Authentication Middleware does not work via Admin Dash #8046
Comments
|
Hey can I work on this issue? |
|
@TimCrooker there is no user on the req, have you looked at the auth middleware by any change? could you log |
|
There is not a req.user by default yes but that is what the authenticate middleware does is attaches the user onto the request object. I tested this and it works via postman. Here are some logs from the middleware that runs AFTER authenticate for product creation auth_context undefined this worked properly and as you can see the user details are attached to the context as expected and the product is created. When using the admin UI the flow stops in the authenticate middleware and returns a 401 dispite being logged in with the same creds. I created a logger middleware to log out some details BEFORE authenticate middleware and there is no auth context or req.user auth_context undefined auth_context never exists on the req object |
|
My bad i thought you were using medusa v2 😅 are you testing everything on your local machine? |
|
@adrien2p everything is running local |
|
and your cors are properly configured? |
|
@adrien2p yes. If it was not then I would be unable to log in. |
|
So with those information it sounds like the cookie is not sent to the api, could you check that please |
|
Cookies provided from the network tab headers: lng=en; ajs_user_id=usr_01J279R1YBK0AE2G4HYNWYVVV5; ajs_anonymous_id=7f3288f3-671e-41bd-8b08-a3d18b865648; connect.sid=s%3AW73EcOcNNezelIypTmmvW7Owc9ZoXf6e.OOfG6VZ92CAn8%2F2G7jUAgCZafCuQklmRqwj0MmteXxM Cookies recieved in my logger middleware before authentication call on server: cookies { |
|
Weirdly it seems that for all GET calls everything works as expected but for all POST calls where i have the authentication middleware registered it fails and looks like this in network tools: 
'connect.sid': 's:W73EcOcNNezelIypTmmvW7Owc9ZoXf6e.OOfG6VZ92CAn8/2G7jUAgCZafCuQklmRqwj0MmteXxM' |
|
After even further investigation seems that in the UI the GET call for products works and logs the cookies but cookies are undefined for the POST call to create a product |
|
@adrien2p Anything on this? This is acting as a bit of a road block for me at the moment. Seems only POST calls have what looks like CORS issues when using this middleware. When not using the middleware its fine but i cant get user context |
|
I was able to resolve this myself by digging into the req object and finding that user_id exists in session['user_id'] You should probably remove the invalid tutorial for implementing this functionality though. it simply does not work and wasted a ton of time here is is: https://docs.medusajs.com/development/api-routes/example-logged-in-user |
How did you solved exactly?, I'm facing the same issue, GET calls are ok, but in the POST; DELETE, I always get 401 |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 3 days. |
|
This issue was closed because it has been stalled for 3 days with no activity. |
Did you? |
Bug report
Describe the bug
I created the below middleware based on the guide in the documentation with the goal of accessing the user details inside services. The authenticate() middware consumed from the medusa package works perfectly when using the API but when performing the same actions via the Admin Dash they are blocked with a 401 error. This is the same account with the same credentials.
middleware code:
middleware config:
System information
Medusa version (including plugins):
Node.js version: 18.19.0
Database: Postgres
Operating system: MacOs
Browser (if relevant): Chrome
Steps to reproduce the behavior
add product via api after authentication it works.
add product via admin after authentication it is rejected with a 401 error
Expected behavior
Expected the auth middleware to allow the call
The text was updated successfully, but these errors were encountered: