I do not know how to make use of the oficial JavaScript SDK on a NodeJS project.
I've installed pug and pasted the SDK in this index page in order to show a Log In Button, but my issue is how to use these tools, like for instance to check if a user is logged in, but in the back-end side, for example:
const fb = require('../util/fb')
function index(req, res) {
res.render('index', { title: 'Log-in', h1: 'Log-in on Facebook'})
}
This is home.js file which has methods that are executed depending on the current route:
...
const home = require('./routes/home')
app.set('views', './views')
app.set('view engine', 'pug')
app.get('/', home.index)
...
I want, in the index(), check if the user is logged in to redirect the user to another page, and eventually, check if the user is logged in in this other page, to redirect back to index in case not. How do I do this with Facebook's official JavaScript SDK? I have tried two modules but I found nothing about checking the user's status.
You can use Passport authentication mechanism , it supports multiple authentication techniques like for Google, Facebook ,twitter and many more .
Passport Facebook
Related
I have used Msal.js for login to microsoft account inorder to call microsoft graph api.
On local everything is working fine but after deployment on production, login is happening but again a login popup is opening up , and my web application is not redirected to home page.
My redirect uri is : "http://localhost:8080/"
I am using node.js to create the localhost server.
My config.js file is -
const msalConfig = {
auth: {
clientId: 'cbd4ec69-c747-4592-ae78-7d8d680d0428',
redirectUri: 'http://localhost:8080/'
}
};
const msalRequest = {
scopes: [
'user.read',
'Files.Read',
'Files.Read.All',
'Files.ReadWrite',
'Files.ReadWrite.All'
]
}
I need to deploy my application on prod, i have made the whole application and now only this thing is not working.
One of the workaround we can follow to resolve the above issue,
Make sure that the port you are using its been updated in server.js with your preferred port number in redirect uri.
We can follow the below given MS DOC and use the sample code.
The sample code will work like, When a user initially clicks the Sign In button, the signIn method invokes the loginPopup function to sign the user in. The loginPopup method prompts and validates the user's credentials by opening a pop-up window with the Microsoft identity platform endpoint. Msal.js starts the authorization code flow after a successful sign-in.
For complete setup please refer this MICROSOFT DOCUMENTATION|Sign in users and call the Microsoft Graph API from a JavaScript .
Keystonejs has some kind of bug on the Admin UI login page:
While trying to access Keystone Admin UI, with User that Permissions isAdmin = false
In case login/pass is correct Keystonejs screen says: "You're already signed in."
There should be response something like: "You don't have permissions"
It's no too informative so I suggest to change it to something like "You don't have permissions".
So question: is it possible to change text of that message?
The issue is that you have logged in using valid credentials but have not granted that user access to the Admin UI. There is (as at Keystone 4.0.0) no default path for users without the canAccessKeystone permission. I believe the general assumption was that non-admin users should not be logging into Keystone admin, but authenticated sessions are still useful for API endpoints.
So question: is it possible to change text of that message?
I'm not aware of a straightforward way to only change this message, but if you're keen you could always modify the Keystone 4.0 source for your own requirements and submit a pull request to have this considered for merging into the project. I've created issue #4786 in Keystone's GitHub issue tracker to improve the messaging for users who successfully login but do not have access to the admin UI.
In the interim, one possible workaround would be to use the keystone signin redirect configuration to set a preferred entry point that can either handle all user types or redirect appropriately.
For example, you could add the following to your keystone.js config:
keystone.set('signin redirect', '/gohome')
The /gohome route could render a page or do a simple redirection based on user properties:
app.get('/gohome', function(req, res) {
var url = (req.user && req.user.canAccessKeystone) ? '/keystone' : '/user';
res.redirect(url);
});
I want to check if a user is authenticated from the backend BEFORE anything else has loaded in my angular app, so that no source code has loaded. The initial request to be sent to the back end will be to see whether the user is authenticated. If so, the app will be loaded.
Alternatively, I would like to know how I could have my backend check authentication when the page is requested, and send different content depending on whether the user is logged in or not.
How can I best accomplish this?
app.use(function(req, res, next) {
console.log(req);
next();
});
app.all('*', function(req, res, next) {
console.log(req);
res.send('hey');
})
Why don't these work in my node app?
If you're using a render engine like jade. In your jade template that loads you can embed angular and embed the ng-view on said jade template.
So you have the server handle auth using a jade template tk render your open/public page and then authenticate. Once they pass your Auth test redirect the page to the jade template which has the angular on it. jade will then render the page, once the page loads angular gets called and your angular app will take over the page.
Just be careful if you use URIs that overlap on your server routes and your angular template URIs as they will trigger any middleware on those routes during the ajax call.
I give a very helpful tutorial about authentication with token; in general the idea is use a interceptor that check if the user was authenticated, in case that the user was not authenticate redirect to default or login page
You need to authenticate your user and check his authorization somehow. For example, if you use session-based authentication (quite similar to the way PHP does sessions), you might have a /login site that renders the user's login page. With a custom expressjs middleware you can then redirect unauthorized users or reply with a 401 Unauthorized/403 Forbidden.
app.use(require('cookie-parser')());
app.use(require('express-session')());
// ...
app.post('/login', function (req, res, next) {
if (credentialsAreOK(req) {
req.session.authorized = true;
res.redirect('/pageAfterLogin');
} else {
res.send(401);
}
};
var checkAuthorization = function (req, res, next) {
if (req.session && req.session.authorized) {
return next();
} else {
res.redirect('/login');
// or return res.send(401);
}
};
app.get('/protectedSite', checkAuthorization);
// or
app.get('/protectedSite', checkAuthorization, protectedSiteHandler);
You could have your backend check authentication when the page is requested, and send different content depending on whether the user is logged in or not.
The other way is to resolve a service in your route config which checks authentication before the route is resolved. https://docs.angularjs.org/api/ngRoute/provider/$routeProvider
I am using mean.io but for my reasons I cut out all the angular it has and replace with knockout.js. Also I want to notice that my application is not single page. I render pages from different views and require for each require.js module with knockout business logic.
That's about app I deal with and here is my problem.
For example if user is logged in I want to show his name in the header of my app. So, I need to set express app.locals after passport creates user session. The problem is I have no idea where does it happen. I find passport initialization, but don't know how to ger user name without using req.user object. So, what is the best way of doing it
Use a middleware.
app.use(function(req, res, next) {
req.user && (app.locals.user = req.user)
});
I'm having a problem with Express under Node.js. I'm trying to use sessions to store auth details when a user logs in. The problem I'm having is that once one user is logged in, any other visitors are also logged in under the same user, even if they are on a seperate machine on a seperate network.
It appears to me that it's working more like an application data store than a session store. Am I doing something wrong? Seems to me like I'm doing something stupid somewhere!
I'm using this code in app.configure:
app.use(express.cookieParser());
app.use(express.session({secret: 'supersecretkeygoeshere'}));
And I'm getting and setting my session variables like this:
var user = express.session.userId;
Cheers,
Nathan
That's not how you use sessions, use the session var on a request object:
app.get('/login', function(req, res){
user = loadUser(req.body.username, req.body.password)
req.session.userId = user.id
})
see docs:
http://expressjs.com/guide.html#session-support
Hope that helps :D