[英]passport.authenticate not working as expected
Odd behavior, here. 奇怪的行为,在这里。 When I hit
/login
with correct username/password combo, it does in fact send me to the /secret route. 当我使用正确的用户名/密码组合击中
/login
时,实际上确实使我进入了/ secret路由。 When I use the wrong combination, it correctly redirects my right back to where I started. 当我使用错误的组合时,它将正确地将我的权限重定向回我的起点。
However, if I try to "lock down" a route, say: 但是,如果我尝试“锁定”路线,请说:
app.get('/mySecretRoute', passport.authenticate('local'), function(req, res, next){
res.json({test:"secret"});
});
Then I get a 401: Unauthorized
if I try to hit it after logging in. It appears that a cookie is indeed set, but maybe not the correct one. 然后,我得到一个
401: Unauthorized
如果我尝试在登录后点击它。看来确实设置了cookie,但可能不是正确的cookie。 I have verified that the user is returned in the local strategy, and that serialization does grab the right user. 我已经验证了该用户是在本地策略中返回的,并且序列化确实可以抓住合适的用户。 How do I correctly configure passport to use the local strategy and lock down routes?
如何正确配置通行证以使用本地策略并锁定路由? I've looked through the documentation and it seems I am following the instructions.
我仔细阅读了文档,似乎我正在按照说明进行操作。
// all environments
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.json());
app.use(express.urlencoded());
app.use(express.methodOverride());
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
mongoose.connect(config.mongo.host + ':' + config.mongo.port + '/' + config.mongo.db_name);
app.get('/', routes.index);
app.get('/secret', function(req, res, next){
res.render("secret");
});
app.get('/login', function(req, res, next){
res.render("login");
});
app.post('/login',
passport.authenticate('local', { successRedirect: '/secret',
failureRedirect: '/'
})
);
app.get('/register', function(req, res, next){
res.render('register');
});
app.post('/register', register);
passport.use(new LocalStrategy(
function(username, password, done) {
User.findByUsername(username, function(err, user) {
console.log(username);
if (err) { return done(err); }
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
if (!user.validPassword(password)) {
return done(null, false, { message: 'Incorrect password.' });
}
return done(null, user);
});
}
));
passport.serializeUser(function(user, done) {
console.log(user._id);
done(null, user._id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
function register(req, res, next) {
console.log(req.body.username);
console.log(req.body.password);
User.addUser(req.body.username, req.body.password, function(err){
if(err) throw new err;
});
}
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});
For the most part, everything I originally posted works fine. 在大多数情况下,我最初发布的所有内容都可以正常运行。
Despite the lack of good documentation on Passport's site, I was able to create a simple middleware to check if the user is logged in: 尽管Passport站点上缺少好的文档,但是我仍然能够创建一个简单的中间件来检查用户是否登录:
exports.loggedIn = function(req, res, next) {
console.log('Checking credentials...');
console.log(req.user);
if(req.isAuthenticated()){
next();
} else {
res.redirect("/");
}
};
I'm not sure if this is the best way of doing it, but req.isAuthenticated is provided by Passport itself, so it must be somewhat standard. 我不确定这是否是最好的方法,但是req.isAuthenticated由Passport本身提供,因此它在某种程度上必须是标准的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.