Fork me on GitHub
Slack Archive

This page is not created by, affiliated with, or supported by Slack Technologies, Inc.

2019-01-04

Channels

#yada
<
2019-01-04
>
lwhorton18:01:11

i seem to be missing something wrt auth(enticate|orize)> if my :access-control map contains a :authenticate (fn [ctx] ...) i get a doesn't conform to resource model schema error. the docs explicitly say to use the :authenticate fn as opposed to the verify multimethod: https://juxt.pro/yada/manual/index.html#sidebar-function-or-defmethod . am i missing something additional configuration?

lwhorton18:01:04

:access-control {:scheme :app/cognito
                 :authenticate (fn [ctx]
                                 (println "we're here")
                                 [:a :b])
                 :verify (fn [[a b]]
                           (println "verify" a b)
                           {:user a
                            :roles #{:user}})
                 :authorization {:methods {:get :user}}
                 }
here’s an example of the failing config

malcolmsparks18:01:37

I can help with this but afk right now. I'll get back to you.

malcolmsparks18:01:34

Take a look at yada.security ns in the code and you'll see what is going on. You need to use a map

👍 5
malcolmsparks18:01:25

I'm rewriting auth currently to be async and to make things simpler with respect to realms. However, there shouldn't be any compatibility breakages as I'll ensure existing resource models work as is.

malcolmsparks18:01:43

Things are a little awkward right now but please be assured I'm working on it. I've had lots of quality hammock time over the winter break.

lwhorton19:01:59

that’s good to hear. ive only been fooling around with the whole yada stack for a few weeks on a side project

lwhorton19:01:19

overall it’s exactly what i’m looking for in a web stack, it’s just got a few rough edges still. i’m actually quite surprised something like this hasn’t existed for a long long time

lwhorton19:01:42

i think there might be a schema specification issue — i’m still getting 

:error {:access-control {:realms {"default" {:authentication-schemes [{(not (namespace :authenticate)) invalid-key, (not (namespace :authorization)) invalid-key}]}}}}
during resource validation. if i make the map {... :foo/authenticate ... :foo/authorization ...} i don’t get the error, but then obviously https://github.com/juxt/yada/blob/master/src/yada/security.clj#L104 fails at runtime

malcolmsparks23:01:15

@U0W0JDY4C Could you paste me your yada resource verbatim? I'd like to figure out what's going wrong.

lwhorton21:01:51

sure, i’ve gone through quite a few iterations trying to get things to stop complaining, but here’s the cfg that’s failing: 

["login"
     (y/handler
       (y/resource {:id :login
                    :produces "text/plain"
                    :access-control {:realms
                                     {"default"
                                      {
                                       :authentication-schemes [{:scheme ":app/cognito"
                                                                 :authenticate (fn [ctx]
                                                                                 (println "we're here")
                                                                                 [:cred1 :cred2])
                                                                 }]
                                                                 :authorization {:methods {:get :user}}
                                       }}}
                    :methods
                    {:get {:parameters {:query {:code String}}
                           :response (fn [ctx]
                                       (let [resp (oauth-2 (get-in ctx [:parameters :query :code]))]
                                         (condp = (:status resp)
                                           200 {:status 302
                                                :cookies {"session" {:value "auth-cookie"}}
                                                :headers {"location" (bidi/path-for routes :index)}}
                                           {:status 401})))}}}))]

lwhorton21:01:27

it’s likely i’m just doing something wrong either here or elsewhere that’s causing a fuss. i’m only exploring yada (and others) for potential future use as a web framework so i don’t have a ton of time unfortunately

malcolmsparks21:01:08

how's it failing - it seems a valid yada resource

malcolmsparks21:01:27

the scheme is a bit odd, but should still pass

malcolmsparks21:01:34

thanks for the error report though

lwhorton22:01:31

took me a while to get back to the state-- here’s the stacktrace: 

{:type clojure.lang.Compiler$CompilerException
   :message "Syntax error compiling at (core.clj:79:8)."
   :data #:clojure.error{:phase :compile-syntax-check, :line 79, :column 8, :source "core.clj"}
   :at [clojure.lang.Compiler$InvokeExpr eval "Compiler.java" 3707]}
  {:type clojure.lang.ExceptionInfo
   :message "Cannot turn resource-model into resource, because it doesn't conform to a resource-model schema"
   :data {:resource-model {:id :login, :produces "text/plain", :access-control {:realms {"default" {:authentication-schemes [{:scheme ":app/cognito", :authenticate #object[gerbil.web.core$fn__42156 0x746b849 "gerbil.web.core$fn__42156@746b849"]}], :authorization {:methods {:get :user}}}}}, :methods {:get {:parameters {:query {:code java.lang.String}}, :response #object[gerbil.web.core$fn__42158 0x4da94d8b "gerbil.web.core$fn__42158@4da94d8b"]}}}, :error {:access-control {:realms {"default" {:authentication-schemes [{(not (namespace :authenticate)) invalid-key}]}}}}}

lwhorton22:01:06

if i change the key :authenticate to :foo/authenticate the resource validation does not complain

stijn11:01:57

i'm getting the same error in 1.2.16

stijn11:01:22

i also think yada 1.2.16 is not backwards compatible

stijn11:01:26

i'll log an issue for that