Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LoginSessionMiddleware logs out user on token validation #36

Open
reimerwilliam opened this issue Jul 20, 2022 · 5 comments
Open

LoginSessionMiddleware logs out user on token validation #36

reimerwilliam opened this issue Jul 20, 2022 · 5 comments

Comments

@reimerwilliam
Copy link

reimerwilliam commented Jul 20, 2022
edited
Loading

Using the Graphql 4 upgrade branch from unclecheese you won't be able to validate a token due to the LoginSessionMiddleware from silverstripe/session-manager not being able to find a session and therefore calling logOut on the IdentityStore. A temporary fix to this problem is to disable that middleware.

The code causing the problem in LoginSessionMiddleware:

$loginSessionID = $request->getSession()->get($loginHandler->getSessionVariable());
$loginSession = LoginSession::get()->byID($loginSessionID);

// If the session has already been revoked, or we've got a mismatched
// member / session, log the user out (this also revokes the session)
if (!$loginSession || (int)$loginSession->MemberID !== (int)$member->ID) {
    RememberLoginHash::setLogoutAcrossDevices(false);
    $identityStore = Injector::inst()->get(IdentityStore::class);
    $identityStore->logOut($request);
    return $delegate($request);
}

The versions I used when encountering this issue:
silverstripe/cms: 4.10.2
silverstripe/framework: 4.10.10
silverstripe/graphql: 4.0.0-alpha3

There was a short discussion regarding this in the slack channel:
https://silverstripe-users.slack.com/archives/C39NVTQNQ/p1658213656127059
@Firesphere
Copy link
Owner

Tagging
@tractorcow @unclecheese

@unclecheese
Copy link

Where is LoginSessionMiddleware? I don't see it anywhere in the core or this module.

@reimerwilliam
Copy link
Author

Where is LoginSessionMiddleware? I don't see it anywhere in the core or this module.

It's in silverstripe/session-manager.

@ec8or
Copy link
Contributor

ec8or commented Oct 10, 2022

Happening to me as well, @tractorcow did you manage to have a look? I've disabled LoginSessionMiddleware for now but will poke around a bit more tomorrow and see if I can figure out what's going on.

@Firesphere
Copy link
Owner

I might have a look somewhere this weekend... but no promises...

readethompsontrott added a commit to AstonJamesConsulting/silverstripe-graphql-jwt that referenced this issue Nov 28, 2023
@readethompsontrott
Temporary fix for Firesphere#36 LoginSessionMiddleware logs out user …
e5acad6 
…on token validation
readethompsontrott added a commit to AstonJamesConsulting/silverstripe-graphql-jwt that referenced this issue Nov 28, 2023
@readethompsontrott
FIXES: Firesphere#36 LoginSessionMiddleware logs out user on token va…
70f9504 
…lidation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@unclecheese @Firesphere @ec8or @reimerwilliam