Question

我一直在用键盘敲打我的头10个小时。我有一个简单的本地登录nodejs脚本，它似乎只能工作一次。

这是我的代码。

app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', req.headers.origin);
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
    if ('OPTIONS' == req.method) {
        res.send(200);
    } else {
        next();
    }
});

app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended: true}))

var sessionOpts = {
    saveUninitialized: true,
    resave: true,
    store: new MongoStore({'db':'sessions'}),
    secret: sessionSecret,
    cookie : { httpOnly: true, secure : false, maxAge : (4 * 60 * 60 * 1000)}
}

app.use(cookieParser(sessionSecret)); // read cookies (needed for auth)
app.use(session(sessionOpts)); // session secret

app.use(passport.initialize());
app.use(passport.session()); // persistent login sessions

序列化和反序列化函数：

passport.serializeUser(function(user, done) {

    //console.log(user._id) - This is working
    done(null, user._id);
});

// used to deserialize the user
passport.deserializeUser(function(id, done) {

    //console.log(user.) - This is working
    var ident = id.toString();

    db.accounts.findOne({'_id':ObjectId(ident)}, function(err, user) {
        done(err, user);
    });
});

本地登录功能：

passport.use('local-login', new LocalStrategy({
        // by default, local strategy uses username and password, we will override with email
        usernameField : 'email',
        passwordField : 'password',
        passReqToCallback : true // allows us to pass back the entire request to the callback
    },
    function(req, email, password, done) { // callback with email and password from our form

        // find a user whose email is the same as the forms email
        // we are checking to see if the user trying to login already exists
        db.accounts.findOne({'email':email}, function(err, user){


            // if there are any errors, return the error before anything else
            if (err)
                return done(err);

            if (!user)
                return done(null, false, {'msg':'user not found'});

            if (!validPassword(password, user.pass))
                return done(null, false, {'msg':'incorrect password'}); 

            // all is well, return successful user
            return done(null, user);
        });

}));

登录：

app.post('/login', passport.authenticate('local-login', {
    failureRedirect : '/login'}),
        function(req, res){

            res.redirect('/profile');      

        });  

});

身份验证检查：

function isLoggedIn(req, res, next) {

    // if user is authenticated in the session, carry on 
    if (req.isAuthenticated()){

        return next();
    }
    else{

        console.log('failed'); 
    }
}

使用它：

app.get('/authenticate', isLoggedIn, function(req, res){

    console.log('FINALLY!!');


});

当我调试一些东西时，这就是我能看到的情况：

当我使用我的表单登录时，会传递电子邮件和密码，它会在数据库中找到用户并且密码匹配。
重定向到个人资料页面没问题。如果我输入了错误的电子邮件或密码，我会分别收到正确的失败消息。
当我尝试访问/ authenticate页面时。它总是失败。

所以我查看了我的会话商店，这就是我所看到的：

    "_id" : "XJiIfjjTtODchUM5Dt-J9BAVM6rDa6Ly",
    "session" : {
            "cookie" : {
                    "path" : "/",
                    "_expires" : ISODate("2015-06-19T08:33:15.304Z"),
                    "originalMaxAge" : 14400000,
                    "httpOnly" : true,
                    "secure" : false,
                    "expires" : ISODate("2015-06-19T08:33:15.304Z"),
                    "maxAge" : 14399999,
                    "data" : {
                            "originalMaxAge" : 14400000,
                            "expires" : ISODate("2015-06-19T08:33:15.304Z"),
                            "secure" : false,
                            "httpOnly" : true,
                            "domain" : null,
                            "path" : "/"
                    }
            },
            "passport" : {

            }
    },
    "expires" : ISODate("2015-06-19T08:33:15.304Z")

此外，当我console.log(req.user)时，它始终未定义。

因此会话数据不会传递到快递或护照会话商店。

Answer 1

passport.serializeUser(function(user, done) {
    done(null, user.id);
});

passport.deserializeUser(function(id, done) {
    db.accounts.findById(id, function(err, user){
       return done(err, user);
    });
});

请尝试此代码，它适用于我，你可以在这里看到： https://github.com/wangyangkobe/wangqiuke/blob/master/config/passport.js

对于第二个问题，请更改代码

var sessionOpts = {
    saveUninitialized: true,
    resave: true,
    store: new MongoStore({'db':'sessions'}),
    secret: sessionSecret,
    cookie : { httpOnly: true, secure : false, maxAge : (4 * 60 * 60 * 1000)}
}

到

var sessionOpts = {
    saveUninitialized: false,
    resave: true,
    store: new MongoStore({'db':'sessions'}),
    secret: sessionSecret,
    cookie : { httpOnly: true, secure : false, maxAge : (4 * 60 * 60 * 1000)}
}

来自文件：

<强> saveUninitialized

强制进行＆＃34;未初始化的会话＆＃34;被保存到商店。一个   会话在新的但未修改时未初始化。的选择   false对于实现登录会话，减少服务器非常有用   存储使用，或遵守之前需要许可的法律   设置cookie。选择false也有助于竞争条件   客户端在没有会话的情况下发出多个并行请求。

passport.js用户数据未被存储

1 个答案: