[Bug?]: Cookie created by yarn rw setup graphiql dbAuth does not work in graphiql

[cdubz]

What's not working?

The yarn rw setup graphiql dbAuth -i $USER_ID command generates a header that adds a cookie header to graphiql. When using the default output from that command queries executed in grqphiql return an error like below:

api | 13:11:21 🚨 graphql-server Error building context. Error: Exception in getAuthenticationContext: Cannot read properties of undefined (reading 'id')
api | 13:11:21 🚨 Exception in getAuthenticationContext: Cannot read properties of undefined (reading 'id') 
api | 
api | 🚨 Error Info
api | 
api | {}
api |  
api | 🥞 Error Stack
api | 
api | Error: Exception in getAuthenticationContext: Cannot read properties of undefined (reading 'id')
api |     at onContextBuilding (/redwood/dbauth-cookie/node_modules/@redwoodjs/graphql-server/dist/plugins/useRedwoodAuthContext.js:30:15)
api |     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
api |     at async Object.contextFactory (/redwood/dbauth-cookie/node_modules/@envelop/core/cjs/orchestrator.js:203:45)
api |     at async processRequest (/redwood/dbauth-cookie/node_modules/graphql-yoga/cjs/process-request.js:46:26)
api |     at async YogaServer.getResultForParams (/redwood/dbauth-cookie/node_modules/graphql-yoga/cjs/server.js:304:26)
api |     at async YogaServer.handle (/redwood/dbauth-cookie/node_modules/graphql-yoga/cjs/server.js:77:29)
api |     at async handlerFn (/redwood/dbauth-cookie/node_modules/@redwoodjs/graphql-server/dist/functions/graphql.js:90:24)
api |     at async execFn (/redwood/dbauth-cookie/node_modules/@redwoodjs/graphql-server/dist/functions/graphql.js:146:16)
api |     at async requestHandler (/redwood/dbauth-cookie/node_modules/@redwoodjs/api-server/dist/requestHandlers/awsLambdaFastify.js:71:30)

The same error is thrown if we remove cookie from the headers.

The workaround we have found now is that if we log in on the web side with the same user and remove the cookie header generated by the command we are able to make queries.

How do we reproduce the bug?

1. Checkout example repo:

   git checkout https://github.com/CascadePublicMedia/redwood-dbauth-cookie-issue.git

2. Migrate and seed database:

   yarn rw prisma migrate reset

3. Generate Graphiql headers for User ID 1:

   yarn rw setup graphiql dbAuth -i 1

4. Run dev server:

   yarn rw dev

5. Navigate to http://localhost:8911/graphql

6. Attempt to run a command (should get the getAuthenticationContext error described).

7. Log in from http://localhost:8910/login (user: [email protected], pass: secret1)

8. Return to http://localhost:8911/graphql

9. Remove the cookie from the headers.

10. Attempt a command (should work).

What's your environment? (If it applies)

System:
    OS: macOS 14.1.2
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 18.18.2 - /private/var/folders/1j/5d7c51ps6xg3gfkgknh0gshh0000gp/T/xfs-9e148206/node
    Yarn: 3.7.0 - /private/var/folders/1j/5d7c51ps6xg3gfkgknh0gshh0000gp/T/xfs-9e148206/yarn
  Databases:
    SQLite: 3.39.5 - /usr/bin/sqlite3
  Browsers:
    Chrome: 120.0.6099.71
    Safari: 17.1.2
  npmPackages:
    @redwoodjs/auth-dbauth-setup: 6.5.1 => 6.5.1 
    @redwoodjs/core: 6.5.1 => 6.5.1

Are you interested in working on this?

• I'm interested in working on this

[Tobbe]

@dthyresson Can I get your eyes on this one please?

[dthyresson]

@Tobbe I'd like to put this as a p3 issue pending the rework of Dev Studio as user impersonation will be done differently -- but will need to retest. See: https://community.redwoodjs.com/t/redwood-studio-experimental/4771

[cdubz]

We did also test this in Dev Studio and had the same issue. I’ll see if I can make some time to provide a repo and steps for that as well if it would be helpful.

[dthyresson]

We did also test this in Dev Studio and had the same issue.

Ah, sorry, I should have been clear. There is currently a project close to completion to refactor all of Dev Studio. I figured that I would prefer to wait an fix the issue there (if still exists) vs current Redwood version.

A reproduction is super helpful as I'll run it after the main other parts of Studio 2.0 are done.

And if can confirm that at least if one pastes a valid header (and cookie) into the Playground manually, that impersonation works.

We did see some cars where the browser kept the cookie around and thus gave a false indication of impersonating and not considering the cookie in the headers.

Appreciate all your help here.

[cdubz]

Ah interesting, OK. So a reproduction with the experimental Redwood Studio would be useful now?

