Problems with authentication token when using satellizer

Question

I'm trying to use Satellizer 0.15.5 to manage my user authentication.

I configure my satellizer as follows:

$authProvider.loginUrl = "http://localhost:8080/login/";
$authProvider.tokenName = "Authorization";
$authProvider.tokenPrefix = "myApp",

And in my controller I have:

$auth.login({
        userName: $scope.user,
        userPassword: $scope.password
    })
    .then(function(){
        $location.path("/");
        ngDialog.close();

    })
    .catch(function(response){
        // Something went wrong
    });

It meakes the request correctly, in fact, I'm getting my headers as I expect, and I get my Authorization token, however, it's not being sending in the following requests.

Theese are the only headers I retrieve in my server:

Header: Origin
Header: Cache-Control
Header: Accept
Header: Connection
Header: User-Agent
Header: Referer
Header: Host
Header: Pragma
Header: Accept-Encoding
Header: Accept-Language

And I'm not setting any header in any other point of the code... Am I missing some configuration or what's wrong?

EDIT: I'm using angular 1.6.4, so it's not an incompatibility versions problem.

Answer 1

This is what I have in my project:

   function getApiPath() {
     var apiPath = '/api.php/';   
     return apiPath;
   }

    var apiPath = getApiPath();

    $authProvider.httpInterceptor = false; // Add Authorization header to HTTP request
    $authProvider.loginOnSignup = true;
    $authProvider.loginRedirect = '/';
    //$authProvider.logoutRedirect = '/';
    $authProvider.signupRedirect = '#/login';
    $authProvider.loginUrl = apiPath + 'login';
    $authProvider.signupUrl = apiPath + 'signup';
    $authProvider.loginRoute = '#/login';
    $authProvider.signupRoute = '#/signup';
    $authProvider.tokenRoot = false;
    $authProvider.tokenName = 'token';
    $authProvider.tokenPrefix = 'MyCompany_' + window.location.host;
    $authProvider.unlinkUrl = '#/unlink/';
    $authProvider.unlinkMethod = 'get';
    $authProvider.authHeader = 'Authorization';
    $authProvider.withCredentials = true;

---

Hope it will help you.

---

Because of cross domain problem I send request to api.php - located in my client project and looks like:

<?php

$CORS_approved_array = array('Google Calendar Gadget');

//  && isset($_SERVER['HTTP_X_REQUESTED_WITH']) && in_array($_SERVER['HTTP_X_REQUESTED_WITH'], $CORS_approved_array)
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
    header('Access-Control-Allow-Methods: POST');
    header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
    header('Access-Control-Allow-Credentials: true');
}

date_default_timezone_set('GMT');

$protocol = 'https://';

$client_host = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : 'localhost';
if (strpos($client_host, 'www') !== FALSE) {
    $client_host = substr($client_host, 4);
}


if (FALSE !== strpos($client_host, 'local_src')) {
    $RemotePageURL = 'https://local-api.mycomp.me/index.php/api_client';
}
else if (FALSE !== strpos($client_host, 'localsrc')) {
    $RemotePageURL = 'https://local-api.mycomp.me/index.php/api_client';
}
else if (FALSE !== strpos($client_host, 'local')) {
    $RemotePageURL = 'http://local-api.mycomp.me/index.php/api_client';
}
else if (FALSE !== strpos($client_host, 'staging')) {
    $RemotePageURL = $protocol.'staging-api.mycomp.me/app';
}
else if (FALSE !== strpos($client_host, 'dev')) {
    $RemotePageURL = $protocol.'dev-api.mycomp.me/app';
}
else {
    $RemotePageURL = $protocol.'api.mycomp.me/app';
}

$RemotePageURL .= substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME']));


mb_internal_encoding('UTF-8');

$options = array(
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADER         => false,
    CURLOPT_CONNECTTIMEOUT => 120,
    CURLOPT_TIMEOUT        => 120,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_MAXREDIRS      => 10,
    CURLOPT_AUTOREFERER    => true,
    CURLOPT_USERAGENT      => $_SERVER['HTTP_USER_AGENT'],
    CURLOPT_VERBOSE        => false,
    CURLOPT_SSL_VERIFYHOST => 0,
    CURLOPT_SSL_VERIFYPEER => 0
);

if(isset($_SERVER['HTTP_REFERER'])) {
    $options[CURLOPT_REFERER] = $_SERVER['HTTP_REFERER'];
}

$post_data_json = file_get_contents("php://input");
if (count($_COOKIE) && isset($_COOKIE['external_api'])) {
    if (strpos($RemotePageURL, '_register')) {
        $post_data_array = array();
        if (!empty($post_data_json)) {
            $post_data_array = json_decode($post_data_json, true);
        }

        $external_api_array = json_decode($_COOKIE['external_api'], true);
        if (count($external_api_array)) {
            foreach ($external_api_array as $key => $value) {
                $post_data_array[$key] = $value;
            }
        }

        $post_data_json = json_encode($post_data_array);
    }
    // expire cookie
    setcookie('external_api', '', time() - 3600);
}

if ($post_data_json) {
    $options[CURLOPT_POST] = 1;
    $options[CURLOPT_POSTFIELDS] = $post_data_json;
    $options[CURLOPT_HTTPHEADER] = array (
        'Content-Type: application/json',
        'Content-Length: ' . strlen($post_data_json)
    );
}

$ch = curl_init($RemotePageURL);
curl_setopt_array($ch,$options);
$response = curl_exec($ch);

$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if ( $httpCode != 200 ){
    http_response_code($httpCode);
}
else {
    $vars_array = json_decode($response, true);
    if (isset($vars_array['data']['session_array']) && count($vars_array['data']['session_array'])) {
        $session_array = $vars_array['data']['session_array'];
        unset($vars_array['data']['session_array']);

        // create cookie with ttl for a day (in case client clock is not tuned well)
        setcookie('external_api', json_encode($session_array), time() + 86400);

        $response = json_encode($vars_array);
    }

    header('Content-Type: application/json');   
    echo $response;
}

curl_close($ch);