我已经阅读了很多类似的主题,但没有找到像我这样的东西。这是我在控制台中看到的内容:
85.114.2.255 - - [Thu, 10 Apr 2014 11:46:36 GMT] "GET /login HTTP/1.1" 200
>>>>>>>>>>>>>>>>>>>>>>>>>>> Local Authentication
Executing (default): SELECT * FROM `phpfox_user` WHERE `phpfox_user`.`email`='zelibobla@gmail.com' LIMIT 1;
<<<<<<<<<<<<<<<<<<<<<<<<<< SUCCESS
************************** SERIALIZING 13051
85.114.2.255 - - [Thu, 10 Apr 2014 11:46:37 GMT] "POST /login HTTP/1.1" 302
>>>>>>>>>>>>>>>>>>>>>>>>>>>>> DESERIALIZING 13051
Executing (default): SELECT * FROM `phpfox_user` WHERE `phpfox_user`.`user_id`=13051 LIMIT 1;
<<<<<<<<<<<<<<<<<<<<<<<<<<<< DESERIALIZED: zelibobla@gmail.com
[Function]
85.114.2.255 - - [Thu, 10 Apr 2014 11:46:37 GMT] "GET / HTTP/1.1" 401
有一点干扰,但我们可以在这里看到登录表单请求是成功的。 Smubmitted表单接受并触发用户的数据库搜索。用户找到并序列化为会话。在重定向到&#39; /&#39;之后路线紧随其后在此路由用户反序列化执行和(惊讶!)HTTP_401返回。 我花了两天时间试图找出为什么会出现这种奇怪的行为。任何帮助都是预先确定的。
以下是代表我的应用的简化代码。
var express = require( 'express' );
var path = require( 'path' );
var passport = require( 'passport' );
core = express();
core.passport = require( 'passport' );
var LocalStrategy = require( 'passport-local' ).Strategy;
core.passport.use( 'local', new LocalStrategy(
function( email, password, done ){
console.log( '>>>>>>>>>>>>>>>>>>>>>>>>>>> Local Authentication' );
core.factories.user.find({ where: {
email: email,
}})
.success( function( user ){
if( null === user ){
return done( /* errorText = */ null,
false,
{ message: 'User with specified email not found' }
);
}
var authService = core.services.authentication()
hash = user.password,
salt = user.password_salt;
if( authService.isPasswordValid( password, hash, salt ) ){
console.log( "<<<<<<<<<<<<<<<<<<<<<<<<<< SUCCESS" );
return done( /* errorText = */ null, user );
} else {
console.log( "<<< !!! <<<<<<<<<<<<<<<<<<<<<<< ERROR" );
return done( /* errorText = */ null, false, { message: 'Password invalid' });
}
})
.error( function( errorText ){
return done( errorText );
});
})
);
core.passport.serializeUser( function( user, done ){
console.log( '************************** SERIALIZING ' + user.user_id );
done( /* errorText = */ null, user.user_id );
});
core.passport.deserializeUser( function( id, done ){
console.log( '>>>>>>>>>>>>>>>>>>>>>>>>>>>>> DESERIALIZING ' + id );
core.factories.user.find( id )
.success( function( user ){
console.log( '<<<<<<<<<<<<<<<<<<<<<<<<<<<< DESERIALIZED: ' + user.email );
console.log( done );
done( /* errorText = */ null, user );
})
.error( function( errorText ){
console.log( '<<<< !!! <<<<<<<<<<<<<<<<<<<<<<<<< error\n' + errorText );
done( errorText );
});
});
core.use( express.cookieParser() );
core.use( express.bodyParser() );
core.use( express.session({ secret: "GodBlessJaredHanson" }) );
core.use( passport.initialize() );
core.use( passport.session() );
core.use( express.methodOverride() );
core.use( core.router );
core.use( express.static( path.join( __dirname, 'public' ) ) );
core.use( express.errorHandler({ dumpExeptions: true, showStack: true }) );
core.set( 'views', __dirname + '/public' );
core.engine( 'html', require( 'ejs' ).renderFile );
core.get( '/', [
core.passport.authenticate( 'local' ),
function( request, response ){
console.log( "****************** GOOD! I am rendering index.html ********************" );
return response.render( 'index.html' );
},
] );
core.get( '/login', function( request, response ){
response.render( 'login.html', {errors:{}, email: ''} );
}, );
core.post( '/login', core.passport.authenticate( 'local', {successRedirect: '/', failureRedirect: '/login' } ) );
var instance = core.listen( '1339' );
module.exports = instance;
更新
好吧,图书馆作者的例子有帮助。 https://github.com/jaredhanson/passport-local/blob/master/examples/login/app.js
而不是
core.get( '/', [
core.passport.authenticate( 'local' ),
function( request, response ){
console.log( "****************** GOOD! I am rendering index.html ********************" );
return response.render( 'index.html' );
},
] );
应以这种方式执行访问控制:
core.get( '/', [
function (req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login');
},
function( request, response ){
console.log( "****************** GOOD! I am rendering index.html ********************" );
return response.render( 'index.html' );
},
] );
误解的关键是像BearerStrategy这样的其他策略用于在每个新请求上运行身份验证过程。