Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uncomment role checks in dbAuth's auth.js template #4476

Merged
merged 3 commits into from
Feb 18, 2022
Merged

Uncomment role checks in dbAuth's auth.js template #4476

merged 3 commits into from
Feb 18, 2022
+2 −3

Conversation

cannikin
Copy link
Member

Not sure why I would have commented these out, I thought I just copied the standard auth.js template and make a couple of changes for getCurrentUser() unique to dbAuth.

@cannikin cannikin requested a review from dthyresson February 14, 2022 22:41
@thedavidprice
Copy link
Contributor

@dthyresson did you mean to comment these when you were resolving the TS errors over here 20cb526?

@dthyresson
Copy link
Contributor

I don’t think so, they should be there. But will check for typing.

dthyresson
dthyresson previously approved these changes Feb 15, 2022
View reviewed changes
@dthyresson
Merge branch 'main' into rc-dbauth-template-fix

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
edf02e9
@dthyresson
Copy link
Contributor

Oh, I see:

For DbAuth, since the User model doesn't yet have roles, the role check is commented out and the developer is informed to re-enabled them as needed

Maybe with the new Tutorial examples, roles will exist? @cannikin

@dthyresson dthyresson dismissed their stale review February 15, 2022 21:03

Premature approval

@dthyresson dthyresson self-requested a review February 15, 2022 21:03
dthyresson
dthyresson requested changes Feb 15, 2022
View reviewed changes
Copy link
Contributor

@dthyresson dthyresson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For DbAuth, since the User model doesn't yet have roles, the role check is commented out and the developer is informed to re-enabled them as needed

Maybe with the new Tutorial examples, roles will exist? @cannikin

That's why they were commented out.

@cannikin
Copy link
Member Author

Well, we won't have roles in part 1, we add them in part 2. But, any calls to requireAuth() also won't have the roles argument passed, so it will fall through to return true. We'll only start passing roles once we actually have them in the database, and then the real checks will kick in.

@cannikin
Copy link
Member Author

How's this looking, could we merge? I heard a rumor @thedavidprice was thinking of doing a release and it'd be nice if this was in it, otherwise people going through Part 2 of the tutorial are gonna be very confused!

@dthyresson
Copy link
Contributor

How's this looking, could we merge? I heard a rumor @thedavidprice was thinking of doing a release and it'd be nice if this was in it, otherwise people going through Part 2 of the tutorial are gonna be very confused!

I need to check that the types don’t give a warning. And see if it did if adding empty roles to currentUser (even empty) is ok.

@dthyresson
Merge branch 'main' into rc-dbauth-template-fix

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
c154fd3
@cannikin
Copy link
Member Author

So the real role checking only kicks in if you make a call to hasRole({ roles }), so it won't matter if User has a roles property unless you start making that function call. Once you do, if user has no roles property then it'll return undefined, and if they do have a roles property, but it's empty, it'll return false since it won't include the role you're checking for. So all those cases should be correct.

But, this is now the same as the non-dbAuth auth.js template so if any logic changes need to be made here they'd need to be made there as well, right?

@dthyresson
Copy link
Contributor

But, this is now the same as the non-dbAuth auth.js template so if any logic changes need to be made here they'd need to be made there as well, right?

Ok. Approved

@cannikin
Copy link
Member Author

On latest test run @thedavidprice

@redwoodjs/cli: FATAL ERROR: Committing semi space failed. Allocation failed - JavaScript heap out of memory

😬

@cannikin cannikin merged commit 96f0334 into main Feb 18, 2022
@cannikin cannikin deleted the rc-dbauth-template-fix branch February 18, 2022 19:12
@jtoar jtoar added this to the next-release milestone Feb 18, 2022
@cannikin
Copy link
Member Author

I went ahead and merged this, but after a couple runs the Windows Node 16 test still fails with out-of-memory errors.

@thedavidprice thedavidprice modified the milestones: next-release, v0.46.0 Feb 18, 2022
dac09 added a commit to dac09/redwood that referenced this pull request Feb 21, 2022
@dac09
Merge branch 'main' of github.com:redwoodjs/redwood into chore/smoke-…
95a13e6 
…test

* 'main' of github.com:redwoodjs/redwood: (23 commits)
  Netlify client getToken fix when GoTrue client refreshes JWT (redwoodjs#4539)
  Update dependency @supabase/supabase-js to v1.30.4 (redwoodjs#4536)
  Envelop: Don't use useImmediateIntrospection as it causes auth bug (redwoodjs#4538)
  Update dependency react-hook-form to v7.27.1 (redwoodjs#4521)
  try increasing timeout for flaky test (redwoodjs#4526)
  Update dependency stacktracey to v2.1.8 (redwoodjs#4519)
  Update dependency msw to v0.38.1 (redwoodjs#4525)
  Update dependency eslint-config-prettier to v8.4.0 (redwoodjs#4522)
  Provide a Revised Runtime Error Page (redwoodjs#4167)
  update yarn.lock
  v0.46.0
  Update dependency esbuild to v0.14.23 (redwoodjs#4518)
  Fix Storybook build args (redwoodjs#4455)
  Update dependency react-helmet-async to v1.2.3 (redwoodjs#4502)
  Bump url-parse in /__fixtures__/example-todo-main-with-errors (redwoodjs#4511)
  Bump url-parse from 1.5.1 to 1.5.7 in /__fixtures__/example-todo-main (redwoodjs#4512)
  Update dependency fastify to v3.27.2 (redwoodjs#4516)
  Uncomment role checks (redwoodjs#4476)
  Update dependency zx to v5.1.0 (redwoodjs#4505)
  Update dependency firebase to v9.6.7 (redwoodjs#4514)
  ...
@cannikin cannikin mentioned this pull request Feb 24, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dthyresson dthyresson

Assignees

@cannikin cannikin

Labels
release:fix This PR is a fix topic/auth
Projects
No open projects
Release
Status: Archived
Milestone
v0.46.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@cannikin @thedavidprice @dthyresson @jtoar