_at", u0."reset_sent_at", u0."inserted_at", u0."updated_at" FROM "users" AS u0 WHERE (u0."id" = $1) [<<71, 42, 202, 165, 20, 187, 71, 76, 132, 210, 192, 135, 147, 242, 224, 186>>]
[info] user=472acaa5-14bb-474c-84d2-c08793f2e0ba message="user authenticated"
[debug] QUERY OK db=5.5ms queue=0.8ms
INSERT INTO "sessions" ("expires_at","user_id","inserted_at","updated_at","id") VALUES ($1,$2,$3,$4,$5) [~U[2019-09-13 13:08:46Z], <<71, 42, 202, 165, 20, 187, 71, 76, 132, 210, 192, 135, 147, 242, 224, 186>>, ~N[2019-09-12 13:08:46], ~N[2019-09-12 13:08:46], <<53, 3, 64, 149, 182, 2, 67, 169, 139, 18, 214, 120, 11, 239, 72, 39>>]
%{
current_user: %{
__meta__: #Ecto.Schema.Metadata<:loaded, "users">,
__struct__: Downstage.Accounts.User,
companies: #Ecto.Association.NotLoaded<association :companies is not loaded>,
confirmed_at: ~U[2019-09-03 03:38:03Z],
email: "[email protected]",
id: "472acaa5-14bb-474c-84d2-c08793f2e0ba",
inserted_at: ~N[2019-09-03 03:37:59],
reset_sent_at: nil,
sessions: #Ecto.Association.NotLoaded<association :sessions is not loaded>,
updated_at: ~N[2019-09-03 03:38:03]
}
}
[debug] QUERY OK source="users" db=1.2ms
SELECT u0."id", u0."email", u0."password_hash", u0."confirmed_at", u0."reset_sent_at", u0."inserted_at", u0."updated_at" FROM "users" AS u0 []
[info] Sent 200 in 12ms
This is just visiting the :index function of this controller, and this is what I have for the plugs in the controller:
plug :user_check when action in [:index, :show]
plug :id_check when action in [:edit, :update, :delete]
Looking at the logs now, it does look like it checks the session, but if it can't find the session it looks like it generates a new row in the sessions table.
Since the session keeps getting regenerated, I also tried setting the expires_at field to a date in the past, but it doesn't seem to validate against that either.
from phauxth.
riverrun
commented on August 24, 2024
It would help me debug this if I coud see the code. Is it publicly available?
from phauxth.
beckler
commented on August 24, 2024
@riverrun It wasn't but I went ahead and opened it up.
https://github.com/beckler/downstage_umbrella
from phauxth.
riverrun
commented on August 24, 2024
First of all, sorry for the delay in getting back to you - I haven't felt too good the last few days.
I think the issue is that the Phauxth.Remember plug is creating a new session because there is still a remember_me cookie present. Could you check if that is the case by adding IO.inspect conn.req_cookies in the controller function? If a remember_me cookie is there, then it is working as expected, and if not, there is a problem.
from phauxth.
beckler
commented on August 24, 2024
Ah okay, the remember_me cookie is probably present then, as I'm fairly certain I have it hard coded it in the default session path.
Thank you for responding! And thank you for this awesome library!
from phauxth.
Related Issues (20)
- Error with absinthe (Phoenix 1.4 and Phaux 2.0) HOT 1
- [FEATURE] Customizable max_age in tokens used by Remember HOT 5
- [BUG] Token generated later to same user can't work properly HOT 5
- Thanks for your hard work for 2.0 HOT 4
- [FEATURE] Add refresh token support HOT 2
- [BUG] Argon 2 error - function depreciation leads to 500 HOT 8
- seeds.exs from wiki HOT 3
- [FEATURE] phauxth for umbrella apps HOT 6
- [FEATURE] Allow specifying domain for remember cookie HOT 4
- [BUG] Remember cookie doesn't last full time HOT 6
- Confusion over Phauxth.Remember :max_age HOT 1
- authenticate callback arity for token cookie module is incorrect HOT 2
- Working on Phoenix Liveview HOT 4
- [FEATURE] Create 'Phauxth.Remember.Base' module HOT 2
- [FEATURE] Too Many Login Attempts HOT 1
- [BUG] Can't download archive install HOT 4
- Wiki documentation update proposition HOT 1
- Generate both API and HTML
- change http://localhost:4000/sessions/new from text_input to password_input HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phauxth.