How to properly use user registration in ServiceStack -
i new servicestack , having problems understanding user registration stuff. our goal to:
- allow user create new account
- verify if user name and/or email in use
- automatically log user in after registering
- return jwt token response
i using registerservice located here of our user registration logic.
the problem seems after user registers other user can register same user name and/or email , updates previous users data. have noticed when restart api line:
registrationvalidator?.validateandthrow(request, registernewuser ? applyto.post : applyto.put);
will throw error if user name or email exists. however, explained once new user registers, user right after them can use exact same info , updates user before it. not desired result.
why validation seem work if restart api, not while running?
as step through code have noticed this.getsession() seems return new session set null when api first started, once user logs in or registers getsessions() returns recent user session.
i apologize in advance if come off know nothing, said new servicestack , have pretty spent past couple of days @ work trying figure out. have scoured many forums including servicstacks customer forums , here. advice appreciated!
the problem seems after user registers other user can register same user name and/or email , updates previous users data.
only current user can update user registration info after they're registered. can return being unauthenticated user out calling /auth/logout
clear session or if using service client:
client.post(new authenticate { provider = "logout" });
why validation seem work if restart api, not while running?
because user authenticated , you're using default in memory cache client sessions saved to , restarting app domain clears user sessions authenticated unauthenticated.
there's few different options achieve desired outcome:
register authenticate user
use register service create new account. registration service throw if username or email in use.
on successful registration, call
authenticate
service (/auth/credentials
) authenticate user using new credentials. if jwt authprovider registered , it's called usinghttps
or jwt auth provider configuredrequiresecureconnection=false
return jwt token , refresh token.
if authenticate usetokencookie=true authenticated usersession converted jwt token , returned in ss-tok
cookie.
register user autologin convert session token
auto login register service, calling register
service autologin=true
authenticate user after registering them in same request, registerresponse
dto register service returns doesn't contain jwt token, instead can call /session-to-token convert current authenticated user session jwt token returned in ss-tok
cookie sent subsequent requests make authenticated requests.
register user autologin latest version
i've added support returning jwt token , refresh token in autologin
register requests in this commit can register user with:
var response = client.post(new register { //... autologin = true });
and you'll able access jwt tokens in:
response.bearertoken //jwt token response.refreshtoken //jwt refreshtoken
this change available v4.5.15 that's available on myget.
Comments
Post a Comment