var express = require('express');
var passport = require('passport');
var router = express.Router();
var User = require('../models/authentication');
var todo_controller = require('../controllers/todoController');
var auth_controller = require('../controllers/authController');
var BasicStrategy = require('passport-http').BasicStrategy;
passport.use(new BasicStrategy(
function (username, password, done) {
User.findOne({ clientId: username }, function (err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false);
}
if (user.clientSecret != password) {
return done(null, false);
}
return done(null, user);
});
}
));
router.post('/api/me',
passport.authenticate('basic', { session: false }),
function (req, res) {
res.json(req.user);
});
module.exports = router;
I am using express js , mongoose, and passports.
this is the router.js file. The authentication not works, it returns "unauthorized" always. is this the correct way to use passport..i didn't find an easy reference to use passport.
Related
I have seen the other posts with the exact same title however none of those have fixed my problem. When a user logs in, it briefly grabs the user object, then drops it on the next render. I am doing this all in the backend at the moment, so the problem lies there. I have made sure I have the correct order of the imports as well. Here is the relevant code.
const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const cors = require('cors');
const mongoose = require('mongoose');
const passport = require("passport");
var passportGithub = require('./auth/github')
const KBRoutes = express.Router();
const PORT = 4000;
let KB = require('./models/kb')
let Tags = require('./models/tags')
let User = require('./models/user')
const session = require('express-session')
mongoose.connect(process.env.MONGODB_URI || 'mongodb://127.0.0.1:27017/kb', { useNewUrlParser: true });
const connection = mongoose.connection;
app.use(cors());
app.use(bodyParser.json());
app.use(
session({
secret: process.env.APP_SECRET || 'this is the default passphrase',
})
)
app.use(passport.initialize())
app.use(passport.session())
KBRoutes.get('/auth/github', passport.authenticate("github"));
KBRoutes.get(
"/auth/github/callback",
passport.authenticate("github", {
failureRedirect: "/auth/login/failed"
}),
function (req, res) {
var token = req.user.id;
res.redirect("http://localhost:3111?token=" + token);
},
);
app.use(function (req, res, next) {
console.log('===== passport user =======')
console.log(req.session)
console.log(req.user)
console.log('===== END =======')
next()
})
init.js
var passport = require('passport');
var User = require('../models/user');
module.exports = function () {
passport.serializeUser(function (user, done) {
done(null, user.id);
});
passport.deserializeUser(function (id, done) {
User.findById(id, function (err, user) {
done(err, user);
});
});
};
Strategy
var passport = require('passport');
var GitHubStrategy = require('passport-github2').Strategy;
var User = require('../models/user');
var config = require('../_config');
var init = require('./init');
passport.use(new GitHubStrategy({
clientID: config.github.clientID,
clientSecret: config.github.clientSecret,
callbackURL: config.github.callbackURL
},
function (accessToken, refreshToken, profile, done) {
var searchQuery = {
name: profile.username
};
var updates = {
name: profile.username,
someID: profile.id
};
var options = {
upsert: true
};
// update the user if s/he exists or add a new user
User.findOneAndUpdate(searchQuery, updates, options, function (err, user) {
if (err) {
return done(err);
} else {
console.log(user)
return done(null, user);
}
});
}
));
// serialize user into the session
init();
module.exports = passport;
EDIT: The session is losing the data and req.user becomes undefined after the serialization. Everything prior to that works.
I think it's because there are multiple instances of passport that may have made the app go haywire. I would do delete the init.js file and integrate it in the Strategy file, as such:
var passport = require('passport');
var GitHubStrategy = require('passport-github2').Strategy;
var User = require('../models/user');
var config = require('../_config');
passport.serializeUser(function (user, done) {
done(null, user.id);
});
passport.deserializeUser(function (id, done) {
User.findById(id, function (err, user) {
done(err, user);
});
});
passport.use(new GitHubStrategy({
clientID: config.github.clientID,
clientSecret: config.github.clientSecret,
callbackURL: config.github.callbackURL
},
function (accessToken, refreshToken, profile, done) {
var searchQuery = {
name: profile.username
};
var updates = {
name: profile.username,
someID: profile.id
};
var options = {
upsert: true
};
// update the user if s/he exists or add a new user
User.findOneAndUpdate(searchQuery, updates, options, function (err, user) {
if (err) {
return done(err);
} else {
console.log(user)
return done(null, user);
}
});
}
));
module.exports = passport;
I would like to apologize in advance.
I'm not good at English. Also I'm not good at Node. Some "words" may be unsuited or wrong. I can not find any solutions in my language sphere. I'm writing this questions with GoogleTranslation's help.
MY EQUIPMENT
Ubuntu 16.04 local and virtualized on OSX
Node.js 8.11.4
Express 4.16.0
Passport 0.4.0
If you need more informations, I will answer.
MAIN QUESTION
I'm coding web application with two auth system. I want to auth these two auth work together at the same time.
My image is below.
Admin auth browser once. Then different users log-in and log-out. Without Admin, users can access limited page.
My code withdrown below.
var express = require("express");
var app = express();
var fs = require("fs");
var https = require("https");
var body_parser = require("body-parser");
var crypto = require("crypto");
app.use(body_parser.urlencoded({ extended: true }));
var admin_passport = require("passport");
var admin_passport_local = require("passport-local");
var admin_express_session = require("express-session");
app.use(admin_express_session({secret: 'admin_secret',resave: false,saveUninitialized: true, cookie: { secure: true }}));
app.use(admin_passport.initialize());
app.use(admin_passport.session());
var admin_LocalStrategy = admin_passport_local.Strategy;
admin_passport.use(new LocalStrategy({passReqToCallback: true,},
(req, username, password, done) => {
//not coding yes but not probrem
if(false){
return done("ERROR");
}else if(false){
return done(null, false);
}else if(true){
return done(null, username);
}
}
));
admin_passport.serializeUser(function(user, done) {
done(null, user);
});
admin_passport.deserializeUser(function(user, done) {
done(null, user);
});
function admin_isAuthenticated(req, res, next){
//here is probrem
if (req.isAuthenticated()) {
return next();
}
else {
res.redirect('/admin_login');
}
}
app.use((req,res,next)=>{
//here is probrem
app.locals.isAuthenticated = req.isAuthenticated();
next();
});
var user_passport = require("passport");
var user_passport_local = require("passport-local");
var user_express_session = require("express-session");
app.use(user_express_session({secret: 'user_ecret', resave: false,saveUninitialized: true, cokkie:{secure: true}}));
app.use(user_passport.initialize());
app.use(user_passport.session());
var user_LocalStrategy = user_passport_local.Strategy;
user_passport.use(new user_LocalStrategy({passReqToCallback: true,},
(req, username, password, done) => {
if(false){
return done("ERROR");
}else if(false){
return done(null, false);
}else if(true){
return done(null, username);
}
}
));
user_passport.serializeUser(function(user, done) {
done(null, user);
});
user_passport.deserializeUser(function(user, done) {
done(null, user);
});
function user_isAuthenticated(req, res, next){
if (req.isAuthenticated()) {
return next();
}
else {
res.redirect('/user_login');
}
}
app.use((req,res,next)=>{
app.locals.isAuthenticated = req.isAuthenticated();
next();
});
var ssl_options = {
key: fs.readFileSync('./cert/key.pem'),
cert: fs.readFileSync('./cert/cert.pem'),
};
var server = https.createServer(ssl_options, app);
app.get('/', (req, res) => {res.render('index', {});});
app.use('/admin_login', require('./admin_login'));
app.use('/admin_logout', (req, res) => {req.logout();res.redirect('./');})
app.use('/user_top', admin_isAuthenticated, require('./user_top'));
app.use('/user_login', admin_isAuthenticated,require('./user_login'));
app.use('/user_logout', (req, res) => {req.logout();res.redirect('./');})
server.listen(443);
and
var express = require('express');
var router = express.Router();
var passport = require('passport');
router.use((req, res, next) => {
next();
});
router.get('/', (req, res) => {
res.render('login',{});
});
router.post('/', passport.authenticate('local',{successRedirect: '/',failureRedirect: '/login',failureFlash: true,}),(req, res) =>{
});
module.exports = router;
I want to know how fix or change. If there are other way to solve this problem, welcome.
I would like to ask for cooperation.
Passport works only one login system?
req.login(), req.logout() req.Authenticated(), Passport-session ....
Many functions don't identify difference between two login system.
I have a tremendous headche with a problem when I try to login using Passport.
I'm making a post request to /login with an email and password. Passport authenticates it correctly, err isn't called and then return res.redirect('/user') gets called too but it returns 404 and doesn't redirect.
I don't know why this is happening. Here's my code:
Server (index.js):
const
express = require('express'),
app = express(),
mongoose = require('mongoose'),
passport = require('passport'),
cookieSession = require('cookie-session'),
bodyParser = require('body-parser'),
keys = require('./config/keys'),
user = require('./models/User'),
passportService = require('./services/passport'),
authRoutes = require('./routes/auth');
mongoose.connect(keys.mongoURI);
app.use(bodyParser.json());
app.use(
cookieSession({
maxAge: 15 * 24 * 60 * 60 * 1000,
keys: [keys.cookieKey]
})
);
app.use(passport.initialize());
app.use(passport.session());
passportService(passport);
authRoutes(app);
const PORT = process.env.PORT || 5000;
app.listen(PORT, () => {
console.log(`App listening on port ${PORT}`);
});
passportService (passport.js):
const LocalStrategy = require('passport-local').Strategy;
const mongoose = require('mongoose');
const User = mongoose.model('users');
module.exports = (passport) => {
passport.serializeUser((user, done) => {
done(null, user._id);
});
passport.deserializeUser((id, done) => {
User.findById(id).then(user => {
done(null, user);
});
});
passport.use(
new LocalStrategy(
{
usernameField: 'emailaddr',
passwordField: 'passwd'
},
function(username, password, done) {
User.findOne({ email: username }, function(err, user) {
if(err){
return done(err);
}
if(!user) {
console.log('User not found with email: ', username);
return done(null, false);
}
if(user.password != password) {
console.log('Invalid password');
return done(null, false)
}
return done(null, user);
});
}));
}
Authentication route:
const passport = require('passport');
module.exports = app => {
app.post('/api/login', function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/user');
});
})(req, res, next);
});
}
There is not route for /user because I'm working with React and React Router in the client.
Please I need your help!!!
I would suggest not using the custom callback on your authenticate function. Instead, check to see if after the api is called and authentication is run if you have a user attached to the request object.
// calling redirects from your api will be problematic with react router
// allow your front end to decide what route to call based on the response
app.post('/api/login', passport.authenticate('local'), function(req, res, next) {
if(req.user) {
res.json(req.user);
} else {
// handle errors here, decide what you want to send back to your front end
// so that it knows the user wasn't found
res.statusCode = 503;
res.send({message: 'Not Found'})
}
});
I am trying to create passport-local sign-up functionality, but whenever I try to hit auth/signup API, I always redirect to failure path i.e. failureRedirect: '/auth/failure'.
The code seems fine to me.
