Giters

blitz-js / blitz

⚡️ The Missing Fullstack Toolkit for Next.js

Home Page:https://Blitzjs.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Page role authentication does not work when using `roles` instead of `role`

mjyoung opened this issue · comments

commented

What is the problem?

When creating a session and setting publicData.roles = ["Role1", "Role2"], using Page.authenticate = { role: "Role1" } does not work and will always result in an AuthenticationError.

It looks like this assumes we're always setting a single publicData.role instead of an array of roles:

blitz/packages/blitz-auth/src/client/index.tsx

Line 352 in fb232d1

!authorizeRole(authenticate.role, publicData.role as string)

Paste all your error logs here:

AuthenticationError

Paste all relevant code snippets here:

mutations/login.tsx

  await ctx.session.$create({ userId: user.id, roles: ["Role1", "Role2"] })

pages/protected.tsx

const Protected = () => {
  return <div>Hi</div>
}

export default Protected

Protected.authenticate = { role: ["Role1"] }

What are detailed steps to reproduce this?

  1. On login:
  await ctx.session.$create({ userId: user.id, roles: ["Role1", "Role2"] })
  1. Create pages/protected.tsx:
const Protected = () => {
  return <div>Hi</div>
}

export default Protected

Protected.authenticate = { role: ["Role1"] }
  1. Open browser and navigate to /protected

Will always get an error because the auth client only checks against the publicData.role instead of publicData.roles

Run blitz -v and paste the output here:

Blitz version: 2.0.0-beta.35 (global)
Blitz version: 2.0.0-beta.35 (local)
macOS Ventura | darwin-arm64 | Node: v20.8.1


 Package manager: pnpm

  System:
    OS: macOS 13.5.2
    CPU: (10) arm64 Apple M1 Pro
    Memory: 524.55 MB / 32.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 20.8.1 - ~/.asdf/installs/nodejs/20.8.1/bin/node
    Yarn: 1.22.19 - /opt/homebrew/bin/yarn
    npm: 10.1.0 - ~/.asdf/plugins/nodejs/shims/npm
  npmPackages:
    @blitzjs/auth: 2.0.0-beta.35 => 2.0.0-beta.35 
    @blitzjs/next: 2.0.0-beta.35 => 2.0.0-beta.35 
    @blitzjs/rpc: 2.0.0-beta.35 => 2.0.0-beta.35 
    @prisma/client: 5.4.2 => 5.4.2 
    blitz: 2.0.0-beta.35 => 2.0.0-beta.35 
    next: 13.5.4 => 13.5.4 
    prisma: 5.4.2 => 5.4.2 
    react: 18.2.0 => 18.2.0 
    react-dom: 18.2.0 => 18.2.0 
    typescript: ^4.8.4 => 4.9.5

Please include below any other applicable logs and screenshots that show your problem:

No response

commented

thanks for the issue @mjyoung! It would be better to handle this case. Marking it as ready to work on.