Current Behavior
Just as the title says, when using Payload's payload.authenticate middleware, the req.user object is only successful when accessing the collection used in the config.admin.user. But when trying to access a different auth enabled collection, it returns undefined.
Expected Behavior
I could be wrong but after reading the docs, I thought you could use this middleware thee authenticate any collection. I am definitely still learning Payload so my apologies if I am incorrect.
Steps to Reproduce & Detailed Description
I am using Payload 1.1.21.
I am just testing out a small idea and the only things I am using aside from Payload is LiquidJS for my templating, body-parser, and Stripe with I already configured an alias for. Everything else, I really just stuck to the docs for and haven't even set Stripe up yet to even interact with the app.
I see the cookie being placed with the token and prefix, and I first tested signing in via the Payload admin login page to first set the admin cookie then went to the account page and was able to authenticate and read the req.user in the console. Then, I signed out of the Admin user, made sure the cookie was gone and then used my login page to sign in as a mock user for my Users collection. I also see the cookie being set, see the token generated and even read the successful response from payload.login but when it redirects to the /account route, it shows unauthenticated and the req.user is undefined.
Here is my configuration and how I triggered this behavior:
payload.config.js
import Admins from './path/toAdmins';
import Users from './path/to/Users';
export default buildConfig({
serverURL: process.env.APP_URL,
admin: {
user: Admins.slug
},
cookiePrefix: 'pk',
// rest of configuration
});Admins.js
const Admins = {
slug: 'admins',
auth: true,
admin: {
useAsTitle: 'email',
disableDuplicate: true
}
// rest of admin config / fields
}
export default AdminsUsers.js
const Users = {
slug: 'users',
auth: true,
admin: {
useAsTitle: 'email',
disableDuplicate: true
}
// rest of admin config / fields
}
export default Users;Finally for the routes, I am signing in using the Local API login and I copied it directly from the docs:
import express from 'express';
import payload from 'payload';
const app = express();
payload.init({
secret: process.env.SECRET_KEY,
mongoURL: 'mongodb://localhost/payload',
express: app,
});
const router = express.Router();
router.use(payload.authenticate);
router.get('/login', (req, res) => {
res.render('login') // Renders a basic login from using LiquidJS
});
router.post('/login', async(req, res) => {
try {
const result = await payload.login({
collection: 'users',
data: {
email: req.body.email,
password: req.body.password,
},
req: req,
res: res,
depth: 2
});
res.redirect('/account');
} catch(err) {
res.send(err);
}
});
router.get('/account', (req, res) => {
console.log(req.user);
if (req.user) {
return res.send(`Authenticated successfully as ${req.user.email}.`);
}
return res.send('Not authenticated');
});
app.use('/', router);
app.listen(3000, async () => {
payload.logger.info(`listening on ${3000}...`);
});Just want to end this and say thank you to the entire Payload team behind this. Haven't been this excited about a CMS in years! Really hoping to figure this small issue out! Thank you again!
Current Behavior
Just as the title says, when using Payload's
payload.authenticatemiddleware, thereq.userobject is only successful when accessing the collection used in theconfig.admin.user. But when trying to access a different auth enabled collection, it returnsundefined.Expected Behavior
I could be wrong but after reading the docs, I thought you could use this middleware thee authenticate any collection. I am definitely still learning Payload so my apologies if I am incorrect.
Steps to Reproduce & Detailed Description
I am using Payload 1.1.21.
I am just testing out a small idea and the only things I am using aside from Payload is LiquidJS for my templating, body-parser, and Stripe with I already configured an alias for. Everything else, I really just stuck to the docs for and haven't even set Stripe up yet to even interact with the app.
I see the cookie being placed with the token and prefix, and I first tested signing in via the Payload admin login page to first set the admin cookie then went to the account page and was able to authenticate and read the
req.userin the console. Then, I signed out of the Admin user, made sure the cookie was gone and then used my login page to sign in as a mock user for my Users collection. I also see the cookie being set, see the token generated and even read the successful response frompayload.loginbut when it redirects to the /account route, it shows unauthenticated and thereq.userisundefined.Here is my configuration and how I triggered this behavior:
payload.config.js
Admins.js
Users.js
Finally for the routes, I am signing in using the Local API login and I copied it directly from the docs:
Just want to end this and say thank you to the entire Payload team behind this. Haven't been this excited about a CMS in years! Really hoping to figure this small issue out! Thank you again!