Not logged in user gets 200 response, how to get 403

Wappler General
#1

I have a mobile project as the front end for a node.js Wappler back end.

I have the security, log in and restrictions working on the back end but I want to have a page load in my app and if the user is not logged in, redirect to the login form.

Followed the tutorials and created everything which seems to be working but when I try to load a list of products (when not logged in) that should NOT work as it is restricted with a security provider, I get a 200 response with -
{“identity”:false,“query”:}
I thought it would return forbidden or 403 so I can redirect the user to the login.
the same happens if it access the api directly in my browser.
Do I need to specify this in my API steps?

#2

Hi Paul,

Is this a Mobile App or a Web App?

If Mobile, unfortunately security restrict is not available in regular html pages. I got around this by adding my login form to the main home view. Then I hid it and showed paged content if login was successful.

On other pages I hid content if not logged in and provided a link back to the log in.

Not sure if there is a better way or not but it works and was approved by both the Google Play and Apple App Store.

1 Like
#3

Hi Brad, that what I was thinking.
It is a mobile app which I original coded against a Wordpress/woocommerce back end but got so annoyed with plugin updates breaking things I decided to start from scratch with a Wappler back end.

How do you check that a login is successful, or not?

#4

Really not much different than any regular web app login except you need to check the ‘credentials’ option in your form.

Screen Shot 2021-04-28 at 11.58.31 AM
Screen Shot 2021-04-28 at 11.58.31 AM762×808 41.4 KB

1 Like
#5

That’s great news Brad!

#6

I always wondered what that was for.

I have tried with credentials but then I get a CORS error, remove credentials and CORS error goes.

I have set the login to show on app load to force a login and now I get a forbidden error with incorrect login details (exactly what I wanted)!!!

No idea why it wasn’t working before :blush:

So working as expected now, thanks for the help.

Next is to play with “remember me” so the user doen’t have to type in their details every time they load the app.

Regards, Paul.

#7

In my experience with my app they will stay logged in until the actually log out. So no need to worry about that. :wink:

2 Likes