堆栈内存溢出
  简体   繁体   English

password.js身份验证和错误处理

[英]passport.js authentication and error handling

 原文  2017-07-10 15:52:11       node.js/ express/ passport.js

问题描述

I have an API that authenticates a user from a mobile app. 我有一个API,可以通过移动应用验证用户身份。 I'm running in to an issue where if a user logs in to the app with the wrong password or an invalid username then the node app crashes due to an authentication error being thrown, is there a way to have handle authentication errors in passport without crashing the api? 我遇到一个问题,如果用户使用错误的密码或无效的用户名登录应用程序,则节点应用程序会由于抛出身份验证错误而崩溃,是否有办法在没有护照的情况下处理护照中的身份验证错误使API崩溃? 

var mysql = require('mysql');
var bcrypt = require('bcrypt-nodejs');
var dbconfig = require('./database');
var connection = mysql.createConnection(dbconfig.connection);

connection.query('USE ' + dbconfig.database);
module.exports = function(passport) {


    passport.serializeUser(function(user, done) {
        done(null, user.id);
    });

    // used to deserialize the user
    passport.deserializeUser(function(id, done) {
        connection.query("SELECT * FROM saf_users WHERE id = ? ",[id], function(err, rows){
            done(err, rows[0]);
        });
    });

    passport.use(
        'local-login',
        new LocalStrategy({
            // by default, local strategy uses username and password, we will override with email
            usernameField : 'username',
            passwordField : 'password',
            passReqToCallback : true // allows us to pass back the entire request to the callback
        },
        function(req, username, password, done) { // callback with email and password from our form
            connection.query("SELECT * FROM saf_users WHERE username = ?",[username], function(err, rows){
let bcryptedPwd = rows[0].password;
  let newPwd = bcryptedPwd.replace(bcryptedPwd.charAt(2), "a");
                if (err)
                    return done(err);
                if (!rows.length) {
                    //return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash
                return res.status(401).json({ message: 'Unauthorized user!' });

        }       


                if (!bcrypt.compareSync(password, newPwd))
                    //return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
                return res.status(401).json({ message: 'Unauthorized user!' });

                // all is well, return successful user
                return done(null, rows[0]);
            });
        })
    );
};

1 个解决方案

解决方案1
 0  2018-02-01 23:19:36

return res.status(401).json({ message: 'Unauthorized user!' });

you should rather do the following 您应该执行以下操作 

return done({message: 'Unauthorized user!'});

basically the first argument in your done() callback takes the error. 基本上, done()回调中的第一个参数会产生错误。 So you can return message to your user and not break your app. 因此,您可以向用户返回消息,而不会破坏您的应用程序。 as @robertklep said, res isn't defined. 正如@robertklep所说,res未定义。 But this is the best way to handle errors. 但这是处理错误的最佳方法。 You can check out this Example Here 您可以在此处查看此示例

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用password.js进行Twitter身份验证 - Twitter authentication with passport.js Passport.js身份验证失败 - Passport.js authentication Failure Passport.js可选身份验证 - Passport.js optional authentication Passport.js本地登录,带有正文验证和错误处理 - Passport.js local login with body validation and error handling 在视图中显示passport.js身份验证错误消息 - Display passport.js authentication error message in view Passport.js登录错误 - Passport.js Signin error 使用node.js进行Passport.js身份验证 - Passport.js authentication with node.js Passport.js成功认证完全不调用 - Passport.js successful authentication not calling at all 使用passport.js的微服务认证架构 - Microservices authentication architecture with passport.js password.js Facebook身份验证接下来无法正常工作 - passport.js facebook authentication next not working
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM