Email as a UserName

stefandv · February 18, 2017, 2:13pm

It seems there is an issue with email as a username. I am currently converting an existing userbase to SS auth repository.
I am already using IsValidUsernameFn = s => IsValidUsernameFn(s) where I always return true just to test this implementation. I can create a user with GetAuthRepository().CreateUserAuth(user1, “xxxxx”); but when I try to authenticate with the email address as a the userName with correct password, I always get a not authenticated.
Any idead?

mythz · February 18, 2017, 2:28pm

It’s hard to be able to tell what the issue is without the code you’re using to create the User or Exception details. We need to see what you’re trying so any context that shows what you’re doing and what the issue is will help. Ideally we’d want as much info to be able to repro the issue ourselves.

The UserAuth Repository will look at the Email field if Username contains an @ so the Users Email should be stored in the Email field in the UserAuth table, but it’s not clear that’s what you’re doing.

stefandv · February 18, 2017, 2:59pm

Ok, adding the email address to the email worked! Thanks.
But I still have an error with my custom provider.

I inherit from CredentialsAuthProvider then I implement:

       public override bool TryAuthenticate(IServiceBase authService, string userName, string password)

In this I do the following:

        var defaultResult = base.TryAuthenticate(authService, userName, password);
        if (defaultResult) return true;
        var authRepository = ServiceStackHost.Instance.GetAuthRepository();

I then check another DB for the userName, Password combination. If I find this there, I create a new user:

                            userAuth = new UserAuth
                            {
                                UserName = administrator.Login,
                                DisplayName = administrator.Name,
                                Email = administrator.Login
                            };
                            userAuth.Roles.Add("Admin");
                            userAuth.Permissions.Add("DBID|" + administrator.DatabaseId);
                            authRepository.CreateUserAuth(userAuth, administrator.Password);

then return true.

The user is created in the DB, but the POST is giving me an error:
400 Bad Request

{
  "ResponseStatus": {
    "ErrorCode": "ArgumentNullException",
    "Message": "Value cannot be null.\r\nParameter name: String",
    "StackTrace": "[Authenticate: 18/02/2017 15:10:14]:\n[REQUEST: {provider:credentials,UserName:krzysztof.gora@cogno.eu,Password:[redated],UseTokenCookie:True}]\nSystem.ArgumentNullException: Value cannot be null.\r\nParameter name: String\r\n   at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)\r\n   at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)\r\n   at lambda_method(Closure , Object , List`1 )\r\n   at ServiceStack.ExpressionUtil.CachedExpressionCompiler.Compiler`2.<>c__DisplayClass7_1.<CompileFromFingerprint>b__1(TIn model)\r\n   at ServiceStack.CachedExpressionCompiler.Evaluate(Expression arg)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitMethodCall(MethodCallExpression m)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitLambda(LambdaExpression lambda)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.AppendToWhere(String condition, Expression predicate)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Where(Expression`1 predicate)\r\n   at ServiceStack.OrmLite.ReadExpressionCommandExtensions.Select[T](IDbCommand dbCmd, Expression`1 predicate)\r\n   at ServiceStack.OrmLite.OrmLiteReadExpressionsApi.<>c__DisplayClass14_0`1.<Select>b__0(IDbCommand dbCmd)\r\n   at ServiceStack.OrmLite.OrmLiteExecFilter.Exec[T](IDbConnection dbConn, Func`2 filter)\r\n   at ServiceStack.OrmLite.OrmLiteReadExpressionsApi.Exec[T](IDbConnection dbConn, Func`2 filter)\r\n   at ServiceStack.OrmLite.OrmLiteReadExpressionsApi.Select[T](IDbConnection dbConn, Expression`1 predicate)\r\n   at ServiceStack.Auth.OrmLiteAuthRepositoryBase`2.<>c__DisplayClass28_0.<GetRoles>b__0(IDbConnection db)\r\n   at ServiceStack.Auth.OrmLiteAuthRepository`2.Exec[T](Func`2 fn)\r\n   at ServiceStack.Auth.OrmLiteAuthRepositoryBase`2.GetRoles(String userAuthId)\r\n   at ServiceStack.Auth.JwtAuthProvider.Execute(IServiceBase authService, IAuthProvider authProvider, IAuthSession session, AuthenticateResponse response)\r\n   at ServiceStack.Auth.AuthenticateService.Post(Authenticate request)\r\n   at lambda_method(Closure , Object , Object )\r\n   at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)",
    "Errors": [
      {
        "ErrorCode": "ArgumentNullException",
        "FieldName": "String",
        "Message": "Value cannot be null.\r\n"
      }
    ]
  }
}

Any idea what is going wrong, or I can debug further?

mythz · February 18, 2017, 3:11pm

It wont have an impact here, but you should pass in the IRequest when retrieving the User Auth Repository, e.g:

var authRepo = (IUserAuthRepository)HostContext.AppHost.GetAuthRepository(authService.Request);

You should also use the explicit API when adding Users roles/permissions, e.g:

userAuth = new UserAuth
{
    UserName = administrator.Login,
    DisplayName = administrator.Name,
    Email = administrator.Login
};
userAuth = authRepository.CreateUserAuth(userAuth, administrator.Password);

authRepo.AssignRoles(userAuth, 
    roles: new[]{ "Admin" }, 
    permissions: new[]{ "DBID|" + administrator.DatabaseId });

The error is a null ref when calling GetRoles() on the User Auth Repo so using the proper APIs might fix it.

stefandv · February 18, 2017, 3:30pm

Hi still no luck. I did change everything as said. But I still get the same error.
The user is created with the correct roles and permissions.

userAuth = new UserAuth
{
    UserName = administrator.Login,
    DisplayName = administrator.Name,
    Email = administrator.Login
};
userAuth = authRepository.CreateUserAuth(userAuth, administrator.Password);

authRepository.AssignRoles(userAuth, 
    roles: new[] { "Admin" }, 
    permissions:new []
    {
        "DBID|" + administrator.DatabaseId,
        "legacy-administrator-id|" + administrator.Id
    });

from the stacktrace it seems that a numeric field is not filled in for some reason.

mythz · February 18, 2017, 8:05pm

ok in that case I can’t tell what the issue is from here, if you can put together a stand-alone project (e.g. on Github) that I can run that shows the issue I’ll be able to identify what’s causing it.

stefandv · February 19, 2017, 11:16am

Hi please find [Sample files][1] to test the issue
[1]: https://bitbucket.org/snippets/stefandevo/MeyqA

I then use Postman

POST /authenticate HTTP/1.1
Host: localhost:59742
Content-Type: application/json

{"provider":"credentials","userName":"user1@host.com", "password":"p@55word", "useTokenCookie": "true"}

After I get

{
  "ResponseStatus": {
    "ErrorCode": "ArgumentNullException",
    "Message": "Value cannot be null.\r\nParameter name: String",
    "StackTrace": "[Authenticate: 19/02/2017 11:23:40]:\n[REQUEST: {provider:credentials,UserName:user1@host.com,Password:p@55word,UseTokenCookie:True}]\nSystem.ArgumentNullException: Value cannot be null.\r\nParameter name: String\r\n   at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)\r\n   at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)\r\n   at lambda_method(Closure , Object , List`1 )\r\n   at ServiceStack.ExpressionUtil.CachedExpressionCompiler.Compiler`2.<>c__DisplayClass7_1.<CompileFromFingerprint>b__1(TIn model)\r\n   at ServiceStack.CachedExpressionCompiler.Evaluate(Expression arg)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitMethodCall(MethodCallExpression m)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.VisitLambda(LambdaExpression lambda)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Visit(Expression exp)\r\n   at ServiceStack.OrmLite.SqlExpression`1.AppendToWhere(String condition, Expression predicate)\r\n   at ServiceStack.OrmLite.SqlExpression`1.Where(Expression`1 predicate)\r\n   at ServiceStack.OrmLite.ReadExpressionCommandExtensions.Select[T](IDbCommand dbCmd, Expression`1 predicate)\r\n   at ServiceStack.OrmLite.OrmLiteReadExpressionsApi.<>c__DisplayClass14_0`1.<Select>b__0(IDbCommand dbCmd)\r\n   at ServiceStack.OrmLite.OrmLiteExecFilter.Exec[T](IDbConnection dbConn, Func`2 filter)\r\n   at ServiceStack.OrmLite.OrmLiteReadExpressionsApi.Exec[T](IDbConnection dbConn, Func`2 filter)\r\n   at ServiceStack.OrmLite.OrmLiteReadExpressionsApi.Select[T](IDbConnection dbConn, Expression`1 predicate)\r\n   at ServiceStack.Auth.OrmLiteAuthRepositoryBase`2.<>c__DisplayClass28_0.<GetRoles>b__0(IDbConnection db)\r\n   at ServiceStack.Auth.OrmLiteAuthRepository`2.Exec[T](Func`2 fn)\r\n   at ServiceStack.Auth.OrmLiteAuthRepositoryBase`2.GetRoles(String userAuthId)\r\n   at ServiceStack.Auth.JwtAuthProvider.Execute(IServiceBase authService, IAuthProvider authProvider, IAuthSession session, AuthenticateResponse response)\r\n   at ServiceStack.Auth.AuthenticateService.Post(Authenticate request)\r\n   at lambda_method(Closure , Object , Object )\r\n   at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)",
    "Errors": [
      {
        "ErrorCode": "ArgumentNullException",
        "FieldName": "String",
        "Message": "Value cannot be null.\r\n"
      }
    ]
  }
}

mythz · February 19, 2017, 5:19pm

The issue is because session.UserAuthId is null. It’s null because you’re creating a new User in your custom TryAuthenticate method so to the successful code path of TryAuthenticate in CredentialsAuthProvider is never run for the new user which doesn’t have a chance populate the Users session.

If you change it so you call TryAuthenticate again after creating the user it will work, e.g:

public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
    var defaultResult = base.TryAuthenticate(authService, userName, password);
    if (defaultResult) return true;

    var authRepository = (IUserAuthRepository)HostContext.AppHost.GetAuthRepository(authService.Request);

    var administratorFound = _legacyUsers.Where(u => u.UserName == userName && u.Password == password).ToList();
    if (administratorFound.Count == 0) return false;

    var administrator = administratorFound.First();

    IUserAuth userAuth = new UserAuth
    {
        UserName = administrator.UserName,
        Email = administrator.UserName
    };
    userAuth = authRepository.CreateUserAuth(userAuth, administrator.Password);
    AssignRoleAndPermissionsForAdmistrator(authRepository, userAuth, administrator);

    return base.TryAuthenticate(authService, userName, password);
}

stefandv · February 20, 2017, 6:37pm

Ok thanks for this. Great support!