I’m experiencing some very strange behaviour with the Realm SDK for NodeJS.
I am authenticating user the Email/Password method. Upon authentication, the user is successfully returned, and I can view their _id as well as their Username and Job Role (both custom data, mapped to the ‘User’ collection, username and job_role, respectively) in the console - all correct and working as expected.
However, when then querying the current user using app.currentUser (part of the Realm SDK for NodeJS) I receive a totally un-related user in return?
See code below (excuse the excessive ‘console.log’ entries - currently debugging, and aware not secure):
This works perfectly:
app.post('/login', async function(req, res) {
let username = req.body['email'],
password = req.body['password'];
console.log(username)
console.log(password)
let credentials = Realm.Credentials.emailPassword(
username,
password
);
try {
const user = await realmApp.logIn(credentials);
console.log("Successfully logged in!", user.id);
console.log(user)
const customUserData = realmApp.currentUser.customData;
console.log(customUserData);
res.render('loggedin.ejs', {user: user});
return user;
} catch (err) {
if (err instanceof Error) {
console.error("Failed to log in", err.message);
}
}
let realm = await Realm.open(config);
});
Then when querying here, I receive a totally un-related user? :
app.get('/test', function(req, res) {
console.log(realmApp.currentUser.id)
res.render('test.ejs', {user: realmApp.currentUser});
});
Something strange (and very un-secure) is going on here?
I should also add, that I have also implemented a ‘/logout’ route using the SDK, and it works perfectly - i.e. the user object is undefined following completion - and on logging back in with one user, the issue above is re-created?
Can anyone help - something to do with sessions? I have no idea!!