401 for token request api

Question

401 for token request api

tguelcan opened this issue 5 years ago · 5 comments

When i ask for token secured requests, i get a 401 message. Even if I follow the instructions exactly.
I have set up the project again freshly. unfortunately that doesn't help either.

node v8.9.4
npm 5.6.0

{
  "name": "rest-generator",
  "version": "0.0.0",
  "main": "src",
  "private": true,
  "scripts": {
    "start": "node .",
    "test": "jest",
    "coverage": "npm test -- --coverage",
    "postcoverage": "opn coverage/lcov-report/index.html",
    "dev": "nodemon -i \"*.test.js\" .",
    "prod": "cross-env NODE_ENV=production nodemon -i \"*.test.js\" -r dotenv-safe/config .",
    "lint": "eslint src",
    "docs": "apidoc -i src -o docs && apidoc-markdown -p docs -o DOCS.md",
    "postdocs": "opn docs/index.html"
  },
  "jest": {
    "testEnvironment": "node",
    "setupTestFrameworkScriptFile": "<rootDir>/test/setup.js"
  },
  "devDependencies": {
    "apidoc": "^0.17.6",
    "apidoc-markdown": "^0.2.0",
    "babel-eslint": "^8.0.1",
    "babel-jest": "^20.0.3",
    "cross-env": "^5.0.5",
    "dotenv-safe": "^4.0.3",
    "eslint": "^4.19.1",
    "eslint-config-standard": "^11.0.0",
    "eslint-plugin-import": "^2.11.0",
    "eslint-plugin-node": "^6.0.1",
    "eslint-plugin-promise": "^3.7.0",
    "eslint-plugin-standard": "^3.1.0",
    "jest-cli": "^20.0.4",
    "mongodb-memory-server": "^1.7.3",
    "nock": "^9.0.2",
    "nodemon": "^1.10.2",
    "opn-cli": "^3.1.0",
    "sinon": "^4.0.1",
    "supertest": "^3.0.0"
  },
  "dependencies": {
    "babel-core": "^6.26.0",
    "babel-plugin-transform-runtime": "^6.23.0",
    "babel-preset-es2015": "^6.24.1",
    "babel-preset-stage-1": "^6.24.1",
    "babel-runtime": "^6.26.0",
    "bcrypt": "^2.0.1",
    "bluebird": "^3.5.1",
    "body-parser": "^1.18.2",
    "bodymen": "^1.0.3",
    "compression": "^1.7.1",
    "cors": "^2.8.4",
    "express": "^4.16.2",
    "jsonwebtoken": "^8.1.0",
    "mongoose": "^5.1.0",
    "mongoose-create-unique": "^0.4.4",
    "mongoose-keywords": "^0.4.0",
    "morgan": "^1.7.0",
    "passport": "^0.4.0",
    "passport-http": "^0.3.0",
    "passport-http-bearer": "^1.0.1",
    "passport-jwt": "^3.0.0",
    "querymen": "^2.1.3",
    "rand-token": "^0.4.0",
    "request": "^2.83.0",
    "request-promise": "^4.2.2"
  }
}

after Basic Auth:

{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjMDU4NThkYTNkYmQxOGMzNmU0MGU5ZCIsImlhdCI6MTU0Mzg2ODE2NH0.eWxADiBrQx_xoQUhcZMRJvM26XmYfPOyV8bHMCiPzZA",
    "user": {
        "id": "5c05858da3dbd18c36e40e9d",
        "name": "test",
        "picture": "https://gravatar.com/avatar/b642b4217b34b1e8d3bd915fc65c4452?d=identicon",
        "email": "test@test.com",
        "createdAt": "2018-12-03T19:35:41.486Z"
    }
}

when i execute the curl command (or over postman) now i get the following message

curl -X POST http://0.0.0.0:9000/articles -i -d "title=Awesome Article&content=Yeah Baby&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVjMDU4NThkYTNkYmQxOGMzNmU0MGU5ZCIsImlhdCI6MTU0Mzg2ODE2NH0.eWxADiBrQx_xoQUhcZMRJvM26XmYfPOyV8bHMCiPzZA"

HTTP/1.1 401 Unauthorized X-Powered-By: Express Access-Control-Allow-Origin: * Date: Mon, 03 Dec 2018 20:19:44 GMT Connection: keep-alive Transfer-Encoding: chunked

Answer 1 · 2018-12-03T20:41:06.000Z

Hi @tguelcan.

Could you please put together the code of src/api/article/index.js and src/api/article/controller.js?

Answer 2 · 2018-12-03T20:58:08.000Z

Hi @diegohaz

// src/api/article/index.js

import { Router } from 'express'
import { middleware as query } from 'querymen'
import { middleware as body } from 'bodymen'
import { token } from '../../services/passport'
import { create, index, show, update, destroy } from './controller'
import { schema } from './model'
export Article, { schema } from './model'

const router = new Router()
const { title, content } = schema.tree

/**
 * @api {post} /articles Create article
 * @apiName CreateArticle
 * @apiGroup Article
 * @apiPermission user
 * @apiParam {String} access_token user access token.
 * @apiParam title Article's title.
 * @apiParam content Article's content.
 * @apiSuccess {Object} article Article's data.
 * @apiError {Object} 400 Some parameters may contain invalid values.
 * @apiError 404 Article not found.
 * @apiError 401 user access only.
 */
router.post('/',
  token({ required: true }),
  body({ title, content }),
  create)

/**
 * @api {get} /articles Retrieve articles
 * @apiName RetrieveArticles
 * @apiGroup Article
 * @apiUse listParams
 * @apiSuccess {Number} count Total amount of articles.
 * @apiSuccess {Object[]} rows List of articles.
 * @apiError {Object} 400 Some parameters may contain invalid values.
 */
router.get('/',
  query(),
  index)

/**
 * @api {get} /articles/:id Retrieve article
 * @apiName RetrieveArticle
 * @apiGroup Article
 * @apiSuccess {Object} article Article's data.
 * @apiError {Object} 400 Some parameters may contain invalid values.
 * @apiError 404 Article not found.
 */
router.get('/:id',
  show)

/**
 * @api {put} /articles/:id Update article
 * @apiName UpdateArticle
 * @apiGroup Article
 * @apiParam title Article's title.
 * @apiParam content Article's content.
 * @apiSuccess {Object} article Article's data.
 * @apiError {Object} 400 Some parameters may contain invalid values.
 * @apiError 404 Article not found.
 */
router.put('/:id',
  body({ title, content }),
  update)

/**
 * @api {delete} /articles/:id Delete article
 * @apiName DeleteArticle
 * @apiGroup Article
 * @apiSuccess (Success 204) 204 No Content.
 * @apiError 404 Article not found.
 */
router.delete('/:id',
  destroy)

export default router

// src/api/article/controller.js
import { success, notFound } from '../../services/response/'
import { Article } from '.'

export const create = ({ bodymen: { body } }, res, next) =>
  Article.create(body)
    .then((article) => article.view(true))
    .then(success(res, 201))
    .catch(next)

export const index = ({ querymen: { query, select, cursor } }, res, next) =>
  Article.count(query)
    .then(count => Article.find(query, select, cursor)
      .then((articles) => ({
        count,
        rows: articles.map((article) => article.view())
      }))
    )
    .then(success(res))
    .catch(next)

export const show = ({ params }, res, next) =>
  Article.findById(params.id)
    .then(notFound(res))
    .then((article) => article ? article.view() : null)
    .then(success(res))
    .catch(next)

export const update = ({ bodymen: { body }, params }, res, next) =>
  Article.findById(params.id)
    .then(notFound(res))
    .then((article) => article ? Object.assign(article, body).save() : null)
    .then((article) => article ? article.view(true) : null)
    .then(success(res))
    .catch(next)

export const destroy = ({ params }, res, next) =>
  Article.findById(params.id)
    .then(notFound(res))
    .then((article) => article ? article.remove() : null)
    .then(success(res, 204))
    .catch(next)

its the generated code

Answer 3 · 2018-12-03T23:03:17.000Z

Found it

User.findById(id).then((user) => { ...

should be

User.findOne({id: id}).then((user) => { ...

Link to line

Answer 4 · 2018-12-04T22:07:51.000Z

That's really weird. findById should work.

Anyway, did it solve your problem?

Answer 5 · 2018-12-04T23:22:18.000Z

I get the message
(node:45157) DeprecationWarning: collection.ensureIndex is deprecated. Use createIndexes instead.
and

mongoose.set('useCreateIndex', true);

fixes the message for now but the index behavior is changing.
id (not _id) is specified in the model as index and this contradicts itself strangely enough.
But in detail I can't say more either

this was also the core problem because findById always searches for _id in default

solved