[dthyresson]

@Tobbe Can we close this when "new studio" is out of experimental with her impersonation?

[Tobbe]

I was going to ask for a repro with the new stuff, but wanted to get yarn rw dev working properly in studio first

[dthyresson]

In v7, we are moving to Studio as a way of running Playground and user impersonation.

I will remove or rework this setup command and confirm that v6 and before auth providers are still supported under v7 Studio.

[Tobbe]

@cdubz Sorry this took longer than expected. But new Studio is now ready for you to try!
You'll have to be on the very latest canary version of RW to try it.
So, if you could please:

• Get rid of any existing traces of Studio you might have (remove @redwoodjs/studio inside any of your package.jsons if it exists there. Remove any Studio related config in redwood.toml, and finally remove studio from within node_modules (node_modules/@redwoodjs/studio))
• Upgrade to latest canary by running yarn rw upgrade -t canary
• Try latest Studio by running yarn rw studio

Verify that Studio starts up as expected, and that you're running version 11.1.1 or newer (Look at the top-left to see current version)

Now add this to your redwood.toml

[studio.graphiql]
  authImpersonation.authProvider = "dbAuth"
  authImpersonation.userId = 1

And then restart Studio, and hopefully impersonation should work for you

[cdubz]

Thanks for the info! I upgraded to canary, cleared out all my deps, and switched to Node 20 (there was a message somewhere in there about it) and followed the new steps but still got an error. It's a different error now though...

Repo steps

git checkout https://github.com/CascadePublicMedia/redwood-dbauth-cookie-issue.git
cd redwood-dbauth-cookie-issue
git switch canary
yarn install
yarn rw prisma migrate reset

1. Run the dev server and studio.
2. Navigate to Studio -> Playground and attempt a query.

I'm getting an error:

api | 18:39:54 🚨 graphql-server Error building context. Error: Exception in getCurrentUser: Invalid session
api | 18:39:54 🚨 Exception in getCurrentUser: Invalid session 
api | 
api | 🚨 Error Info
api | 
api | {}
api |  
api | 🥞 Error Stack
api | 
api | Error: Exception in getCurrentUser: Invalid session
api |     at onContextBuilding (/redwood/dbauth-cookie/node_modules/@redwoodjs/graphql-server/dist/plugins/useRedwoodAuthContext.js:42:15)
api |     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
api |     at async Object.contextFactory (/redwood/dbauth-cookie/node_modules/@envelop/core/cjs/orchestrator.js:206:45)
api |     at async processRequest (/redwood/dbauth-cookie/node_modules/graphql-yoga/cjs/process-request.js:46:26)
api |     at async YogaServer.getResultForParams (/redwood/dbauth-cookie/node_modules/graphql-yoga/cjs/server.js:269:26)
api |     at async handle (/redwood/dbauth-cookie/node_modules/graphql-yoga/cjs/server.js:324:25)
api |     at async handlerFn (/redwood/dbauth-cookie/node_modules/@redwoodjs/graphql-server/dist/functions/graphql.js:92:24)
api |     at async execFn (/redwood/dbauth-cookie/node_modules/@redwoodjs/graphql-server/dist/functions/graphql.js:148:16)
api |     at async requestHandler (/redwood/dbauth-cookie/node_modules/@redwoodjs/api-server/dist/requestHandlers/awsLambdaFastify.js:72:30)

I get the same error if I try the workaround described in the initial report (logging in on the FE and removing the cookie from the studio headers). The issue is more consistent, at least 😁

[cdubz]

I did some fiddling in the node modules dir of my test env and found a clue to the issue -- the cookie name being checked for is session_%port% while the impersonation header being provided by Studio is just session.

If I change that header to session_%port% (where %port% is the API server port) -- the impersonation works and I can run queries that require auth 🎉

So it looks like this bit is what needs to be adjusted:

https://github.com/redwoodjs/studio/blob/013e22b76c2ed8194b22efec3a8b6d04e9a3f36f/api/src/lib/authProviderEncoders/dbAuthEncoder.ts#L30

I would PR it but I'm not familiar enough with the code base to understand how to get the proper options context there.

[cdubz]

I think I did actually get it sorted here -- redwoodjs/studio/pull/16.

Unrelated tangent -- the Studio dev instructions in the README were a little tough to work through. I didn't keep detailed notes but there is inconsistency in the node versions between Studio and the fixture project. And the test fixture resolution for @redwoodjs/studio was problematic. I'm guessing this is all still very much WIP but if it would help I can provide more detailed information about what I ran in to.

[Tobbe]

there is inconsistency in the node versions between Studio and the fixture project

That's strange. They're both using the exact same version of Redwood, so I wonder why you'd get that. If you could provide some reproduction steps that'd be great 🙏