Clojurians Log v2

Clojure programming

Channels

# 100-days-of-code # aatree # admin-announcements # adventofcode # ai # alda # aleph # all-the-channels # announcements # arachne # architecture # asami # atlanta-clojurians # atom-editor # autochrome-github # avi # aws # aws-lambda # babashka # babashka-sci-dev # bangalore-clj # beginners # berlin # biff # bigdata # bitcoin # boot # boot-dev # boulder-clojurians # braid-chat # braveandtrue # brevis # bristol-clojurians # business # calva # capetown # carry # cbus # cestmeetup # chestnut # chlorine-clover # cider # circleci # clara # clj-commons # cljdoc # cljfx # clj-http # clj-kondo # clj-on-windows # cljs-dev # cljs-experience # cljsfiddle # cljsjs # cljsrn # cljtogether # clojars # clojure # clojure-android # clojure-argentina # clojure-art # clojure-austin # clojure-australia # clojure-austria # clojure-bangladesh # clojure-bay-area # clojure-beijing # clojure-belgium # clojure-berlin # clojure-boston # clojure-brasil # clojurebridge # clojurebridge-ams # clojure-canada # clojure-chennai # clojure-chicago # clojure-china # clojure-colombia # clojure-conj # clojurecup # clojure-czech # clojured # clojure-denmark # clojure-denver # clojure-derby # clojuredesign-podcast # clojure-dev # clojure-dusseldorf # clojure-ecuador # clojure-egypt # clojure-estonia # clojure-europe # clojure-filipino # clojure-finland # clojure-france # clojure-gamedev # clojure-germany # clojure-greece # clojure-guangzhou # clojure-hamburg # clojure-hk # clojure-houston # clojure-hungary # clojure-india # clojureindia # clojure-indonesia # clojure-ireland # clojure-israel # clojure-italy # clojure-japan # clojure-kc # clojure-korea # clojure-losangeles # clojure-madison # clojure-mexico # clojure-miami # clojure-mk # clojure-mke # clojure-morsels # clojure-my # clojure-new-zealand # clojure-nl # clojure-nlp # clojure-norway # clojure-poland # clojure-portugal # clojure-provo # clojure-quebec # clojureremote # clojure-romania # clojure-russia # clojure-sanfrancisco # clojurescript # clojurescript-ios # clojure-sdn # clojure-seattle # clojure-serbia # clojure-sg # clojure-shanghai # clojure-spain # clojure-spec # clojuresque # clojure-survey # clojure-sweden # clojure-switzerland # clojure-taiwan # clojure-turkiye # clojure-uk # clojure-ukraine # clojureverse-ops # clojurewerkz # clojurewest # clojurex # clojure-za # clojurian-chat-app # clojutre # cloverage # cloxp # clr # code-art # code-reviews # community-development # component # conf-proposals # conjure # consulting # contributions-welcome # copenhagen-clojurians # core-async # core-logic # core-matrix # core-typed # cryogen # crypto # css # cursive # cz-clojure # d2q # datacrypt # datahike # datalevin # datalog # data-oriented-programming # data-science # datascript # datavis # dato # datomic # defnpodcast # deps-new # depstar # devcards # devops # dirac # docker # docs # domino-clj # duct # dunaj # eastwood # editors # emacs # error-message-catalog # etaoin # ethereum # euroclojure # events # exercism # expound # figwheel # figwheel-main # flambo # fulcro # funcool # functionalprogramming # funimage # garden # ghostwheel # girouette # gis # google-cloud # gorilla # graalvm # graalvm-mobile # graclj # graphql # gratitude # gsoc # hammock-driven-dev # helix # heroku # hispano # holy-lambda # honeysql # hoplon # hugsql # humor # hypercrud # hyperfiddle # immutant # improve-getting-started # incanter # indycljs # inf-clojure # instaparse # integrant # interceptors # interop # introduce-yourself # iot # iotivity # ipfs # jackdaw # jaunt # java # javascript # javelin # jobs # jobs-discuss # jobs-rus # joker # jukebox # juxt # jvm # kaocha # keechma # kekkonen # keyboards # klipse # kosmos # lambdaisland # ldnclj # ldnproclodo # lein-figwheel # leiningen # liberator # liquid # livestream # local-first-clojure # london-clojurians # lsp # luminus # lumo # mail # malli # mathematics # meander # melbourne # membrane # mental-health # microservices # mid-cities-meetup # midje # minecraft # minimallist # missionary # monads # mount # music # new-channels # new-clojure # nextjournal # nginx # nrepl # numerical-computing # nyc # observability # off-topic # om # om-next # onyx # other-languages # other-lisps # overtone # pamela # parinfer # pathom # pedestal # perun # philosophy # phzr # planck # plastic # play-clj # podcasts # polylith # portal # portkey # portland-or # powderkeg # practicalli # precept # prelude # programming-beginners # project-updates # proletarian # proton # protorepl # pulsar # pure-frame # qa # qlkit # quil # random # rdf # react # reactive # reading-clojure # reagent # reclojure # re-frame # reitit # releases # remote-jobs # respo # rethinkdb # reveal # rewrite-clj # ring # ring-swagger # robots # rum # schema # sci # sfcljs # shadow-cljs # _silence # sim-testing # sioux-falls # slack-help # sneer # sneer-br # spacemacs # specmonstah # specter # speculative # spirituality-ethics # sql # startup-in-a-month # sydney # test200 # test-check # testing # thejaloniki # timbre # tmp-json-parsing # tools-build # tools-deps # trading # tree-sitter # uncomplicate # unrepl # untangled # utah-clojurians # videos # vim # vrac # vscode # wasm # web-security # windows # xtdb # yada # yleinen