app.js:
var passport = require('passport');
var api = require('./routes/api');
var authenticate = require('./routes/authenticate')(passport);
require('./models/models');
var mongoose = require('mongoose');
mongoose.connect("mongodb://localhost:27017/test-chirp");
var app = express();
app.use('/auth', authenticate);
//// Initialize Passport
var initPassport = require('./passport-init');
initPassport(passport);
authenticate.js:
var express = require('express');
var router = express.Router();
module.exports = function(passport){
//sends successful login state back to angular
router.get('/success', function(req, res){
res.send({state: 'success', user: req.user ? req.user : null});
});
//sends failure login state back to angular
router.get('/failure', function(req, res){
res.send({state: 'failure', user: null, message: "Invalid username or password"});
});
//sign up
router.post('/signup', passport.authenticate('signup', {
successRedirect: '/auth/success',
failureRedirect: '/auth/failure'
}));
return router;
}
passport-init.js:
var mongoose = require('mongoose');
var User = mongoose.model('User');
var LocalStrategy = require('passport-local').Strategy;
var bCrypt = require('bcrypt-nodejs');
module.exports = function (passport) {
passport.serializeUser(function (user, done) {
//return the unique id for the user
return done(null, user._id);
});
passport.deserializeUser(function (username, done) {
User.findById(id, function (err, user) {
if (err) { return done(err, false); }
if (!user) { return done('user not found', false); }
return done(user, true);
})
});
passport.use('signup', new LocalStrategy({
passReqToCallback: true
},
function (req, username, password, done) {
// find a user in mongo with provided username
User.findOne({ 'username': username }, function (err, user) {
if (err) {return done(err);}
// already exists
if (user) {return done(null, false);}
else {
// if there is no user, create the user
var newUser = new User();
// set the user's local credentials
newUser.username = username;
newUser.password = createHash(password);
// save the user
newUser.save(function (err) {
if (err) {throw err;}
console.log(newUser.username + ' Registration succesful');
return done(null, newUser);
});
}
});
})
);
var isValidPassword = function (user, password) {
return bCrypt.compareSync(password, user.password);
};
// Generates hash using bCrypt
var createHash = function (password) {
return bCrypt.hashSync(password, bCrypt.genSaltSync(10), null);
};
};
var app = express();
app.use('/auth', authenticate);
//// Initialize Passport
var initPassport = require('./passport-init');
initPassport(passport);
You are routing to the path /auth before initializing passport.
Try to switch :
var app = express();
//// Initialize Passport
var initPassport = require('./passport-init');
initPassport(passport);
app.use('/auth', authenticate);
I have some trouble implementing passport-local on my NodeJS application. I don't understand what I'm doing wrong here. I'll list the important code for this question here.
app.js:
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var bodyParser = require('body-parser');
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(passport.initialize());
app.use(passport.session());
users.js:
var express = require('express');
var router = express.Router();
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var User = require('../models/user.js');
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.getUserById(id, function(err, user) {
done(err, user);
});
});
passport.use(new LocalStrategy(
function(username, password, done) {
console.log('Entered passport'); // This doesn't even happen
User.getUserByUsername(username, function(err, user) {
if (err) throw err;
if (!user) {
console.log('Unknown User');
return done(null, false, {
message: 'Unknown User'
});
}
User.comparePassword(password, user.password, function(err, isMatch) {
if (err) throw err;
if (isMatch) {
return done(null, user);
}
console.log('Invalid Password');
return done(null, false, {
message: 'Invalid Password'
});
});
return done(null, user);
});
}
));
router.post('/login', passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/users/login',
failureFlash: 'Invalid username or password'
}), function(req, res) {
console.log("Authentication Successfull!");
req.flash('success', 'You are logged in');
res.redirect('/');
});
user.js (Model):
module.exports.getUserByUsername = function(username, callback) {
var query = { username: username };
User.findOne(query, callback);
}
module.exports.getUserById = function(id, callback) {
User.findById(id, callback);
}
module.exports.comparePassword = function(candidatePassword, hash, callback) {
bcrypt.compare(candidatePassword, hash, function(err, isMatch) {
if(err) return callback(err);
callback(null, isMatch);
});
}
I'm not getting any syntax errors. In users.js I want to log a message to the console, but it doesn't even get there. The post function on the login gets fired when I just enter a function with a console.log there, but now it seems that it doesn't. It just reloads the page (looks like it). Any help is appreciated.
try to mount session middleware before passport initilized:
var session = require('express-session')
app.use(session({ secret: 'xxxxxxx' }));
app.use(passport.initialize());
app.use(passport.session());