Basic auth with passport and express
Question
I must have missed something, but according to all the tutorials I've found, this is how you do basic auth with a node application using express and passport + passport-local . I know it's not according to best practice, I'm just trying to get a POC going:
'use strict'
var express = require('express');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy
var app = express();
var users = { 'user': 'secretpass'};
passport.use(new LocalStrategy(
function(username, password, done) {
console.log('Username:', username, 'password:', password);
if (!users[username] || users[username] != password) {
console.log('Username:', username, 'password:', password);
return done (null, false);
}
return done(null, {username: username});
}
));
app.use(passport.initialize());
app.get('/', function (req, res) {
res.send ('GET request to root');
});
app.post('/', function (req, res) {
res.send ('POST request to root');
});
app.get('/unauthorized', function (req, res) {
res.status(200).send('GET Forbidden');
});
app.post('/unauthorized', function (req, res) {
res.status(200).send('Post Forbidden');
});
app.post('/webhook',
passport.authenticate('local', { successRedirect: '/', failureRedirect: '/unauthorized'}),
function (req, res) {
res.send ('authenticated!');
}
);
var server = app.listen(8081, function() {
console.log('Server listening at', server.address().address, 'on port', server.address().port);
});
What's weird is, I'm not even getting those console.log() statements in the LocalStrategy constructor to show me anything, so I'm guessing I really just missed something. I tried sending POST requests using both DHC and Postman,
- setting basic auth fields to username and password,
- using the format username:password@url method,
- sending username and password as form data
2 answers
solution1
3 ACCPTED 2015-12-20 11:52:48
For Basic Authentication, you need passport-http , not passport-local (which is meant for authentication through form data).
Try this:
var BasicStrategy = require('passport-http').BasicStrategy;
...
passport.use(new BasicStrategy(...));
...
app.post('/webhook',
passport.authenticate('basic', {
session : false,
successRedirect : '/',
failureRedirect : '/unauthorized'
}), function (req, res) {
// FWIW, this isn't useful because it's never reached, because Passport
// will always issue a redirect (either to / or to /unauthorized)
res.send ('authenticated!');
}
);
solution2
0 2019-08-10 18:04:40
Use passport-http module for basic auth
var express = require('express');
var passport = require('passport');
var app = express();
var BasicStrategy = require('passport-http').BasicStrategy;
passport.use(new BasicStrategy(
function (username, password, done) {
//perform auth here for user.
//use done(null,false) if auth fails
done(null, {
user: "xyz"
});
}
));
app.get('/app', passport.authenticate('basic', {
session: false
}), (req, res) => {
console.log("Hello");
res.send('ok');
});
app.listen(4000, (err, res) => {
console.log(err, res);
console.log('server is launched');
})
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.