In mobile app - login is successful but identity of security identity is not set

umeshhodwala · May 20, 2023, 1:40am

I have created backend and mobile app. In mobile app the login is successful but i am getting error when getting user data from backend server connect with security identity. It gives error for user_id.

This is the userdetails server action in back end -

the developer tool info which shows that login is successful and identity is returned -

this is error in user details after successful login-

Following are also ok -
CORs set to *
remember me is set to 1 in login server action.
credential is selected in both userdetails and login form.

I am testing in web.

Do i have to set anything else?

kfawcett · May 22, 2023, 1:49am

What is the full message of this? Looks like the server is crashing on your userdetails action.

kfawcett · May 22, 2023, 1:54am

Also, you could improve your UserDetails api by adding a condition “if identity is true”, then run query. Else return 401 code (unauthorized) like below.

umeshhodwala · May 22, 2023, 3:22am

{status: “500”, code: “22P02”,…}
code
:
“22P02”
message
:
“select “user”.“email”, “user”.“first_name”, “user”.“last_name”, “user”.“isActive”, “user”.“user_id”, “user”.“department_id”, “user”.“row_permission”, “department”.“location_id” from “user” inner join “department” on “department”.“department_id” = “user”.“department_id” where “user”.“user_id” = $1 limit $2 - invalid input syntax for type uuid: “false””
stack
:
“error: select “user”.“email”, “user”.“first_name”, “user”.“last_name”, “user”.“isActive”, “user”.“user_id”, “user”.“department_id”, “user”.“row_permission”, “department”.“location_id” from “user” inner join “department” on “department”.“department_id” = “user”.“department_id” where “user”.“user_id” = $1 limit $2 - invalid input syntax for type uuid: “false”\n at Parser.parseErrorMessage (/home/jelastic/ROOT/node_modules/pg-protocol/dist/parser.js:287:98)\n at Parser.handlePacket (/home/jelastic/ROOT/node_modules/pg-protocol/dist/parser.js:126:29)\n at Parser.parse (/home/jelastic/ROOT/node_modules/pg-protocol/dist/parser.js:39:38)\n at Socket. (/home/jelastic/ROOT/node_modules/pg-protocol/dist/index.js:11:42)\n at Socket.emit (node:events:513:28)\n at addChunk (node:internal/streams/readable:315:12)\n at readableAddChunk (node:internal/streams/readable:289:9)\n at Socket.Readable.push (node:internal/streams/readable:228:10)\n at TCP.onStreamRead (node:internal/stream_base_commons:190:23)”
status
:
“500”

umeshhodwala · May 22, 2023, 3:27am

Is the issue relates to cookies as one of cookies says

1. Because a cookie’s  `SameSite`  attribute was not set or is invalid, it defaults to  `SameSite=Lax` , which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

Resolve this issue by updating the attributes of the cookie:

  * Specify  `SameSite=None`  and  `Secure`  if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the  `Secure`  attribute.
  * Specify  `SameSite=Strict`  or  `SameSite=Lax`  if the cookie should not be set by cross-site requests.

2. AFFECTED RESOURCES

  1. 1 cookie

    1. |Name|Domain & Path|
| --- | --- |
|sheellegal.sid|wsheellegal.cloudjiffy.net/|

and another says -

Cookies marked with SameSite=None must also be marked with Secure to allow setting them in a cross-site context. This behavior protects user data from being sent over an insecure connection.

Resolve this issue by updating the attributes of the cookie:

Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests.

AFFECTED RESOURCES

  1. 1 cookie

    1. |Name|Domain & Path|
| --- | --- |
|SiteSecurity.auth|wsheellegal.cloudjiffy.net/|

kfawcett · May 22, 2023, 3:28am

It looks like you’re request is not sending the UUID value. I’m guessing this might be an issue with the identity you’re sending. It’s saying “false” as if you’re not logged in.

Can you confirm you have the “Credentails” checkbox set like my image below?

kfawcett · May 22, 2023, 3:32am

Does your security provider have “Secure” checked and SameSite set to none?

umeshhodwala · May 22, 2023, 3:42am

I am running the userdetails server connect in login form success event.

umeshhodwala · May 22, 2023, 3:44am

Samesite is none but secure is not checked. I have checked is by secure also but then it gives another error. Do i check it now?

umeshhodwala · May 22, 2023, 4:16am

If i set “secure” then i receive cors and cookies

error -

1. A cross-origin resource sharing (CORS) request was blocked because of invalid or missing response headers of the request or the associated preflight request .

To fix this issue, ensure the response to the CORS request and/or the associated preflight request are not missing headers and use valid header values.

Note that if an opaque response is sufficient, the request's mode can be set to  `no-cors`  to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

  2. AFFECTED RESOURCES

    1. 1 request

      1. |Request|Status|Preflight Request (if problematic)|Header|Problem|Invalid Value (if available)|
| --- | --- | --- | --- | --- | --- |
|all?|blocked||Access-Control-Allow-Origin|Missing Header||

  3. * Learn more: Cross-Origin Resource Sharing (CORS)

1. 1

Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute

  1. Because a cookie’s  `SameSite`  attribute was not set or is invalid, it defaults to  `SameSite=Lax` , which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

Resolve this issue by updating the attributes of the cookie:

    * Specify  `SameSite=None`  and  `Secure`  if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the  `Secure`  attribute.
    * Specify  `SameSite=Strict`  or  `SameSite=Lax`  if the cookie should not be set by cross-site requests.

  2. AFFECTED RESOURCES

    1. 1 cookie

      1. |Name|Domain & Path|
| --- | --- |
|sheellegal.sid|wsheellegal.cloudjiffy.net/|

This config.json on server -

{
  "debug": true,
  "secret": "changedbyme",
  "cors": {
    "origin": [
      "*",
      "capacitor://",
      "capacitor://localhost",
      "http://localhost",
      "capacitor-electron://localhost"
    ],
    "methods": "GET,POST,PUT,PATCH,DELETE"
  },
  "env": {
    "DB_NAME": ""
  }
}

umeshhodwala · May 22, 2023, 7:20am

CORS issue resolved after removing all origins except “*”. However identity is not being setup after login issue persist.

Do i need server to have ssl? presently the remote server do’nt have ssl.

kfawcett · May 22, 2023, 1:36pm

Normally, yes. You would need SSL on the remote server.

umeshhodwala · May 23, 2023, 6:40am

I am working on this then will come back after installation of ssl by service provider.

Thanks

umeshhodwala · May 23, 2023, 2:24pm

After installing ssl on remote server, everything works fine, however logout is not functioning.

kfawcett · May 23, 2023, 3:04pm

There’s a bug for logout. Patrick provided a hotfix. You could copy the file into your server project, just ensure you don’t let Wappler update it if you reload the project. Hopefully this fix will make it into the next Wappler version release on Thursday.