Search code examples
kotlinauthenticationsessionkotlin-multiplatformktor

The authentication session doesn't behave as intended when wrapped with 'authenticate("auth-session")' in my app

Here is my main class in which I configure all the components of the application:

internal fun Application.module() {

    install(Koin) {
        modules(getKoinModule())
    }

    val localSource by inject<LocalSource>()

    install(Routing) {
        api(application = application, localSource = localSource)
    }

    configureMonitoring()
    configureAuth()
    configureSession()

    install(StatusPages) {
        exception<Throwable> { call, cause ->
            call.respond(cause.toString())
        }
    }

    install(ContentNegotiation) {
        json()
    }
}

The problem just lies in the new plugins (Authentication, Sessions), which I basically did based on the documentation(OAuth, Sessions).

Here is their code:

fun Application.configureAuth() {
    this.log.info("configureAuth")
    install(Authentication) {
        session<UserSession>(name = "auth-session") {
            [email protected]("this session: ${this.name}")
            validate { session ->
                [email protected]("User session: authorized $session")
                session
            }
            challenge {
                [email protected]("User session: unauthorized")
                call.respondRedirect("/unauthorized")
            }
        }
    }
}

and

fun Application.configureSession() {
    this.log.info("configureSession")
    install(Sessions) {
        val secretEncryptKey = hex("00112233445566778899aabbccddeeff")
        val secretAuthKey = hex("02030405060708090a0b0c") //6819b57a326945c1968f45236589
        cookie<UserSession>(
            name = "USER_SESSION",
            storage = directorySessionStorage(File(".sessions"))
        ) {
            transform(SessionTransportTransformerEncrypt(secretEncryptKey, secretAuthKey))
        }
    }
}

I use the following dependency

"io.ktor:ktor-server-auth:2.0.3"
"io.ktor:ktor-server-sessions:2.0.3"

And now in places where I need to add authenticate("auth-session") for example here:

fun Routing.authorizedRoute() {
    val logger = LoggerFactory.getLogger(javaClass)
    logger.debug("authorizedRoute here")
    authenticate("auth-session") {
        route("/authorized") {
            get {
                logger.debug("authorizedRoute authorized GET")
                call.respond(
                    message = ApiResponse(success = true),
                    status = HttpStatusCode.OK
                )
            }

            post {
                logger.debug("authorizedRoute authorized POST")
                call.respond(
                    message = ApiResponse(success = true),
                    status = HttpStatusCode.OK
                )
            }
        }
    }
}

Instead of getting into the router /authorized, I get into the challenge method and the session itself does not pass validation, although it was created in the sessions folder. enter image description here

UPD:

When I try to debug the onAuthenticate method in io.ktor.server.auth, I see that it does not save my session enter image description here

Also here is the code where I set the value for this session: https://gist.github.com/mnewlive/1933134a58a950525f949aed23c31d5e

Solution

  • The problem was that it was not possible to save cookies received from the server in response to requests.

    So i solve it with next code:

    install(HttpCookies) {
    storage = AcceptAllCookiesStorage()
}