keystone 5 App Admin UI signin action doesn't work as expected after building and serving the build

Created on 21 Feb 2020  路  4Comments  路  Source: keystonejs/keystone

When I used App Admin UI in development mode the signin page and redirection after signing in worked correctly.

but after building the app I started it locally to ensure that everything works fine before the deployment, then I found that the admin UI signin page doesn't work correctly, I used the same user authentication I used in development, the same database. it called the api correctly and received 200 status for the login authentication call. and also it triggered the reload. but I redirected to the signin page again.

  1. create a keystone app with user authentication.
  2. try running and logging into the admin ui in dev mode.
  3. now build the application then start it locally.
  4. try logging into the admin ui from signin page.

Expected behaviour

After signing in call completes successfully the app should redirect me to the main page.

Actual behaviour

After signing in call completes successfully the app reloads and redirect me to the signin page again.

System information

  • OS: macOS
  • Browser: Chrome

Most helpful comment

If you don't use HTTPS disabled secureCookies : https://www.keystonejs.com/keystonejs/keystone/#securecookies

All 4 comments

I started debugging and found something that may effect the issue.

app-admin-ui/index.js

isAccessAllowed(req) {
    if (!this.authStrategy) {
      return true;
    }
    return (
      req.user &&
      this._isAccessAllowed({ authentication: { item: req.user, listKey: req.authedListKey } }) &&
      req.session.audiences &&
      req.session.audiences.includes('admin')
    );
  }

isAccessAllowed function depends on req.session key, but when I checked the req object I found that the key is called req.Session.session in some requests. so I tried fixing it this way:

const sessionKey = req.session || (req.Session && req.Session.session);

return (
  req.user &&
  this._isAccessAllowed({ authentication: { item: req.user, listKey: req.authedListKey } }) &&
  sessionKey.audiences &&
  sessionKey.audiences.includes('admin')
);

but this solution doesn't fix anything in the issue.

This can be resolved by setting the sessionStore option to a compatible session store (e.g connect-mongo). https://www.keystonejs.com/keystonejs/keystone/#sessionstore

const expressSession = require('express-session');
const MongoStore = require('connect-mongo')(expressSession);

const keystone = new Keystone({
  /* ...config */
  sessionStore: new MongoStore({ url: 'mongodb://localhost/my-app' }),
});

This should really be surfaced as a prerequisite to publishing keystone sites. They've got _"This should be configured before deploying your app."_ written next to the section, but it's very easy to miss. I might submit a PR to the docs regarding this tidbit.

Funnily enough, this was an issue with sites in v4 as well- I remember scratching my head for days before someone helped me out.

If you don't use HTTPS disabled secureCookies : https://www.keystonejs.com/keystonejs/keystone/#securecookies

@MichaelZaporozhets Thank you for your reply. I solved it like @Heolink mentioned. It was just setting secureCookies: false
Thank you guys.

Was this page helpful?
0 / 5 - 0 ratings