How to know if user is logged in with passport.js?

Question

I've been reading passport.js info and samples for two days, but I'm not sure after that I did all the process of authenticating.

How do I know if I'm logged in, for example, I'll have a navigation bar with a login or logout button, is there some variable like code below?

if (login)
   <button>logout</button>
else 
   <button>login</button>

Answer 1

If user is logged in, passport.js will create user object in req for every request in express.js , which you can check for existence in any middleware:

if (req.user) {
    // logged in
} else {
    // not logged in
}

You can create simple express.js middleware for that, that will check if user is logged in, and if not - will redirect to /login page:

function loggedIn(req, res, next) {
    if (req.user) {
        next();
    } else {
        res.redirect('/login');
    }
}

And use it:

app.get('/orders', loggedIn, function(req, res, next) {
    // req.user - will exist
    // load user orders and render them
});

Answer 2

If you would like to use it in your templates as your code sample seems to indicate you can create some middleware such as this:

app.use(function (req, res, next) {
  res.locals.login = req.isAuthenticated();
  next();
});

Place that code somewhere after you have setup passport.

And then use it in your template (swig example)

{% if login %}
<button>logout</button>
{% else %} 
<button>login</button>
{% endif %}

Answer 3

It is not explicitly documented but there is a isAuthenticated() method which is inserted into req by passport .
Can be used as follows,

req.isAuthenticated() // returns true if auth, false if not

---

// auth.js
module.exports = {
  ensureAuthenticated: (req, res, next) => {
    if (req.isAuthenticated()) {
      return next()
    }
    res.redirect('/login') // if not auth
  },

  forwardAuthenticated: (req, res, next) => {
    if (!req.isAuthenticated()) {
      return next()
    }
    res.redirect('/dashboard');  // if auth    
  }
}

---

// app.js
app.get('/dashboard', ensureAuthenticated, (req, res) => res.render('dashboard'))
app.get('/login', forwardAuthenticated, (req, res) => res.render('login'))
app.get('/register', forwardAuthenticated, (req, res) => res.render('register'))

Answer 4

I was searching such solution and came across this page. Question is how to check login status on client side.

After logging I hide the Login button and show the logout button. On page refresh I again see the login button instead of logout button. The only solution is to save an item in sessionStorage if you are using session (and localStorage if you are using JWT). Delete this item when you logout. Then in every page load check this sessionStorage item and do accordingly.

if (sessionStorage.getItem('status')) {
    $("#btnlogout").show();
    $("#btnlogin").hide();
// or what ever you want to do
} else {
    $("#btnlogout").hide();
    $("#btnlogin").show();
}



function Login() {
            var data = {
                username: $("#myModal #usr").val(),
                password: $("#myModal #pw").val()

            };
            $.ajax({
                type: 'POST',
                url: '/login',
                contentType: 'application/JSON; charset=utf-8',
                data: JSON.stringify(data),
                success: funcSuccess,
                error: funcFail
            });
            function funcSuccess(res) {
                sessionStorage.setItem('status', 'loggedIn');

                $("#btnlogout").show();
                $("#btnlogin").hide();
            }
            function funcFail() { $("#pp").text('Login Failed'); };
        };

function Logout() {
    $.ajax({
        type: 'GET',
        url: '/logout',
        contentType: 'application/JSON; charset=utf-8',
        success: funcSuccess,
        error: funcFail,
    });
    function funcSuccess(res) {
        $("#btnlogout").hide();
        $("#btnlogin").show();
        sessionStorage.removeItem("status");
    };
    function funcFail() { alert('Login method Failed'); };
}; 

Answer 5

use below code inside app.get() or router.get()

router.get('/edit/:id', (req, res)=>{
  if(req.isAuthenticated()){
     if(req.isAuthenticated()){
      //

      }
  else{
   res.redirect('/users/login');//your particular login routes
     }
});

Answer 6

Good question, I had some issues while trying to implement something like this, when there is a un-authenticated request the handlebars skips the if block if the res.locals variable returns a falsy value. To solve this issue you need to setup a middleware in your app.js file to make the req.user available globally in your app Like so..

app.use(function (req, res, next) {
res.locals.login = req.user;
next();

});

In your header file you can do this check for authenticated user and display according content like so..

                {{#if login }}
                    <li><a href="#">User Account</a></li>
                    <li role="separator" class="divider"></li>
                    <li><a href="#">Logout</a></li>
                {{/if}}
                {{#unless login}}
                    <li><a href="#">Sign up</a></li>
                    <li><a href="#">Sign in</a></li>
                {{/unless}}