How to properly use user registration in ServiceStack -


i new servicestack , having problems understanding user registration stuff. our goal to:

  1. allow user create new account
  2. verify if user name and/or email in use
  3. automatically log user in after registering
  4. return jwt token response

i using registerservice located here of our user registration logic.

the problem seems after user registers other user can register same user name and/or email , updates previous users data. have noticed when restart api line:

registrationvalidator?.validateandthrow(request, registernewuser ? applyto.post : applyto.put);

will throw error if user name or email exists. however, explained once new user registers, user right after them can use exact same info , updates user before it. not desired result.

why validation seem work if restart api, not while running?

as step through code have noticed this.getsession() seems return new session set null when api first started, once user logs in or registers getsessions() returns recent user session.

i apologize in advance if come off know nothing, said new servicestack , have pretty spent past couple of days @ work trying figure out. have scoured many forums including servicstacks customer forums , here. advice appreciated!

the problem seems after user registers other user can register same user name and/or email , updates previous users data.

only current user can update user registration info after they're registered. can return being unauthenticated user out calling /auth/logout clear session or if using service client:

client.post(new authenticate { provider = "logout" }); 

why validation seem work if restart api, not while running?

because user authenticated , you're using default in memory cache client sessions saved to , restarting app domain clears user sessions authenticated unauthenticated.

there's few different options achieve desired outcome:

register authenticate user

  1. use register service create new account. registration service throw if username or email in use.

  2. on successful registration, call authenticate service (/auth/credentials) authenticate user using new credentials. if jwt authprovider registered , it's called using https or jwt auth provider configured requiresecureconnection=false return jwt token , refresh token.

if authenticate usetokencookie=true authenticated usersession converted jwt token , returned in ss-tok cookie.

register user autologin convert session token

auto login register service, calling register service autologin=true authenticate user after registering them in same request, registerresponse dto register service returns doesn't contain jwt token, instead can call /session-to-token convert current authenticated user session jwt token returned in ss-tok cookie sent subsequent requests make authenticated requests.

register user autologin latest version

i've added support returning jwt token , refresh token in autologin register requests in this commit can register user with:

var response = client.post(new register {     //...     autologin = true }); 

and you'll able access jwt tokens in:

response.bearertoken   //jwt token response.refreshtoken  //jwt refreshtoken 

this change available v4.5.15 that's available on myget.


Comments

Popular posts from this blog

ZeroMQ on Windows, with Qt Creator -

unity3d - Unity SceneManager.LoadScene quits application -

python - Error while using APScheduler: 'NoneType' object has no attribute 'now' -