-
-
Notifications
You must be signed in to change notification settings - Fork 500
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: validateSession returns null. Sveltekit + MongoDB + Lucia #1647
Comments
I have tried to specify _id type, but it does not help declare module "lucia" {
interface Register {
Lucia: typeof lucia;
UserID: ObjectId;
}
}
interface UserDocumentScheme {
_id: string;
}
interface SessionDocumentScheme {
_id: string;
user_id: string;
expires_at: Date;
}
export function prepare_lucia() {
const _db = get_db();
const users = _db.collection("users") as Collection<UserDocumentScheme>;
const sessions = _db.collection("sessions") as Collection<SessionDocumentScheme>;
adapter = new MongodbAdapter(sessions, users);
lucia = new Lucia(adapter,
{
sessionCookie: {
attributes: {
secure: false
}
},
sessionExpiresIn: new TimeSpan(1,"w")
}
);
} |
Does something like this help, @EGSP ? declare module "lucia" {
interface Register {
Lucia: typeof lucia;
UserID: ObjectId;
+ DatabaseUserAttributes: UserDocumentScheme;
}
}
interface UserDocumentScheme {
_id: string;
+ name: string;
}
// ...
lucia = new Lucia(adapter,
{
+ getUserAttributes: (attributes) => {
+ return {
+ name: attributes.name
+ };
+ },
sessionCookie: {
attributes: {
secure: false
}
},
sessionExpiresIn: new TimeSpan(1,"w")
}
); I do not use MongoDB, but assume this work based on other open source projects that use |
I was able to get it working by coercing the session ID to an ObjectId during validation: import { ObjectId } from "bson";
// Validate the session
const { session, user } = await lucia.validateSession(
// @ts-expect-error
new ObjectId(sessionId)
); |
I opened a PR for this could this solve the issue? |
I wrote a custom adapter extending MongodbAdapter to address the issue of using ObjectId for user lookups. It overrides the getSessionAndUser method to use ObjectId in the user lookup stage and then utilizes the $addFields stage to convert the _id back to a string for compatibility with Lucia. I don't understand why the OG adapter doesn't do this in the first place if it insists on using strings elsewhere? I don't want to compromise indexing of users due to string id's. |
Error: input must be a 24 character hex string, 12 byte Uint8Array, or an integer. What about this error? because the actual sessionId is 40 characters long |
I have this working for me, no coercion needed. const user = db.collection("users") as Collection<UserDoc>;
const session = db.collection("sessions") as Collection<SessionDoc>;
const adapter = new MongodbAdapter(session, user)
export const lucia = new Lucia(adapter, {
sessionCookie: {
name: "session",
attributes: {
secure: !dev
}
},
getUserAttributes: (attributes) => {
return {
email: attributes.email,
}
},
});
declare module "lucia" {
interface Register {
Lucia: typeof lucia;
DatabaseUserAttributes: User;
UserId: ObjectId
}
}
interface UserDoc {
_id: ObjectId;
}
const session = await lucia.createSession(existingUser._id, {});
const sessionCookie = await lucia.createSessionCookie(session.id);
event.cookies.set(sessionCookie.name, sessionCookie.value, {
path: '.',
...sessionCookie.attributes
});
const { session, user } = await lucia.validateSession(sessionId); I'm still learning this whole user auth thing so I could be doing something fundamentally wrong, but I've been banging my head against a wall for hours now so some delirium is expected |
I mean that's in the docs, but I'm one of those crazy untalented devs who don't like killing themselves with TypeScript, so instead made a custom adapter. |
Package
lucia
Describe the bug
I have a cookie that stores a record of authentication. In the hook function I read the cookie and check the validity of the session using the lucia.validateSession(session_id) function. The session id written in the cookie matches the id in the Mongo database. The problem I think is that Lucia cannot find the user during validation.
My user has an identifier of type ObjectId and is named “_id”. From what I have found on the internet and neighboring issues - I assume that lucia is trying to find a user with the property “_id” whose value is equal to the string value “user_id”. And apparently the types don't match
The text was updated successfully, but these errors were encountered: