[英]Invoke route handlers on both, Successful Authentication and failure, for passportjs + Node.js + Express.js Rest API
Please take a look at this basic login/token process using passport basic strategy for a Rest API: 请使用针对Rest API的通行证基本策略,看一下这个基本的登录/令牌过程:
the route: 路线:
router.get('/token', authenticate.basic, controller.token);
authenticate basic strategy: 验证基本策略:
authenticate.basic = passport.authenticate('basic', {session: false});
/* implementation of the Basic Strategy*/
passport.use('basic', new BasicStrategy(function(username, password, done) {
authenticationService.login(username, password).then(function(user) {
if (!user) {
return done(null, false, { message: 'Login failed' });
}
return done(null, user);
}).catch(function(e) {
return done(e)
});
}));
token controller (route handler): 令牌控制器(路由处理程序):
controller.token = function(req, res, next) {
if (!req.user) {
// TODO fix this dead branch
return res.json(401, {error: "Login failed"});
}
authService.issueToken(req.user).then(function(token) {
var user = {
user_id: req.user.id,
access_token: token
}
return res.json(user);
}).catch(function(e) {
return next(e);
});
};
As mentioned in the documentation : 如文档中所述 :
By default, if authentication fails , Passport will respond with a 401 Unauthorized status, and any additional route handlers will not be invoked . 默认情况下,如果身份验证失败 ,Passport将以401未经授权状态响应,并且不会 调用 任何其他路由处理程序 。 If authentication succeeds, the next handler will be invoked and the req.user property will be set to the authenticated user. 如果身份验证成功,则将调用下一个处理程序,并将req.user属性设置为已身份验证的用户。
Is there a way to bypass this behavior and invoke the route handler even if the authentication fails ? 即使身份验证失败,有没有办法绕过此行为并调用路由处理程序?
You're looking for Passport's " Custom callback " feature. 您正在寻找Passport的“ 自定义回调 ”功能。
Basically, you need to give the authenticate method a third argument to override the default behavior. 基本上,您需要为authenticate方法提供第三个参数,以覆盖默认行为。 This implies that the application becomes responsible for logging in the user, which is simply a matter of calling the req.login()
method. 这意味着应用程序将负责登录用户,这只需调用req.login()
方法即可。
authenticate.basic = function (req, res, next) {
passport.authenticate('basic', {
session: false
}, function(err, user, info) {
if (err) {
// Authentication failed, you can look at the "info" object
return next(err);
}
if (!user) {
// The user is not logged in (no token or cookie)
return res.redirect('/login');
}
req.login(user, function(err) {
if (err) {
// Something wrong happened while logging in, look at the err object
return next(err);
}
// Everything's good!
return res.redirect('/users/' + user.username);
});
})(req, res, next);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.