Apps

yada

lwhorton 2019-01-04T18:34:11.014100Z

i seem to be missing something wrt auth(enticate|orize)> if my :access-control map contains a :authenticate (fn [ctx] ...) i get a doesn't conform to resource model schema error. the docs explicitly say to use the :authenticate fn as opposed to the verify multimethod: https://juxt.pro/yada/manual/index.html#sidebar-function-or-defmethod . am i missing something additional configuration?

lwhorton 2019-01-04T18:35:04.014700Z

:access-control {:scheme :app/cognito
                 :authenticate (fn [ctx]
                                 (println "we're here")
                                 [:a :b])
                 :verify (fn [[a b]]
                           (println "verify" a b)
                           {:user a
                            :roles #{:user}})
                 :authorization {:methods {:get :user}}
                 }

here’s an example of the failing config

malcolmsparks 2019-01-04T18:37:37.016500Z

I can help with this but afk right now. I'll get back to you.

malcolmsparks 2019-01-04T18:38:34.017600Z

Take a look at yada.security ns in the code and you'll see what is going on. You need to use a map

👍 1

malcolmsparks 2019-01-05T23:05:15.020Z

@lwhorton Could you paste me your yada resource verbatim? I'd like to figure out what's going wrong.

lwhorton 2019-01-07T21:38:51.020500Z

sure, i’ve gone through quite a few iterations trying to get things to stop complaining, but here’s the cfg that’s failing:

["login"
     (y/handler
       (y/resource {:id :login
                    :produces "text/plain"
                    :access-control {:realms
                                     {"default"
                                      {
                                       :authentication-schemes [{:scheme ":app/cognito"
                                                                 :authenticate (fn [ctx]
                                                                                 (println "we're here")
                                                                                 [:cred1 :cred2])
                                                                 }]
                                                                 :authorization {:methods {:get :user}}
                                       }}}
                    :methods
                    {:get {:parameters {:query {:code String}}
                           :response (fn [ctx]
                                       (let [resp (oauth-2 (get-in ctx [:parameters :query :code]))]
                                         (condp = (:status resp)
                                           200 {:status 302
                                                :cookies {"session" {:value "auth-cookie"}}
                                                :headers {"location" (bidi/path-for routes :index)}}
                                           {:status 401})))}}}))]

lwhorton 2019-01-07T21:41:27.020700Z

it’s likely i’m just doing something wrong either here or elsewhere that’s causing a fuss. i’m only exploring yada (and others) for potential future use as a web framework so i don’t have a ton of time unfortunately

malcolmsparks 2019-01-07T21:51:08.021Z

how's it failing - it seems a valid yada resource

malcolmsparks 2019-01-07T21:51:27.021200Z

the scheme is a bit odd, but should still pass

malcolmsparks 2019-01-07T21:53:34.021400Z

thanks for the error report though

lwhorton 2019-01-07T22:37:31.021600Z

took me a while to get back to the state-- here’s the stacktrace:

{:type clojure.lang.Compiler$CompilerException
   :message "Syntax error compiling at (core.clj:79:8)."
   :data #:clojure.error{:phase :compile-syntax-check, :line 79, :column 8, :source "core.clj"}
   :at [clojure.lang.Compiler$InvokeExpr eval "Compiler.java" 3707]}
  {:type clojure.lang.ExceptionInfo
   :message "Cannot turn resource-model into resource, because it doesn't conform to a resource-model schema"
   :data {:resource-model {:id :login, :produces "text/plain", :access-control {:realms {"default" {:authentication-schemes [{:scheme ":app/cognito", :authenticate #object[gerbil.web.core$fn__42156 0x746b849 "gerbil.web.core$fn__42156@746b849"]}], :authorization {:methods {:get :user}}}}}, :methods {:get {:parameters {:query {:code java.lang.String}}, :response #object[gerbil.web.core$fn__42158 0x4da94d8b "gerbil.web.core$fn__42158@4da94d8b"]}}}, :error {:access-control {:realms {"default" {:authentication-schemes [{(not (namespace :authenticate)) invalid-key}]}}}}}

lwhorton 2019-01-07T22:38:06.021800Z

if i change the key :authenticate to :foo/authenticate the resource validation does not complain

stijn 2019-01-08T11:17:57.022200Z

i'm getting the same error in 1.2.16

stijn 2019-01-08T11:23:22.022400Z

i also think yada 1.2.16 is not backwards compatible

stijn 2019-01-08T11:23:26.022600Z

i'll log an issue for that

lwhorton 2019-01-04T18:44:47.017800Z

bingo https://github.com/juxt/yada/blob/master/src/yada/security.clj#L89-L105

malcolmsparks 2019-01-04T18:46:56.018100Z

Great.

malcolmsparks 2019-01-04T18:49:25.018400Z

I'm rewriting auth currently to be async and to make things simpler with respect to realms. However, there shouldn't be any compatibility breakages as I'll ensure existing resource models work as is.

malcolmsparks 2019-01-04T18:50:43.018600Z

Things are a little awkward right now but please be assured I'm working on it. I've had lots of quality hammock time over the winter break.

lwhorton 2019-01-04T19:13:59.019Z

that’s good to hear. ive only been fooling around with the whole yada stack for a few weeks on a side project

lwhorton 2019-01-04T19:14:19.019200Z

overall it’s exactly what i’m looking for in a web stack, it’s just got a few rough edges still. i’m actually quite surprised something like this hasn’t existed for a long long time

lwhorton 2019-01-04T19:35:42.019500Z

i think there might be a schema specification issue — i’m still getting

:error {:access-control {:realms {"default" {:authentication-schemes [{(not (namespace :authenticate)) invalid-key, (not (namespace :authorization)) invalid-key}]}}}}

during resource validation. if i make the map {... :foo/authenticate ... :foo/authorization ...} i don’t get the error, but then obviously https://github.com/juxt/yada/blob/master/src/yada/security.clj#L104 fails at runtime