Example icon indicating copy to clipboard operation
Example copied to clipboard
verified publisher icon metarhia

Potentially error

Open sulimenko opened this issue 2 years ago • 1 comments

in the session recovery example, potential error

application/api/auth.2/restore.js

({
  access: 'public',
  method: async ({ token }) => {
    const restored = context.client.restoreSession(token);
    if (restored) return { status: 'logged' };
    const data = await api.auth.provider.readSession(token);
    return { status: data ? 'logged' : 'not logged' };
  },
});

If the token is not in sessions, we check it in the database, but after that we don't add it to sessions.

Example: context.client.startSession(token, data);

sulimenko avatar Jul 29 '23 09:07 sulimenko

Currently the problem is still exist. Way to reproduce:

  1. node server.js
  2. Open browser http://localhost:8000
  3. Open DevConsole: network tab there, click on api ws request and go to"Messages" tab
  4. Check that one of the initial messages was {type: "call", id: 2, method: "auth/signin",…} and the callback was {type: "callback", id: 2, result: {status: "logged"}}
  5. Type in console await api.example.counter(); that reqesting logged endpoint
  6. You will receive successful answer.
  7. Reload the browser tab.
  8. Check that one of the initial messages was {type: "call", id: 2, method: "auth/restore",…} and the callback was {type: "callback", id: 2, result: {status: "logged"}}
  9. Call againawait api.example.counter();
  10. Result: error: {message: "Forbidden", code: 403}.

After deleting the token from localStorage and repeated clean auth/signin it works as expected again.

KLarpen avatar Dec 15 '23 17:12 KLarpen