I make this strategy where I try auth by url parameters. It call from java code.
url looks like: http://localhost/mc/download/filename/user@server.com/secretpass
this strategy:
passport.use('mc-login', new LocalStrategy({
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : req.params.uname }, function(err, user) {
// if there are any errors, return the error before anything else
if (err)
return done(err);
// if no user is found, return the message
if (!user)
return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash
// if the user is found but the password is wrong
if (!user.validPassword(req.params.upass))
return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
// all is well, return successful user
return done(null, user);
});
}));
I try call it in this code:
app.get('/mc/download/:fname/:uname/:upass',
function(req, res, next) {
passport.authenticate('mc-login', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/users/' + user.username);
});
})(req, res, next);
}
,function(req, res){
...
but in info variable it return the [stack=undefined,name="BadRequestError",message="Missing credentials"]
and user is empty
How make strategy what allow to auth with req.params
variables
LocalStrategy
requires a username and password to be present in either req.query
or req.body
. If any of those aren't present, the strategy verification handler won't get called (which is why even with passReqToCallback
it doesn't work).
You can trick Passport into thinking they were set by adding an extra middleware that populates the username and password from the URL parameters:
app.get(
'/mc/download/:fname/:uname/:upass',
function(req, res, next) {
// Populate username and password before passing it on to Passport.
req.query.username = req.params.uname;
req.query.password = req.params.upass;
next();
},
function(req, res, next) {
passport.authenticate('mc-login', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/users/' + user.username);
});
})(req, res, next);
}
);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.