[英]Passport.js's req.isAuthenticated() always return false
[英]Passport Authentication req.isAuthenticated is always false
我的身份驗證系統無法正常工作。
首先,我想向您展示我的node.js文件
//Initialize Express Web Server
var express = require('express');
var app = express();
var http = require("http").Server(app);
var lusca = require('lusca');
var io = require("socket.io")(http);
//require needs
var api = express.Router();
var ejs = require('ejs');
var expressValidator = require("express-validator");
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var LocalStrategy = require('passport-local').Strategy;
var session = require('express-session');
var passport = require('passport');
var morgan = require('morgan');
var mongo = require('mongodb');
var MongoStore = require('connect-mongo')(session);
//Connect to MongoDB
var mongoose = require('mongoose');
var configDB = require('./config/database.js');
mongoose.connect(configDB.url);
//Resolving paths with nodejs
var path = require('path');
app.use(express.static(path.join(__dirname+"/MP/")));
//cookie parser middleware
app.use(cookieParser());
//Body Parser Middleware
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended:false}));
//Init Sessions
app.use(session({
secret:'SOME_HIDDEN_TEXT',
cookie:{httpOnly:true/*, secure: true*/},
saveUninitialized: false,
resave: false,
store: new MongoStore({mongooseConnection: mongoose.connection, autoReconnect: true})
}));
//Init Passport
app.use(passport.initialize());
app.use(passport.session());
app.use(expressValidator({
errorFormatter: function(param, msg, value) {
var namespace = param.split('.')
, root = namespace.shift()
, formParam = root;
while(namespace.length) {
formParam += '[' + namespace.shift() + ']';
}
return {
param : formParam,
msg : msg,
value : value
};
}
}));
//Security
app.use(morgan('dev'));
//app.use(lusca.csrf());
/*app.use(lusca.csp(
{"policy":{
"default-src":"'self'",
"script-src":"'self' 'https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/*'",
"img-src":"'self' 'http://placehold.it/*'",
"connect-src":"'self'",
"font-src":"*",
"style-src":"'self' 'unsafe-inline' *"
}}
));*/
app.use(lusca.hsts({maxAge:31536000}));
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.p3p('ABCDEF'));
app.use(lusca.xssProtection(true));
app.use(lusca.nosniff());
//Init API
var User = require(path.join(__dirname+"/model/user"));
require("./MP/routes/api")(api);
app.use("/api", api);
/*app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', "http://localhost:3000");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
if ('OPTIONS' == req.method) {
res.send(200);
} else {
next();
}
});*/
//Setting up listening port
var port = 3000;
io.on("connection", function(socket){
console.log("user connected");
});
app.set('view engine', 'ejs');
app.set("views", path.resolve(__dirname,"MP","view"));
//Render View for Angular
app.get('/', function(req,res){
res.render("index.ejs");
console.log(req.headers.origin);
});
http.listen(port,function(){
console.log('SERVER LISTENING ON PORT: '+port);
});
接下來我的角度應用程序
"use strict";
var app = angular.module("app", ["ngRoute","ui.router", "ngSanitize","ngResource"]);
app.config(["$stateProvider" , "$urlRouterProvider", "$locationProvider" , function ($stateProvider , $urlRouterProvider, $locationProvider, loginService) {
$stateProvider
.state("login", {
url: "/",
templateUrl: "partials/index.html",
controller: "indexCtrl"
})
.state("register", {
url:"/register",
templateUrl: "partials/register.html",
controller: "indexCtrl"
})
.state("home", {
url: "/en/",
abstract: true,
templateUrl: "partials/home.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.news", {
url: "",
templateUrl: "partials/news.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.gamer", {
url: "gamer/",
templateUrl: "partials/gamer.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.search", {
url: "search/",
templateUrl: "partials/search.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.games",{
url: "games/",
templateUrl: "partials/games.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.verify", {
url: "verify/",
templateUrl: "partials/verify.html",
resolve: {
loggedIn: checkLogin
}
});
$urlRouterProvider.otherwise("/");
$locationProvider.html5Mode({
enabled: true,
requireBase: false
});
}]);
function checkLogin(loginService){
return loginService.loggedIn();
}
這是我的loginService
"use strict";
app.factory("loginService",["Api", "$location", "$state", "$q", "$rootScope", function (Api,$location,$state,$q,$rootScope) {
return {
login: function (user,scope) {
Api.login.post(user, function(regRes){
console.log(regRes.data);
if(regRes.data.error){
scope.error = { error : regRes.data.error};
}else if(regRes.data.success === 1){
$state.go("home.news");
}
});
},
loggedIn: function(){
var deferred = $q.defer();
Api.login.get(function(user){
if(user.data != "0"){
$rootScope.currentUser = user;
deferred.resolve();
}else{
$rootScope.currentUser = null;
deferred.reject();
$state.go("login");
}
});
return deferred.promise;
}
}
}]);
最后但並非最不重要的是我的API
'use strict';
var User = require("../../model/user");
var passport = require("passport");
var LocalStrategy = require("passport-local").Strategy;
passport.use(new LocalStrategy({usernameField: "e", passwordField: "p"},function(email, password, done){
var user = new User();
user.findEmail(escape(email),function(err, user){
if(err){
throw err;
}
if(!user){
return done(null,false, {error: "Email or Password is wrong. Please try again."});
}
user.comparePw(escape(password),user.password,function(err, isMatched){
if(!isMatched){
return done(null,false, {error: "Email or Password is wrong. Please try again."});
}else{
return done(null,user);
}
});
});
}));
passport.serializeUser(function(user,done){
done(null, user.id);
});
passport.deserializeUser(function(user,done){
var user = new User();
user.findUserById(user, function(err, user){
done(err,user);
});
});
module.exports = function(router){
router.get("/user", function(req, res){
var user = new User();
user.getGamer(function(err,response){
if(err){
throw err;
}else{
res.json(response);
}
});
});
router.post("/user/login", function(req, res, next) {
passport.authenticate('local', {session: true},function(err, user, info) {
console.log(user + " " + info + " " + err);
if (err) { return next(err); }
if (!user) { return res.json({error: "Email or Password is wrong. Please try again."}); }
if(user.confirm == 0){ return res.json({error: "Please confirm your email address and try again."})}
console.log(req.user);
req.logIn(user, function(err) {
console.log(req.session.id);
console.log(req.user); //req.user is defined
console.log(req.isAuthenticated()); //req.isAuthenticated() is true
if (err) { return next(err); }
res.json({success: 1});
});
})(req, res, next);
});
router.get("/user/login", function(req, res, next) {
console.log(req.isAuthenticated()); //returns false
res.send(req.isAuthenticated() ? req.user: "0"); //send object with data:"0";
});
};
更新:這是我的API服務
app.factory("Api", ["$resource", function($resource){
return {
gamer: $resource("/api/user/:id", {_id: "@id"},{
"get": {
method: "GET",
interceptor: {
response: function(response) {
return response;
}
}
},
"post":{
method: "POST",
interceptor:{
response: function(response){
return response;
}
}
}
}),
login: $resource("/api/user/login", {},{
"post":{
method: "POST",
interceptor:{
response: function(response){
return response;
}
}
},
"get":{
method: "GET",
interceptor:{
response: function(response){
return response;
}
}
}
})
}
}]);
我每次調用loginIn函數時,都會得到一個對象的響應,該對象的數據為“ 0”。 我不知道為什么通過護照成功登錄后req.isAuthenticated()始終為假。 正確設置了名為connect.sid的會話cookie,並獲得與存儲在mongoose數據庫中的會話cookie相同的值。 如果我在登錄后立即進行console.log isAuthenticated認證,則得到的響應為true,否則始終為false。 我也嘗試允許CORS,但沒有成功。 我在Google上搜索了一整天,以找到解決方案。 有人可以幫我嗎?
問候Chzn
嘗試在您的請求中放入withCredentials
參數。
...
login: $resource("/api/user/login", {},{
"post":{
method: "POST",
withCredentials: true,
interceptor:{
response: function(response){
return response;
}
}
},
"get":{
method: "GET",
withCredentials: true,
interceptor:{
response: function(response){
return response;
}
}
}
})
...
看到: 這里
讓我知道它是否有效!
好吧,我自己發現了。 我最大的錯誤是我忘記為cookie解析器設置相同的秘密密鑰,如下所示。
app.use(cookieParser("SAME_SECRET")); //i let this blank
app.use(session({
secret:'SAME_SECRET',
cookie:{httpOnly:true/*, secure: true*/},
saveUninitialized: true,
resave: true,
store: new MongoStore({mongooseConnection: mongoose.connection, autoReconnect: true})
}));
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.