google login - You do not have the correct permissions #2461

hhchow7 · 2021-04-20T09:44:26Z

hhchow7
Apr 20, 2021

Background

I am using users service for all authentication(local login, google login,etc). All methods of authentication will create users through users service.

Steps to reproduce

1.)Generate google access token in Frontend(I am using React library react-google-login)
2)Login using google strategy

POST /authentication
body

{
    "strategy": "google",
    "access_token": "<google access token in step 1>"
}

Expected behavior

Login successfully

Actual behavior

Failed to login

{
    "name": "Forbidden",
    "message": "You do not have the correct permissions.",
    "code": 403,
    "className": "forbidden",
    "errors": {}
}

What I have tried

I tried to change all methods in before hook in users.hooks.js to

          checkPermissions({
            roles: [ 'superadmin', 'admin'],
            error: false,       <-------------------------------------Change to false instead of true
          })

It works then, so I think the problems is because of the checkPermissions hook.
Since I want to throw error instantly if permissions not applicable, so the value of error must be true

After that, I tried to do something like this:

        iff((context => !context.params.authStrategies) || (context => !(context.params.authStrategies[0] === 'google')),
          authenticate('jwt'),
          checkPermissions({
            roles: [ 'superadmin', 'admin'],
            error: true,
          }),
         ...
        )

The logic is if users are loggined through google > then do not authenticate jwt and do not need to check permissions

But I find it is not working.

Code

authentication.js

const { AuthenticationService, AuthenticationBaseStrategy, JWTStrategy } = require('@feathersjs/authentication');
const { LocalStrategy } = require('@feathersjs/authentication-local');
const { expressOauth } = require('@feathersjs/authentication-oauth');

const { OAuthStrategy } = require('@feathersjs/authentication-oauth');
class GoogleStrategy extends OAuthStrategy {

  async getEntityData(profile) {
    const baseData = await super.getEntityData(profile);
    const existingOauthEntity = await super.findEntity(profile)

    // Check if user already exist
    if(existingOauthEntity){
      console.log("true")
      return {
        ...baseData
      }
    }else{
      console.log(false)
      return {
        ...baseData,
        email: profile.email,
      };
    }
  }
}


module.exports = app => {
  const authentication = new AuthenticationService(app);

  authentication.register('jwt', new JWTStrategy());
  authentication.register('local', new LocalStrategy());
  authentication.register('google', new GoogleStrategy());
 
  app.use('/authentication', authentication);
  app.configure(expressOauth());

};

users.hooks.js

const { iff, isProvider, keep, required, disallow, disablePagination, preventChanges, sequelizeConvert} = require('feathers-hooks-common');
const { authenticate } = require('@feathersjs/authentication').hooks;
const checkPermissions = require('feathers-permissions');
const errors = require('@feathersjs/errors');

const {
  hashPassword, protect
} = require('@feathersjs/authentication-local').hooks;

module.exports = {
  before: {
    all: [   
      sequelizeConvert({
        isEmailVerified: 'boolean',
      }),
    ],
    find: [
      iff(isProvider('external'),
        authenticate('jwt'),
        checkPermissions({
          roles: ['admin'],
          error: true,
        })
    )
    ],
    get: [
      iff(isProvider('external'),
        iff((context => !context.params.authStrategies) || (context => !context.params.authStrategies[0] === 'google'),
          authenticate('jwt'),
          checkPermissions({
            roles: [ 'superadmin', 'admin'],
            error: true,
          })
        )
      )
    ],
    create: [
      iff(isProvider('external'),
        iff((context => !context.params.authStrategies) || (context => !(context.params.authStrategies[0] === 'google')),
          authenticate('jwt'),
          checkPermissions({
            roles: ['admin'],
            error: true,
          }),
          required('email', 'password'),
          hashPassword('password'),
        )
      )
    ],
    update: [disallow()],
    patch: [
      iff(isProvider('external'),
      preventChanges(true, [
        'id',
        'password'
      ]),
      authenticate('jwt'),
      checkPermissions({
        roles: ['admin'],
        error: true,
      }),
      )
    ],
  },
  after: {
    all: [ 
      sequelizeConvert({
        isEmailVerified: 'boolean',
      }),
      protect(
        'password',
      )
    ],
    update: [disallow('external')],
  },

};

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

google login - You do not have the correct permissions #2461

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 0 comments

Select a reply

google login - You do not have the correct permissions #2461

hhchow7 Apr 20, 2021

Background

Steps to reproduce

Expected behavior

Actual behavior

What I have tried

Code

Replies: 0 comments

hhchow7
Apr 20, 2021