fix(authentication): Include query params when authenticating via authenticate hook#2009
Conversation
|
Looks like nothing is breaking and I reviewed the dependent calls and there really appears no reason anymore for not including the query. Thanks for the PR! |
|
It seems to me that something is failing in his logic, including the query parameter is breaking my code, I use the authenticate('jwt') hook as a header everywhere and is performing the query to the service by adding in the query a column that obviously does not exist in the users model because the main query is directed on another service that uses another object model. |
|
Not sure how i missed that, that's exactly what I was worried about. Fixed in v4.5.6. |
|
Do most of the adapters support pulling the model attributes like sequelize? It would be pretty easy to apply a whitelist of allowed fields by just pulling the models attributes. |
|
@jchamb that would assume the user service is backed by a database adapter, and not for example a proxy to another service, on another server. |
|
@flyboarder very true. Was just thinking as an easy default whitelist for what is prob the more common/standard installs. I would say that, that would also be an easy config, but if your going to have to config something might as well just make be explicit like your #2008 |
Supersedes #2008 fixes #2007