Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login issue with different token and sessid #37

Open
Saneesh opened this issue Oct 18, 2016 · 7 comments
Open

Login issue with different token and sessid #37

Saneesh opened this issue Oct 18, 2016 · 7 comments
Labels
7.x-1.x question

Comments

@Saneesh
Copy link

Saneesh commented Oct 18, 2016
edited
Loading

Hello,
I'm trying to build a mobile app using angular-drupal. After configure everything, when I call the user_login() in my controller, it shows 'NOT A VALID USER!' message.

myApp.controller("TestController", ['$scope', '$http', 'shared', 'drupal', function ($scope, $http, shared, drupal) {
  var qsStoreId = 1;

  drupal.user_login('Admin', 'Admin@123').then(function(data) {
    console.log(data);
    if (data.user.uid) {
      console.log('User exists!');
    }
    else {
      console.log('NOT A VALID USER!');
    }
  });
}]);

In Firefox console, I can see three calls as follows (user/login.json, session/token and connect.json )

Call : POST http://mysite/?q=drupalgap/user/login.json
Response:
{
  "sessid": "SZHvoUQY76BR0EphigNuROAhlSosveXyOW17bsUD2VE",
  "session_name": "SESS31bd58610f7362c1ad5ccecaf06b294e",
  "token": "7Wwtz-akDJoF-4bNBbW_4w1z1EljPVRYsyXw4dh0JAE",
  "user": {
    "uid": "1",
    "name": "Admin",
    ...
  }
}

When it gets the token it returns a new token.

http://mysite/?q=services/session/token
Response:
lxmxpeboGGyH3hc88zZ2uj4RNKRHbqhY_hMa8yfGxIw

When it calls 'connect', session_name is same but the sessid is different.

http://mysite/?q=drupalgap/system/connect.json
Response:
{
  "sessid": "ei4lHs9z8_W5i4XypOgjPJLwph8Bx_Brvh8Odk_aUaA",
  "session_name": "SESS31bd58610f7362c1ad5ccecaf06b294e",
  "user": {
    "uid": 0,
    "hostname": "127.0.0.1",
    "roles": { "1": "anonymous user" },
    "cache": 0,
    "timestamp": 1476790053
  },
  "remote_addr": "127.0.0.1",
  ...
}

Might be because of this reason, I'm not getting user login success message.

I'm using Drupal 7 as backend. Instead of 'drupalgap' service endpoint I tried with a service called 'api' as mentioned in the tutorial(https://www.npmjs.com/package/angular-drupal) but still shows 'NOT A VALID USER!' message.

How can I fix this issue?
@Saneesh Saneesh mentioned this issue Oct 24, 2016
Open
@signalpoint
Copy link
Owner

@Saneesh what URL does your app live at? What URL does your Drupal site live at? Are they in the same domain? It sounds like you're having a cross domain issue, where the domain that Drupal wants to store the cookie is different than the domain of your app, so the cookie from Drupal doesn't get written properly to the app, and the app's user always appears to be logged out.

@Saneesh
Copy link
Author

Saneesh commented Oct 28, 2016
edited
Loading

Hello Tyler,
Yes, as you guess I'm running my application using the command cordova serve I run application in the following URL:
http://localhost:8000/android/www/index.html#!/user/login

From this URL I'm accessing the Drupal instance in different server.

To make it work, what are the settings I need to change in Drupal instance?
sessid and token return from login.json, how do I pass to drupal before accessing the drupal.user_login() function?

Thanks,
Saneesh

@signalpoint
Copy link
Owner

@Saneesh You don't need to worry about the X-CSRF-Token, once it's retrieved, angular-drupal will properly use it with each of its Service commands. The user login function in angular-drupal just needs to be modified to set aside the token, instead of asking for the new token, then setting it aside:

https://github.com/easystreet3/angular-drupal/blob/7.x-1.x/src/angular-drupal.js#L99
https://github.com/easystreet3/angular-drupal/blob/7.x-1.x/src/angular-drupal.js#L60

Other than that, you need to set up CORS policies (something I am not familiar with) to allow your application to connect to a different domain.

@Saneesh
Copy link
Author

Saneesh commented Oct 28, 2016

Hello Tyler, if I understand well your reply there are two points. 1) "The user login function in angular-drupal just needs to be modified to set aside the token". 2) Check CORS in Drupal.
For the first point, angular-drupal handles the token by itself.
For the second point I have installed CORS drupal module and added the settings as they mentioned there.

But still I'm facing the same issue.

@Saneesh
Copy link
Author

Saneesh commented Oct 28, 2016

Is there anything I need to set in AngularJS side?

@signalpoint
Copy link
Owner

signalpoint commented Oct 28, 2016
edited
Loading

@Saneesh

  1. Yes.

I don't know much further than this, many others have this "issue", and I don't know where entirely the solution lies, but others have gotten around this and it mostly has to do with configuration on a per project basis. Check out the following issue queues and you'll find many discussions about this related issue, and you'll hear from others who have identified the ways they've gotten around this situation:

Although the projects are different, the problem(s) seems to be one in the same.

@kentr
Copy link
Collaborator

kentr commented Oct 28, 2016

@Saneesh If you’re running into CORS problems with just with dev on local, use Chrome with web security disabled or use the CORS plugin to disable it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
7.x-1.x question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kentr @signalpoint @Saneesh