When authenticating with drupal via an app/javascript all that is returned in the response is the cookie name and id.

In order to actually load a user object of the user that just logged in you need to know the users uid. Currently there is no access to this information.

Can the user's account object be returned as part of the response? If that is too heavy just the UID would be OK and you can use it on a subsequent request to load the users profile data?

Is there is another way to retrieve a users profile data after authenticating? The equivalent of system/connect.json in D7?

I am happy to write the patch if i get confirmation this is the correct path to take. Thanks for your time.

CommentFileSizeAuthor
#8 response.PNG76.83 KBanshuljain2k8
#8 Request.PNG39.46 KBanshuljain2k8

Issue fork services-2679599

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Rob Holmes created an issue. See original summary.

tyler.frankenstein’s picture

tyler.frankenstein commented

I needed the equivalent System Connect in D8, so I added one to the jDrupal module: http://cgit.drupalcode.org/jdrupal/tree/src/Plugin/rest/resource/jDrupal...

With it I return their uid, name and roles. Feel free to use all or none of it in a custom module, or better yet if Services D8 needs it (I'll defer to Kyle on that one) feel free to add a REST resource like this.

Right now this is the order I take with an app:

  1. Call jDrupal Connect
  2. If they're authenticated, make another call to the user load core resource
  3. If they're anonymous, wait until they login, then make a connect call to get their new id, and then make a user load call... a little heavy on the requests but it gets the job done
kylebrowning’s picture

kylebrowning commented

We should just return that from UserLogin.php

kylebrowning’s picture

kylebrowning commented

Im also open to adding another ServiceDefinition that mimics System Connect.

rob holmes’s picture

rob holmes commented

I've been thinking about the implications of returning a full user object on login reponse, potentially it is a large amount of data that is not necessarily required in all circumstances and can potential contain sensitive information depending on what has been stored in fields or in the users 'data' field that you might not want to expose to the client.

In Drupal 7 there was the hook_services_account_object_alter, hook_services_request_postprocess_alter etc that allows the response to be modified/limited, if there is still such a mechanism in drupal8 then returning the user object in full is fine as you can later decided to remove sensitive parts of the data, if there isnt then should just the userID be returned and then you have the possibility of loading the current user only if you need it.

Thoughts?

anshuljain2k8’s picture

anshuljain2k8 commented

When user/login resource is called in drupal 7 , it used to return Session ID , which we keep in cookie to keep track of current user session , we can do similar thing in Drupal 8 , user/login resource handler instead of returning the user object.

rob holmes’s picture

rob holmes commented

Currently Drupal 8 returns the session id and the cookie, but i am unsure how you can use it to obtain the user object if needed? All current endpoints for retrieving a user require the UID which is still unknown at this point, am i missing something obvious here?

anshuljain2k8’s picture

anshuljain2k8 commented
StatusFileSize
new Request.PNG39.46 KB
new response.PNG76.83 KB

Thanks @Rob Holmes for reply , I am getting HTML in response when i try to log in to drupal 8 site using POSTER Plugin in mozilla firefox (With POST Request). I am getting 200 OK Response and able to login succesfully but the output is HTML, Can you please tell me if i am doing something wrong.

Attaching Request and Response Screenshot with this post.

rob holmes’s picture

rob holmes commented

You are posting at the drupal's HTML site/login form you should be posting at the user_login endpoint defined by the services module. The user_login endpoint returns an array containing id and name.

return [
   'id' => $this->session->getId(),
   'name' => $this->session->getName(),
];
anshuljain2k8’s picture

anshuljain2k8 commented

@Rob Holmes , Thanks for reply, but can you elaborate more on this , and provide me with example with POST url , Parameters and Post Data please ?

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Version: 8.x-4.x-dev » 5.x-dev

Re #9: The information is correct, but at least since #2238561: Use the default PHP session ID instead of generating a custom one (Change record: https://www.drupal.org/node/3006306)
the 

'id' => $this->session->getId(),

returns an empty string!

So using the services module login method returns:

{
  "id": "",
  "name": "SSESS2a2e46d6add4bddd473123417e13ddc0067a6f"
}

Adding

$this->session->save();

prior to the return statement restores the expected functionality.

Still this isn't very helpful, I think?

Looking at the code one line below you see a maintainer comment:

// Return $this->entityManager->getStorage('user')->load($uid);

So I'm adding a MR not only to save the session and fix the empty ID, but also to return the user ID of the logged in user on success.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Status: Active » Needs review

Could someone please review this approach?

Anybody opened merge request !12

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Title: When authenticating via endpoint/user/login the user sbject or uid should be returned » When authenticating via endpoint/user/login the user suject or uid should be returned
anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Title: When authenticating via endpoint/user/login the user suject or uid should be returned » When authenticating via endpoint/user/login the user object or uid should be returned
anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Related issues: +#3437677: Add (current) user information ServiceDefinition

I just compared this to the Drupal 7 result and I think we should try to get parity, where possible and useful.
Getting the user information on login is very typical I think to show user information. If someone disagrees, we should at least allow to fetch the user information easily in a second call: #3437677: Add (current) user information ServiceDefinition

So best would be maintainer feedback here to hear, if adding user details to the response is fine or this should be split off!

This is the Drupal 7 response:

{
  "sessid": "2345u34p5cp1243c5p1237rn32487to34r1345",
  "session_name": "SSESSdftp348rjp8epfsadifjsadfasdf",
  "token": "DFasdt34trasDCsadh435qSDDFASFASDFSDF",
  "user": {
    "uid": "89",
    "name": "my-username",
    "mail": "info@example.com",
    "theme": "",
    "signature": "",
    "signature_format": "plain_text",
    "created": "1366634374",
    "changed": "1366634374",
    "access": "1712076061",
    "login": 1712122466,
    "status": "1",
    "timezone": "Europe/Berlin",
    "language": "de",
    "picture": {
      "fid": "2119",
      "uid": "89",
      "filename": "picture-89-1391671995.jpg",
      "uri": "public://pictures/picture-89-1391671995.jpg",
      "filemime": "image/jpeg",
      "filesize": "6057",
      "status": "1",
      "timestamp": "1395253201",
      "origname": "picture-89-1370964980.jpg",
      "url": "https://www.example.com/sites/default/files/pictures/picture-89-1391671995.jpg"
    },
    "init": "info@example.com",
    "data": {
      "contact": 1,
      "mimemail_textonly": 0,
      "l10n_client_disabled": false
    },
    "roles": {
      "2": "authenticated user",
      "3": "administrator"
    },
    "field_anrede": {
      "und": [
        {
          "value": "Herr"
        }
      ]
    },
    "field_user_datenschutz": {
      "und": [
        {
          "value": "1"
        }
      ]
    },
    "field_user_branche": {
      "und": [
        {
          "value": "Sonstige"
        }
      ]
    },
    "force_password_change": "0",
  }
}