Logging in while in development mode doesn't work as expected.

Sure this is related to dev mode? This always happens when you were logged in when server restarts.
Yes it does. Not only that, this happens on fresh login also.
I've reproduced it locally and I'm looking into it.
Hi @bkimminich I wanted to let you know an other issue I am facing on development server.
After I clone juice-shop from develop branch and run npm install. I am able to run the normal server by npm start but when I do npm run serve, the following error pops up(this started last night):

The error can be corrected by making the following change in package.json
From
"serve": "concurrently --kill-others \"nodemon app\" \"cd frontend && ng serve\"",
to
"serve": "concurrently --kill-others \"node app\" \"cd frontend && ng serve\"",
or by installing nodemon(npm install nodemon --save).
I wonder this is actually an issue or it is happening just in my machine. Please let me know your views on it.
Thank You!!
@agrawalarpit14 This can be fixed if you do a npm i -g nodemon. I was supposed to revert it back to use node but forgot π€¦ββοΈ
This can be fixed if you do a
npm i -g nodemon. I was supposed to revert it back to usenodebut forgot π€¦ββοΈ
Oh that's why.ππ Do you want me to revert it and open a PR?
That would probably best or @bkimminich can just make the update himself on develop.
In other news, the issue with the original bug _may_ have to do with Angular and Express running on two separate ports. When the app is run in development mode,req.cookie.token is undefined so it's unable to fetch the user.
That would probably best or @bkimminich can just make the update himself on
develop.In other news, the issue with the original bug _may_ have to do with Angular and Express running on two separate ports. When the app is run in development mode, the cookie in the request is undefined so it's unable to fetch the user.
Yeah sure. That would actually be greatππ.
And thanks for letting me know about the cookie issue.βπ»
Having the cookie in the first place is of course a bad idea, as it duplicates the Authorization header. But it's part of some challenge(s), so would need careful analysis and "fixing".
Maybe we could add something like
let authToken = req.headers.authorization.replace('Bearer ', '');
let token = req.cookies.token ? req.cookies.token : authToken
if(token) {
// do stuff
}
With this _theoretical_ approach, if req.cookies.token is undefined then we can pass in authToken to parse for the user. This _could_ fix the bug in question.
Or can we just pass token as parameter and at the backend(in /routes/currentUser.js) while returning the user modify
const user = insecurity.authenticatedUsers.get(req.cookies.token)
to
const user = insecurity.authenticatedUsers.get(req.body.token)
or
const user = insecurity.authenticatedUsers.get(req.headers.authorization.replace('Bearer ', ''))
@bkimminich @Whamo12
Please let me know your thoughts.
Thank You!!
It appears out that although the above change can solve this error but won't help actually as req.cookies.token is used at multiple places in the app(this change is independent of them and therefore isn't useful). I feel our best bet is to make it work on the front end.π
This problem comes a bit from my own development process, as I rarely use npm run serve. The dev mode just behaves too different from "reality" in production. This got worse in Angular compared to AngularJS back then. I don't think fixing issue with dev mode is worth any extra trouble in production.
This problem comes a bit from my own development process, as I rarely use
npm run serve. The dev mode just behaves too different from "reality" in production. This got worse in Angular compared to AngularJS back then. I don't think fixing issue with dev mode is worth any extra trouble in production.
Yeah true, it might not make much sense to modify code specifically for development purposes.
This thread has been automatically locked because it has not had recent activity after it was closed. :lock: Please open a new issue for regressions or related bugs.
Most helpful comment
This problem comes a bit from my own development process, as I rarely use
npm run serve. The dev mode just behaves too different from "reality" in production. This got worse in Angular compared to AngularJS back then. I don't think fixing issue with dev mode is worth any extra trouble in production.