System Information
- Strapi Version:
- Operating System:
- Database:
- Node Version:
- NPM Version:
- Yarn Version:
Trying to create custom user authentication with cookies. When a user sends a login request a cookie with the bearer is returned, but when trying to make requests with that cookie the user is still unauthenticated.
Right now I have a user-permissions.js located at src/extensions/user-permissions/policies:
"use strict";
const { castArray, map } = require("lodash/fp");
const { ForbiddenError, UnauthorizedError } = require("@strapi/utils").errors;
const getService = (name) => {
return strapi.plugin("users-permissions").service(name);
};
const getAdvancedSettings = () => {
return strapi
.store({ type: "plugin", name: "users-permissions" })
.get({ key: "advanced" });
};
const authenticate = async (ctx) => {
console.log("á");
try {
const token = await getService("jwt").getToken(ctx);
if (token) {
const { id } = token;
if (id === undefined) {
return { authenticated: false };
}
// fetch authenticated user
const user = await getService("user").fetchAuthenticatedUser(id);
if (!user) {
return { error: "Invalid credentials" };
}
const advancedSettings = await getAdvancedSettings();
if (advancedSettings.email_confirmation && !user.confirmed) {
return { error: "Invalid credentials" };
}
if (user.blocked) {
return { error: "Invalid credentials" };
}
ctx.state.user = user;
return {
authenticated: true,
credentials: user,
};
}
const publicPermissions = await strapi
.query("plugin::users-permissions.permission")
.findMany({
where: {
role: { type: "public" },
},
});
if (publicPermissions.length === 0) {
return { authenticated: false };
}
return {
authenticated: true,
credentials: null,
};
} catch (err) {
return { authenticated: false };
}
};
const verify = async (auth, config) => {
console.log("b");
const { credentials: user } = auth;
if (!config.scope) {
if (!user) {
// A non authenticated user cannot access routes that do not have a scope
throw new UnauthorizedError();
} else {
// An authenticated user can access non scoped routes
return;
}
}
let allowedActions = auth.allowedActions;
if (!allowedActions) {
const permissions = await strapi
.query("plugin::users-permissions.permission")
.findMany({
where: { role: user ? user.role.id : { type: "public" } },
});
allowedActions = map("action", permissions);
auth.allowedActions = allowedActions;
}
const isAllowed = castArray(config.scope).every((scope) =>
allowedActions.includes(scope)
);
if (!isAllowed) {
throw new ForbiddenError();
}
};
module.exports = {
name: "users-permissions",
authenticate,
verify,
};
I also have a strapi-server.js located at src/extensions/user-permissions:
"use strict";
const { callback, register } = require("./controllers/auth");
const permissions = require("./policies/users-permissions");
module.exports = (plugin) => {
plugin.controllers.auth.callback = callback;
plugin.controllers.auth.register = register;
plugin.policies["permissions"] = permissions;
return plugin;
};
the user-permissions don’t get used though, resulting in the default action. How do I setup the strapi-server so that the user-permissions get used for every request?