Recurring issues with security provider (no doubt user error) - main blocker for me right now

mgaussie · July 9, 2020, 3:43pm

Hi all,

I have successfully managed to create a sign up + login flow, the dB is connected fine and all schema retrieves correctly.

I’ve followed the creating a login doc, and set the remember property - but after logging out if I have a security enforcer I keep getting logged out - so for now, I’ve removed it from all pages while I continue to build.

The issue i’m constantly facing, and I’m sure it’s just user error - is creating a session to keep a user logged in, then referring back to the security provider for the user ID. I’m constantly getting 500 and/or unauthorized errors, specifically a weird syntax error being reported:

This is the error message:
{status: “500”, code: “22P02”,…}
code: “22P02”
message: “select “users”.“firstName”, “users”.“lastName”, “users”.“email”, “users”.“id”, “users”.“job_title”, “users”.“organization”, “users”.“user_information”, “user_information”.“calendar_link”, “user_information”.“job_title”, “user_information”.“avatar” from “users” inner join “user_information” on “user_information”.“user” = “users”.“id” where “users”.“id” = $1 - invalid input syntax for type integer: “false””

The security proider is setup as ‘Database’ which connects fine, and I’m using the Use Password Has Verify, I’m using SHA256 + salt, the sign up and login is working fine with this method.

What I’m trying to do on each content page is a server connect to get_current_user and to achieve this I need to refer back to the security provider to get the user ID. I then with most workflows try to refer back to this when doing and updates/form inserts - so with this not working it’s blocking any further progress.

I’d appreciate any ideas here for what I’m doing wrong. I’ll keep re-reading all docs, but there is only so many times I can read and double check everything.

TomD · July 9, 2020, 5:55pm

This is not really an answer to your question, and I may be missing the point, but why do you need to keep referring back to the user ID?

sitestreet · July 9, 2020, 5:55pm

On the pages you want to protect, you just need to add Security Provider (click the folder to select the linked file) and Security Restrict. That’s it. You can then access the identity ID if you need to.

mgaussie · July 9, 2020, 5:58pm

Hi @TomD - from what I’ve read this is the best way to call the current user info to then get that users information for the various dB queries on a page. If there is a better way i’m very open to it.

I come from Bubble, where it’s super easy to always call ‘current_user’ information for pages and page queries/data.

mgaussie · July 9, 2020, 5:58pm

Yep, this is what I do and have followed - but seem to get recurring issues, and constant log outs.

TomD · July 9, 2020, 6:07pm

To do updates and inserts, once a user is logged on and can access the restricted pages, it’s only necessary to add the security provider enforcer to the relevant pages, as @sitestreet mentions. However, I appreciate there could be reasons why you might want the id.

If you’re having log outs etc, it seems there are other issues. Once the session is created, it should remain unless deleted when you log out - or perhaps accidentally by calling a logout server action. If this is using NodeJS, perhaps there are other issues (I’ve yet to try NodeJS).

mgaussie · July 10, 2020, 9:18pm

Thanks @TomD and @sitestreet - currently I’ve been adding the security provider to each server side action as a way of getting the security ID - is there a way I can handle this at page level, so it doesn’t need to be added to each server side action? In Node (this is a node project) I can add it to each content page - but as that appears to be on the app side, I can’t reference it on server side actions.

mebeingken · July 10, 2020, 10:49pm

After successful login you could set a session variable that contains the logged in user’s security id, and then reference it anywhere in any server actions.

sitestreet · July 10, 2020, 10:55pm

This is already done if it’s a PHP project but I’m not sure if NodeJS does it, too. The session variable created in PHP is $_SESSION['security1Id'] if the security provider name is security1.

mebeingken · July 10, 2020, 10:57pm

Completely forgot about that Jon…good save.

mgaussie · July 10, 2020, 11:00pm

Thanks guys, on the plus side - the way you both talk about it - it must be a super simple thing to solve, but I just can’t right now - I’m successfully logging in - but I keep getting logged out.

I can’t see any references of the security id on the server side as a session or otherwise, the only way I can get to it is if I put the security provider in the actual server action step - I can reference it there.

Am I missing something obvious here?!

brad · July 10, 2020, 11:02pm

Do you have a Log Out Action on your page? If so, be sure to check 'no auto load'.

sitestreet · July 10, 2020, 11:03pm

I may not be much help as you’re using NodeJS and I’ve not tried that yet. With PHP I just add the security provider action in my server connect file and that gives me access to the logged in id. If I want to restrict that script then I add the security restrict action, too. But I don’t have issues of being logged out.

You have made the script linked, haven’t you? And then selecting that linked file in each script?

sitestreet · July 10, 2020, 11:03pm

Good call, @brad. You might (hopefully) be onto something there. Hadn’t thought of that.

mgaussie · July 10, 2020, 11:05pm

I do have this on the layout page, but I have No Auto Load selected:

mgaussie · July 10, 2020, 11:07pm

Ok, so are you saying that for each and every server connect - you include the security provider in the steps? e.g.

Screen Shot 2020-07-10 at 4.06.59 pm

If so, this is what I am doing - so this is the correct way to do it? There is no global way to apply it?

sitestreet · July 10, 2020, 11:13pm

Yes, that’s what I do. I’m not necessarily right, though

sitestreet · July 10, 2020, 11:15pm

Can you temporarily remove the Server Connect ‘log_user_out’ and see if you still have the problem? That might narrow down the cause.

mgaussie · July 10, 2020, 11:25pm

Just tried that, still no luck - I’ve removed the security restrict server connect from all pages just to continue to view them, I added to one and redirected me to login or I get unauthorized.

This is an error I get when trying to load a resource that requires the connect: (500 error)

message: “select “users”.“firstName”, “users”.“lastName”, “users”.“email”, “users”.“id”, “users”.“job_title”, “users”.“organization”, “users”.“user_information”, “user_information”.“calendar_link”, “user_information”.“job_title”, “user_information”.“avatar” from “users” inner join “user_information” on “user_information”.“user” = “users”.“id” where “users”.“id” = $1 - invalid input syntax for type integer: “false””

UKRiggers · July 11, 2020, 6:37am

I don’t know the answer and I’m not near a computer but the error message shows
where “users”.“id” = $1 - invalid input syntax for type integer: “false””
and to me “$1” looks wrong. Variables shouldn’t start with a “1”. Or if that is meant to be the ID then it shouldn’t have “$”. This is just a simple observation after waking up from a bad nights sleep