Anonymous user is always returned after logging in.

[jonnadams]

As the title states the anonymous user is always returned when trying to log in.

angular.module('angular-drupal').config(function($provide) {
  $provide.value('drupalSettings', {
    sitePath: 'http://api.circuit-territory.vm'
  });
});

   drupal.userLogin('test', 'test!').then(function(data) {
      console.log(data);
      var user = drupal.currentUser();
      var msg = user.isAuthenticated() ?
      'Hello ' + user.getAccountName() : 'Hello Anonymous User';
      console.log(msg);
    });

You can see my drupal configuration here. I wanted to make sure that permissions weren't the issue so I opened them up.

Any help on the matter would be greatly appreciated.

[kentr]

@jonnadams I'm not familiar with D7 REST, so I can't tell for sure: are you working with D8?

[signalpoint]

Looks like he is using D8 there. I think there is now a problem this module alongside Drupal 8.2, I believe the login mechanism has changed: https://www.drupal.org/documentation/modules/rest/javascript#comment-11731955

So I think we need to change this in jDrupal here: https://github.com/easystreet3/jDrupal/blob/8.x-1.x/src/includes/rest.inc.js#L82

Plus, for both D7 and D8, I believe the new X-CSRF-Token may be included (it for sure is in D7) in the response, so if we use that when it comes back, the subsequent connect call won't need to fetch another token.

[webdobe]

I believe your correct signalpoint I am unable to login with D8.2.3. I think it "may" have something to do with: https://www.drupal.org/node/2403307? I am unsure though. I cannot seem to find out what changed in the api.

[signalpoint]

@webdobe Last week I updated jDrupal to work properly with D8.2.*, so I think if you just download the latest jdrupal.min.js and include it in your index.html file, then angular-drupal should start working again for user login.

[webdobe]

Hmm I have the latest... I think it may have something to do with CORS. With the change of adding CORS config to a separate YAML file. I am having a hard time finding out how to make this work correctly....

Ok so While I was typing this I logged some connections. It appears that I need to be sending my requests to drupal using withCredentials set to true. Since jdrupal is using XMLHttpRequest; I am unable to use angular's httpprovider interceptor to change the withCredentials on the request.

$httpProvider.interceptors.push([
      function() {
        return {
          request: function(config) {
            config.withCredentials = true;
            return config;
          }
        };
      }
    ]);

Instead I have to be able to do this:

jDrupal.connect = function() {
  return new Promise(function(resolve, reject) {
    var req = new XMLHttpRequest();
    req.withCredentials = true;

Maybe you have an idea?

[webdobe]

Well I found the:

/**
 * Pre process a rest call.
 * @param {XMLHttpRequest} xhr
 * @param {*} data
 */
function hook_rest_pre_process(xhr, data) {
  // Do stuff before the rest call...
}

So I bet I can do something with that. But where do I use the hook?

[webdobe]

Figured it out. I had to add drupal.modules['modulename'] = true; to my user service and add the

modulename_res_pre_process(xhr) {
 xhr.withCredentials = true;
}

Outside the service.

[jsheffers]

@webdobe Can you go into more detail in how/where you implemented this in your angular app?

[webdobe]

@jsheffers So the modulename_res_pre_process(xhr) function I placed in my user service file but outside the service. But you need to add the drupal.modules['modulename'] within your service. This is then added to every rest call stating that your sending withCredentials. The rest of the CORS configuration is done in the services.yml file in drupal 8.x-3.x+

My Cors config looks like this (sites/default/services.yml):

  cors.config:
    enabled: true
    # Specify allowed headers, like 'x-allowed-header'.
    allowedHeaders: ['*']
    # Specify allowed request methods, specify ['*'] to allow all possible ones.
    allowedMethods: ['*']
    # Configure requests allowed from specific origins. 
    allowedOrigins: ['http://localhost:9000'] // or to my live site https://jesselongacre.com you need this otherwise the browser will say the drupal side rejected it.
    # Sets the Access-Control-Expose-Headers header.
    exposedHeaders: false
    # Sets the Access-Control-Max-Age header.
    maxAge: false
    # Sets the Access-Control-Allow-Credentials header. // this is where the withCredentials is supported
    supportsCredentials: true

Make sure to clear your cache after making the cors changes as drupal 8 I believe caches all this.

Additionally, you may need to setup # cookie_domain: '.example.com' in your services.yml file this will make sure that your cookies are passed to the app. Hense the withCredentials bit.