stackoom
  简体   繁体   中英

Invoke route handlers on both, Successful Authentication and failure, for passportjs + Node.js + Express.js Rest API

 原文  2015-12-17 10:32:27       javascript/ node.js/ rest/ authentication/ passport.js

Question

Please take a look at this basic login/token process using passport basic strategy for a Rest API:

the route: 

router.get('/token', authenticate.basic, controller.token);

authenticate basic strategy: 

authenticate.basic = passport.authenticate('basic', {session: false});

/* implementation of the Basic Strategy*/
passport.use('basic', new BasicStrategy(function(username, password, done) {
    authenticationService.login(username, password).then(function(user) {
        if (!user) { 
              return done(null, false, { message: 'Login failed' }); 
        }
        return done(null, user);    
    }).catch(function(e) {
        return done(e)
    });
}));

token controller (route handler): 

controller.token = function(req, res, next) {
    if (!req.user) {
        // TODO fix this dead branch 
        return res.json(401, {error: "Login failed"});
    }

    authService.issueToken(req.user).then(function(token) {

        var user = {
            user_id: req.user.id,
            access_token: token
        }           

        return res.json(user);

    }).catch(function(e) { 
        return next(e);
    });
};

As mentioned in the documentation :

By default, if authentication fails , Passport will respond with a 401 Unauthorized status, and any additional route handlers will not be invoked . If authentication succeeds, the next handler will be invoked and the req.user property will be set to the authenticated user.

Is there a way to bypass this behavior and invoke the route handler even if the authentication fails ?

1 answers

solution1
 0  2015-12-17 21:20:28

You're looking for Passport's " Custom callback " feature.

Basically, you need to give the authenticate method a third argument to override the default behavior. This implies that the application becomes responsible for logging in the user, which is simply a matter of calling the req.login() method. 

authenticate.basic = function (req, res, next) {
  passport.authenticate('basic', {
    session: false
  }, function(err, user, info) {
    if (err) {
      // Authentication failed, you can look at the "info" object
      return next(err);
    }

    if (!user) {
      // The user is not logged in (no token or cookie)
      return res.redirect('/login');
    }

    req.login(user, function(err) {
      if (err) {
        // Something wrong happened while logging in, look at the err object
        return next(err);
      }

      // Everything's good!
      return res.redirect('/users/' + user.username);
    });
  })(req, res, next);
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google Token Authentication with node.js and express.js routing not working in node.js and express.js API SQL Server on Azure connected to REST API Express.js/Node.js [TypeError: req.sql is not a function] Node Express.js set route as a variable Node.js: Using Socket.io in an express.js route to send message to a specific client Node.js Express.js MongoDB: route.post() requires callback functions but got a [object Undefined] URL Redirection handlers in NODE.JS & EXPRESS node.js/express.js hosted on firebase cannot export database and authentication listeners Node.Js Express Authentication Node.JS, Angular.JS, MySql,Express.JS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM