To reproduce problem we are using example of issue #763
https://github.com/strongloop/loopback/issues/763 .
Question is whether this basic example works for anyone?
If not, what is missing, maybe an ACL setting or fix?
As suggested in
/server/boot/userRemoteMethods.js
we put
module.exports = function(app) {
var User = app.models.User;
User.greet = function(msg, cb) {
cb(null, 'Greetings... ' + msg);
}
User.remoteMethod(
'greet',
{
isStatic: true,
accepts: {arg: 'msg', type: 'string'},
returns: {arg: 'greeting', type: 'string'},
http: { verb: 'get', path: '/greet' }
}
);
};
Fails with 401 Authorization Required no matter which small variations we apply, without or with
isStatic: true etc.
As mentioned, using HTTP GET to test with a proven good token in the URL
http://127.0.0.1:3000/api/Users/greet?msg=%22Joe%22&access_token=QqU0tx...
Per suggestion ran with
DEBUG=loopback*,strong-remoting*
and get this log:
loopback:connector:mongodb MongoDB connection is established: mongodb://127.0.0.1:27017/sndb4 +362ms
express deprecated req.param(name): Use req.params, req.body, or req.query instead node_modules/loopback/common/models/access-token.js:174:16
loopback:connector:mongodb all +5m AccessToken { where: { id: 'QqU0tx...' },
limit: 1,
offset: 0,
skip: 0 }
loopback:connector:mongodb all +11ms AccessToken { where: { _id: 'QqU0tx...' },
limit: 1,
offset: 0,
skip: 0,
order: [ 'id' ] } null [ { _id: 'QqU0tx...',
ttl: 1209600,
created: Mon Feb 23 2015 16:40:41 GMT-0800 (PST),
userId: '972294...' } ]
loopback:connector:mongodb all +3ms User { where: { id: '972294...' },
limit: 1,
offset: 0,
skip: 0 }
loopback:connector:mongodb all +1ms User { where: { _id: '972294...' },
limit: 1,
offset: 0,
skip: 0,
order: [ 'id' ] } null [ { _id: '972294...',
realm: null,
username: 'joe',
password: '----------------------------------------',
credentials: null,
challenges: null,
email: '---------@------------.---',
emailVerified: null,
verificationToken: null,
status: null,
created: null,
lastUpdated: null } ]
strong-remoting:rest-adapter remoting options: {"context":{"enableHttpContext":true},"rest":{"normalizeHttpPath":false,"xml":false},"json":{"strict":false,"limit":"100kb"},"urlencoded":{"extended":true,"limit":"100kb"},"cors":{"origin":true,"credentials":true,"methods":"GET,HEAD,PUT,PATCH,POST,DELETE"},"errorHandler":{"disableStackTrace":false}} +5m
strong-remoting:rest-adapter registering REST handler for class "User" +1ms
strong-remoting:rest-adapter method User.prototype.__findById__accessTokens +0ms
strong-remoting:rest-adapter method User.prototype.__destroyById__accessTokens +0ms
strong-remoting:rest-adapter method User.prototype.__updateById__accessTokens +0ms
strong-remoting:rest-adapter method User.prototype.__get__accessTokens +0ms
strong-remoting:rest-adapter method User.prototype.__create__accessTokens +0ms
strong-remoting:rest-adapter method User.prototype.__delete__accessTokens +0ms
strong-remoting:rest-adapter method User.prototype.__count__accessTokens +0ms
strong-remoting:rest-adapter method User.create +0ms
strong-remoting:rest-adapter method User.upsert +0ms
strong-remoting:rest-adapter method User.exists +1ms
strong-remoting:rest-adapter method User.findById +0ms
strong-remoting:rest-adapter method User.find +0ms
strong-remoting:rest-adapter method User.findOne +0ms
strong-remoting:rest-adapter method User.updateAll +0ms
strong-remoting:rest-adapter method User.deleteById +0ms
strong-remoting:rest-adapter method User.count +0ms
strong-remoting:rest-adapter method User.prototype.updateAttributes +0ms
strong-remoting:rest-adapter method User.login +0ms
strong-remoting:rest-adapter method User.logout +0ms
strong-remoting:rest-adapter method User.confirm +0ms
strong-remoting:rest-adapter method User.resetPassword +0ms
strong-remoting:rest-adapter method User.greet +0ms
strong-remoting:rest-adapter put /:id/accessTokens/:fk restPrototypeMethodHandler +1ms
strong-remoting:rest-adapter put /:id restPrototypeMethodHandler +0ms
strong-remoting:rest-adapter put / restStaticMethodHandler +0ms
strong-remoting:rest-adapter post /login restStaticMethodHandler +0ms
strong-remoting:rest-adapter post /reset restStaticMethodHandler +0ms
strong-remoting:rest-adapter post /update restStaticMethodHandler +0ms
strong-remoting:rest-adapter post /:id/accessTokens restPrototypeMethodHandler +0ms
strong-remoting:rest-adapter post / restStaticMethodHandler +0ms
strong-remoting:rest-adapter head /:id restStaticMethodHandler +1ms
strong-remoting:rest-adapter get /confirm restStaticMethodHandler +0ms
strong-remoting:rest-adapter get /count restStaticMethodHandler +0ms
strong-remoting:rest-adapter get /findOne restStaticMethodHandler +0ms
