How does Guardian.Permissions work?

shahryarjb · March 2, 2018, 4:11pm

Hello,
I create the token first in my project’s source and send it to Pipeline.

For example:

Test for create token:

url : http://localhost:4000/api/users/sign-in
value : password : "2"

Test for authorization :

url : http://localhost:4000/api/users/sign-out
header :  Authorization : Bearer Token

I get the {"message":"unauthorized"} when I send a request to sign-out

My pipline :

github.com

shahryarjb/ESOGIP/blob/master/lib/api_trangell/auth_pipeline.ex#L7


defmodule ApiTrangell.AuthPipeline do
	@claims %{typ: "access"}  
  use Guardian.Plug.Pipeline, otp_app: :api_trangell,
                              module: ApiTrangell.Guardian,
                              error_handler: ApiTrangell.AuthErrorHandler


  plug Guardian.Plug.VerifySession, claims: @claims
  plug Guardian.Plug.VerifyHeader, claims: @claims, realm: "Bearer"
  plug Guardian.Plug.EnsureAuthenticated
  # plug Guardian.Permissions.Bitwise, ensure: %{default: [:public_profile], user_actions: [:books]}
  plug Guardian.Plug.LoadResource, ensure: true
end

A code in which the token is made :

github.com

shahryarjb/ESOGIP/blob/master/lib/api_trangell_web/controllers/page_controller.ex#L8-L19


	def sign_in(conn, %{"password" => password,}) do
		user = %{id: "1", user: "shahryar"}


		case password do
			"2" ->
				perms = %{default: [:public_profile], user_actions: [:books]}
				# {:ok, token, _claims} = ApiTrangell.Guardian.encode_and_sign(user, %{some: "claim", userid: 2, admin: 2, pem: %{default: [:public_profile], user_actions: [:books]}}, token_type: "access",ttl: {99, :weeks})
				conn = ApiTrangell.Guardian.Plug.sign_in(conn, user, %{some: "claim", admin: 12}, permissions: perms)
				# json conn, %Person{token: token}
				json conn, %Person{token: ApiTrangell.Guardian.Plug.current_token(conn)}
			_ -> 
				conn |> send_resp(204, "sss")

Meanwhile, I have tested without Plug and succeed.

user = %{id: "1", user: "shahryar"}

{:ok, token, claims} = ApiTrangell.Guardian.encode_and_sign(user, %{some: "claim", userid: 2, admin: 2, pem: %{default: [:public_profile], user_actions: [:books]}}, token_type: "access",ttl: {99, :weeks})

claims |> ApiTrangell.Auth.Token.decode_permissions_from_claims |> ApiTrangell.Auth.Token.all_permissions?(%{default: [:public_profile], user_actions: [:books]})

How do I fix this ? Thanks.

shahryarjb · March 4, 2018, 5:37am

doesn’t anybody know how to fix my problem?

dokuzbir · March 4, 2018, 7:08am

I am not sure but maybe first you should sign_in in “test for authorization”. Looks like if you sign in at different test you just sign in only for that test.