Skip to content

🐛 Bug Report: "Users.createSession()" returns invalid session secret #8569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
JoshiJoshiJoshi opened this issue Aug 22, 2024 · 2 comments · Fixed by #9019
Closed
2 tasks done

🐛 Bug Report: "Users.createSession()" returns invalid session secret #8569

JoshiJoshiJoshi opened this issue Aug 22, 2024 · 2 comments · Fixed by #9019
Assignees
@stnguyen90
Labels
bug Something isn't working product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services.

Comments

@JoshiJoshiJoshi
Copy link

👟 Reproduction steps

  1. Create a session via "Users.createSession()"
  2. Set the session secret in "Client.setSession()"
  3. Call "Accounts.get()"

👍 Expected behavior

No error.
Get a valid user object response back.

👎 Actual Behavior

Error => "User (role: guests) missing scope (account)"

Session secret when creating one via "Users.createSession()"
image

Session secret when creating one via "Account.createEmailPasswordSession()"
image

The one from "Users.createSession()" is not properly encoded and therefore not returned as JWT.

Users.createSession()

appwrite/app/controllers/api/users.php

Line 1815 in 9301bdd

->setAttribute('secret', $secret)

Account.createEmailPasswordSession()

appwrite/app/controllers/api/account.php

Line 808 in 9301bdd

->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? Auth::encodeSession($user->getId(), $secret) : '')

🎲 Appwrite version

Version 1.5.x

💻 Operating system

Linux

🧱 Your Environment

No response

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?
@JoshiJoshiJoshi JoshiJoshiJoshi added the bug Something isn't working label Aug 22, 2024
@stnguyen90 stnguyen90 added the product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services. label Aug 25, 2024
@stnguyen90 stnguyen90 moved this to Todo in 1.6 Release Aug 25, 2024
@stnguyen90
Copy link
Contributor

@JoshiJoshiJoshi, thanks for creating this issue! 🙏

For reference, our related thread: https://discord.com/channels/564160730845151244/1275767033576947742

@stnguyen90 stnguyen90 self-assigned this Nov 22, 2024
@stnguyen90 stnguyen90 mentioned this issue Nov 22, 2024
Merged
2 tasks
@stnguyen90 stnguyen90 linked a pull request Nov 22, 2024 that will close this issue
Fix users create session secret #9019
Merged
2 tasks
@stnguyen90 stnguyen90 moved this from Todo to Code Review in 1.6 Release Nov 22, 2024
@stnguyen90 stnguyen90 mentioned this issue Nov 23, 2024
Closed
2 tasks
@pingu2k4
Copy link

Interested to see the fix (#9019) in live - as I was also witnessing that sessions would not be attributed to a user but would be created, and would show up when a session is later created using a different method for that user.

@github-project-automation github-project-automation bot moved this from Code Review to Done in 1.6 Release Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stnguyen90 stnguyen90

Labels
bug Something isn't working product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services.
Projects
1.6 Release
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix users create session secret appwrite/appwrite
3 participants
@stnguyen90 @pingu2k4 @JoshiJoshiJoshi
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy