Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[authorization] userToPrinciple using incorrect id/securityId #3707

Closed
JohnLindahlTech opened this issue Sep 11, 2019 · 7 comments
Closed

[authorization] userToPrinciple using incorrect id/securityId #3707

JohnLindahlTech opened this issue Sep 11, 2019 · 7 comments
Assignees
@jannyHou
Labels
Authorization bug

Comments

@JohnLindahlTech
Copy link

JohnLindahlTech commented Sep 11, 2019
edited
Loading

Steps to reproduce

The userToPrinciple method in authZ breaks current UserProfile at the following line:
https://github.com/strongloop/loopback-next/blob/81890fce1e5cdaf1821557537164f23ba687386b/packages/authorization/src/authorize-interceptor.ts#L160

Current Behavior

As you can see the method basically throws the securityId away (by setting it to the name) and tries to set the id (which no longer is valid in UserProfile to securityId on the principal.
So from here on, currentUserProfile always has an undefined securityId.

Expected Behavior

The principal which is used in authorizors ( currentUser = authorizationCtx.principals[0];) should have a working securityId.

tagging @raymondfeng @jannyHou as the usual suspects :)

Using:

├─┬ @loopback/[email protected]
│ └── @loopback/[email protected]  deduped
├─┬ @loopback/[email protected]
│ └── @loopback/[email protected]  deduped
└── @loopback/[email protected]
@dhmlau
Copy link
Member

dhmlau commented Sep 11, 2019

Thanks @JohnPhoto for tagging them. :)

@jannyHou @raymondfeng , could you please take a look? Thanks.

@jannyHou
Copy link
Contributor

@JohnPhoto we released @loopback/[email protected] which is compatible with @loopback/[email protected], can you try them?

@JohnLindahlTech
Copy link
Author

Those are the ones I am using as you can see in my edit of my original post.

@derdeka derdeka mentioned this issue Sep 24, 2019
Closed
7 tasks
@derdeka
Copy link
Contributor

derdeka commented Sep 24, 2019

Related to #3766

@jannyHou jannyHou mentioned this issue Sep 25, 2019
Merged
@derdeka
Copy link
Contributor

derdeka commented Sep 26, 2019

Fixed with #3807 ?

@derdeka
Copy link
Contributor

derdeka commented Oct 11, 2019

@jannyHou @raymondfeng @JohnPhoto
Is the issue resolved as #3807 is merged?

@dhmlau
Copy link
Member

dhmlau commented Oct 12, 2019

Closing as resolved.

@dhmlau dhmlau closed this as completed Oct 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jannyHou jannyHou

Labels
Authorization bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(authorization): remove userToPrinciple derdeka/loopback-next
5 participants
@raymondfeng @JohnLindahlTech @jannyHou @derdeka @dhmlau