Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External authentication fails for Admin if same identifier is used for Customer User #3338

Open
derXear opened this issue Jan 28, 2025 · 0 comments
Open

External authentication fails for Admin if same identifier is used for Customer User #3338

derXear opened this issue Jan 28, 2025 · 0 comments
Labels
type: bug 🐛 Something isn't working

Comments

@derXear
Copy link

derXear commented Jan 28, 2025
edited
Loading

Describe the bug

I have a custom authentication strategy for customers and administrators. I am for example both and therefore have two users with the same externalIdentifier. When authenticating I use this function and get one or the other user returned. So login is not reliable and will fail if I get my customer user returned.

async findAdministratorUser(ctx, strategy, externalIdentifier) {
        // -> having a user registered as  customer and administrator with same authentication method returns here one of them
        const user = await this.findUser(ctx, strategy, externalIdentifier);
        if (user) {
            // Ensure this User is associated with an Administrator
            // -> it's kind of random if we get the customer or administrator here
            const administrator = await this.administratorService.findOneByUserId(ctx, user.id);
            if (administrator) {
                return user;
            }
        }
    }

To Reproduce
Steps to reproduce the behavior:

  1. Create two users (one as administrator) with same external identifier
  2. Try login as admin using before mentioned method

Expected behavior
I would like to reliably get the admin user returned if there is one.

Environment (please complete the following information):

  • @vendure/core version: 3.1.0
  • Nodejs version: ^20
  • Database (mysql/postgres etc): mysql

Additional context
a naive implementation that should work could be this:

async findAdministratorUser(ctx, strategy, externalIdentifier) {
        return this.connection
          .getRepository(ctx, User)
          .createQueryBuilder('user')
          .innerJoinAndSelect(AuthenticationMethod, 'authMethod', 'authMethod.userId = user.id')
          .innerJoin(Administrator, 'administrator', 'administrator.userId = user.id')
          .andWhere('authMethod.externalIdentifier = :externalIdentifier', { externalIdentifier: externalIdentifier })
          .andWhere('authMethod.strategy = :strategy', { strategy: strategy })
          .andWhere('user.deletedAt IS NULL')
          .andWhere('administrator.deletedAt IS NULL')
          .getOne();
    }
@derXear derXear added the type: bug 🐛 Something isn't working label Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug 🐛 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derXear