strong-remoting:rest-adapter get /greet restStaticMethodHandler +0ms
strong-remoting:rest-adapter get /:id/accessTokens/count restPrototypeMethodHandler +0ms
strong-remoting:rest-adapter get /:id/accessTokens/:fk restPrototypeMethodHandler +0ms
strong-remoting:rest-adapter get /:id/accessTokens restPrototypeMethodHandler +1ms
strong-remoting:rest-adapter get /:id/exists restStaticMethodHandler +0ms
strong-remoting:rest-adapter get /:id restStaticMethodHandler +0ms
strong-remoting:rest-adapter get / restStaticMethodHandler +0ms
strong-remoting:rest-adapter delete /:id/accessTokens/:fk restPrototypeMethodHandler +0ms
strong-remoting:rest-adapter delete /:id/accessTokens restPrototypeMethodHandler +0ms
strong-remoting:rest-adapter del /:id restStaticMethodHandler +0ms
strong-remoting:rest-adapter all /logout restStaticMethodHandler +0ms
strong-remoting:rest-adapter at /Users +1ms
express deprecated req.param(name): Use req.params, req.body, or req.query instead node_modules/loopback/node_modules/strong-remoting/lib/http-context.js:142:18
express deprecated req.param(name): Use req.params, req.body, or req.query instead node_modules/loopback/node_modules/strong-remoting/lib/http-context.js:153:22
express deprecated req.param(name): Use req.params, req.body, or req.query instead node_modules/loopback/node_modules/strong-remoting/lib/http-context.js:153:59
express deprecated req.param(name): Use req.params, req.body, or req.query instead node_modules/loopback/lib/application.js:299:60
loopback:connector:mongodb all +18ms ACL { where:
{ model: 'User',
property: { inq: [Object] },
accessType: { inq: [Object] } } }
loopback:connector:mongodb all +3ms ACL { where:
{ model: 'User',
property: { inq: [Object] },
accessType: { inq: [Object] } },
order: [ 'id' ] } null []
loopback:security:role isInRole(): $everyone +5m
loopback:security:access-context ---AccessContext--- +0ms
loopback:security:access-context principals: +1ms
loopback:security:access-context principal: {"type":"USER","id":"972294..."} +0ms
loopback:security:access-context modelName User +0ms
loopback:security:access-context modelId undefined +0ms
loopback:security:access-context property greet +0ms
loopback:security:access-context method greet +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context accessToken: +0ms
loopback:security:access-context id "QqU0tx..." +0ms
loopback:security:access-context ttl 1209600 +0ms
loopback:security:access-context getUserId() 972294... +0ms
loopback:security:access-context isAuthenticated() true +0ms
loopback:security:role Custom resolver found for role $everyone +1ms
loopback:security:acl The following ACLs were searched: +0ms
loopback:security:acl ---ACL--- +0ms
loopback:security:acl model User +0ms
loopback:security:acl property * +0ms
loopback:security:acl principalType ROLE +0ms
loopback:security:acl principalId $everyone +0ms
loopback:security:acl accessType * +0ms
loopback:security:acl permission DENY +0ms
loopback:security:acl with score: +0ms 7495
loopback:security:acl ---Resolved--- +1ms
loopback:security:access-context ---AccessRequest--- +0ms
loopback:security:access-context model User +0ms
loopback:security:access-context property greet +0ms
loopback:security:access-context accessType READ +0ms
loopback:security:access-context permission DENY +0ms
loopback:security:access-context isWildcard() false +0ms
loopback:security:access-context isAllowed() false +0ms
strong-remoting:rest-adapter Error in GET /Users/greet?msg=%22Joe%22&access_token=QqU0tx...: Error: Authorization Required
at app.enableAuth.isAuthEnabled (/home/joeb/project17/node_modules/loopback/lib/application.js:327:21)
at Model.checkAccess (/home/joeb/project17/node_modules/loopback/lib/model.js:295:5)
at module.exports.ACL.checkAccessForContext (/home/joeb/project17/node_modules/loopback/common/models/acl.js:437:23)
at _asyncMap (/home/joeb/project17/node_modules/loopback/node_modules/async/lib/async.js:254:17)
at done (/home/joeb/project17/node_modules/loopback/node_modules/async/lib/async.js:135:19)
at _toString (/home/joeb/project17/node_modules/loopback/node_modules/async/lib/async.js:32:16)
at _asyncMap (/home/joeb/project17/node_modules/loopback/node_modules/async/lib/async.js:251:21)
at results (/home/joeb/project17/node_modules/loopback/node_modules/async/lib/async.js:575:34)
at module.exports.ACL.checkAccessForContext.find.async.parallel.resolved.permission (/home/joeb/project17/node_modules/loopback/common/models/acl.js:420:17)
at module.exports.Role.isInRole.resolver (/home/joeb/project17/node_modules/loopback/common/models/role.js:219:21) +13ms
We are running on what looks like a normal healthy server.