[英]Loopback throws accessToken undefined even though a user is logged in
I´m working on a loopback JS app with the angular JS SDK on frontend. 我正在使用前端角度JS SDK的环回JS应用程序。 I have an after hook on a the find remote method for a model which verifies if there is an access token on the current context.
我在模型的find远程方法上有一个挂钩,用于验证当前上下文中是否存在访问令牌。
Team.afterRemote('find',function(context,boards,next){
var ExeboardUser = app.models.ExeboardUser;
var ExeboardUserBoard = app.models.ExeboardUserBoard;
var ctx = loopback.getCurrentContext();
var at = ctx.get('accessToken');
if(at==undefined || at==null){
// return 401
console.log("Unauthorized: Find Boards-User not logged in.");
var newError = new Error("Unauthorized: Find Boards");
newError.status = 401;
next(newError);
}
else{
//.. more verifications and operations on the data
}
});
This verification works well.... Sometimes. 此验证效果很好....有时候。 The problem I´m having is that at random times I get a 401 Unauthorized because loopback got an undefined access token.
我遇到的问题是随机时间我得到401 Unauthorized,因为loopback得到了一个未定义的访问令牌。 This happens even though I´m logged in, and if I send again the request the token magically reappears and the permissions are granted.
即使我已登录,也会发生这种情况,如果我再次发送请求,则令牌会神奇地重新出现并授予权限。
I don´t know exaclty how to replicate every time this error. 我不知道每次出现此错误时如何复制。 I just know it happens (sometimes) if I leave the session iddle for 5-10 minutes, or if I´m making changes to the frontend and I do a refresh.
我知道如果我离开会话谜语5-10分钟,或者如果我对前端进行更改并且我刷新,则会发生(有时)。
On angularJS I call the endpoint at the beggining of my controller. 在angularJS上,我在控制器的开始处调用端点。 This means that I make the request as soon as the user enters the url which has the controller.
这意味着我会在用户输入具有控制器的URL时立即发出请求。
var getTeam = function(){
Team.find({filter:{where:{ id:$stateParams.id }}})
.$promise
.then(function(response){
$log.log("SUCCESS",response);
},
function(err){
$log.log(err);
});
};
What I can´t understand is why it happens sometimes and sometimes doesn´t. 我无法理解的是为什么它有时发生,有时不发生。 Can anyone help me spot the error?
任何人都可以帮我发现错误吗?
Instead of a remote hook, you should use the following ACL on your model: 您应该在模型上使用以下ACL,而不是远程钩子:
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "DENY",
"property": "find"
}
Can you please check the following? 你能检查一下吗?
Order of token and context middleware in server.js
file. server.js
文件中令牌和上下文中间件的顺序。 I have this order: 我有这个订单:
app.use(loopback.context()); app.use(loopback.token());
Check in console to know the location of stored access token, localStorage
or sessionStorage
. 检入控制台以了解存储的访问令牌,
localStorage
或sessionStorage
。 sessionStorage
gets removed when you close the browser tab. 关闭浏览器选项卡后会删除
sessionStorage
。
I cannot use comment feature yet as my reputation is not yet 50 :). 我还不能使用评论功能,因为我的声誉还不到50 :)。 Apologies, if this looked more like comments.
道歉,如果这看起来更像评论。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.