Detect that user is not valid in replication

I have setup Couchbase Mobile and Sync Gateway using Session Cookie, there is a web panel which let users to delete their own sessions on different devices, this is due to prevent their data being synced on that specific device, But after deleting the specific session I don’t get any error on that device replication, it just does not sync anymore.
I want that device get notified on invalid session.
I checked the ChangeListener event and there where no sign of any error, it just does not sync anymore.

Which platform? This sounds similar to an iOS issue we just fixed a few weeks ago.

:smile:
This occurs on Android.

@hideki, any idea?

I’m thinking of the issue where the bulk-get 401 error response wasn’t being handled correctly and didn’t cause the replication to fail with an error. I know we were comparing the code for this on iOS and Java; did the same issue exist there?

Hi @Alidoust,

Could you please post logs and/or stacktrace from logcat?

Is your app Android app or PhoneGap app for Android?

Thanks,
Hideki

logcat.zip (15.3 KB)

Hi @hideki

Here is the logcat, i hope this help to find the solution.

Sorry it was my mistake, i didn’t disable guest user in sync function. :smiley:
There are no sign of any bug, thank you for support guys.

Hi Jens,

Sync Gateway version: 1.3
CBLite version: 1.3.1

I am having this issue with our Cordova/Phonegap CBLite configuration. We are using custom authentication that returns the user session id to CBLite. Our sync gateway bucket config looks like:

{
  "server": "http://xxx.net:8091",
  "pool": "default",
  "bucket": "edc",
  "username": "edc",
  "password": "password",
  "name": "edc",
  "sync": "function(doc) {channel(doc.channels);}",
  "event_handlers": {
    "document_changed": [
      {
        "filter": "function(doc) { if (doc.data.assessmentStatus && doc.data.docType == \"visit\") { return true; } return false; }",
        "handler": "webhook",
        "url": "http://xxx/cb-rs/intake"
      }
    ]
  }
}

I am seeing in our SG.log file that CBLite users are, after some time but not greater than session TTL, not getting documents synced that are in their channels. The CBLite users are able to create documents as Guest and push to Sync Gateway (which should not be allowed). I have added in some logs to check session id so i can try to compare when our testing team finds this issue happening sporadically. Is there a way programatically i can do this session id check? Currently i am trying with this, but not having any luck:

let userData = JSON.parse(localStorage.getItem(USER_DATA));
  let url = `xxx:4985/edc/_session/${userData.session_id}`;
  reqwest({ url,
    method: 'GET',
    crossOrigin: true,
  })

Please let me know if you need any other details

Where is this shown in the logs?

On our sync gateway install, i was able to see a document created with (as GUEST) at the end of it. At this time our sync function looks like:

function(doc) {
 channel(doc.channels);
}

Do we need to update this to eliminate documents created as GUEST?

i was able to see a document created with (as GUEST) at the end of it.

Your db config has no users object, so by default guest access isn’t enabled. Did you use the admin REST API to enable the guest user account? That’s the only way that SG would be allowing an unauthenticated request.

Your db config has no users object, so by default guest access isn’t enabled.

Correct, our ‘edc’ bucket does not have a Guest user, the other two buckets do, could that be causing the issue? We will be removing these as they were just for testing purposes.

{
  "Interface": "xxx.net:4984",
  "AdminInterface": "xxx.net:4985",
  "CORS": {
    "Origin": [
      "*"
    ],
    "LoginOrigin": [
      "*"
    ],
    "Headers": [
      "Content-Type"
    ],
    "MaxAge": 0
  },
  "Log": [
    "HTTP+",
    "Changes+",
    "CRUD+",
    "Bucket",
    "Auth",
    "Feed+",
    "Cache+",
    "Access",
    "Events+"
  ],
  "LogFilePath": "D://Couchbase//log//SG.log",
  "Databases": {
    "edc": {
      "server": "http://xxxx.net:8091",
      "pool": "default",
      "bucket": "edc",
      "username": "edc",
      "password": "edcnextgen",
      "name": "edc",
      "sync": "function(doc) {channel(doc.channels);}",
      "event_handlers": {
        "document_changed": [
          {
            "filter": "function(doc) { if (doc.data.assessmentStatus && doc.data.docType == \"visit\") { return true; } return false; }",
            "handler": "webhook",
            "url": "xxxx.net:8181/cb-rs/chaIntake"
          }
        ]
      }
    },
    "edc_extracts": {
      "server": "xxxx.net:8091",
      "pool": "default",
      "bucket": "edc_extracts",
      "name": "edc_extracts",
      "sync": "function(doc) {channel(doc.channels);}",
      "users": {
        "GUEST": {
          "name": "",
          "admin_channels": [
            "*"
          ],
          "all_channels": null
        }
      }
    },
    "sync_gateway": {
      "server": "xxxx.net:8091",
      "pool": "default",
      "bucket": "sync_gateway",
      "name": "sync_gateway",
      "sync": "function(doc) {channel(doc.channels);}",
      "users": {
        "GUEST": {
          "name": "",
          "admin_channels": [
            "*"
          ],
          "all_channels": null
        }
      }
    }
  }
}

To my knowledge no one has updated the bucket configuration via the ADMIN.

Current this is working to check session id but I have two questions with this.

  1. it is always returning an object, even when session TTL is reached. Is there code we need to write to terminate session when TTL is reached?

    {
    “authentication_handlers”: [
    “default”,
    “cookie”
    ],
    “ok”: true,
    “userCtx”: {
    “channels”: {
    “!”: 1,
    “forms”: 28950,
    “user01”: 28950
    },
    “name”: “user01”
    }
    }

  2. What is the correct way to check session id is valid against sync gateway/cblite?

Got help from Couchbase Team, disable GUEST user through REST API, issue resolved thank you!