我使用passportjs来验证我的快递应用。我所做的与教程代码非常相似,但是认证会话总是让我感到困惑。
在我的主要工作流程中,我使用本地策略验证用户
passport.authenticate('local', function (err, user, info) {
if (err) {
req.flash('error', { msg: err.message });
return res.redirect('back');
}
if (!user) {
// punish abuser...
})
.catch( function (err) {
req.flash('error', { msg: err.message });
return res.redirect('back');
});
} else {
// Log user in
debug('Info: ' + 'Logging in'.green.bold);
req.logIn(user, function (err) {
if (err) {
debug('Info: ' + 'Error occured '.red.bold);
req.flash('error', { msg: err.message });
res.redirect('back');
}
// req.session.passport.user = user.id; // <-- even tried hack, didn't work
// Send user on their merry way
res.redirect('/homepage');
});
}
})
然后,对于/ homepage的所有请求,我强制他们验证用户是否经过身份验证
app.all('/api*', passportConf.isAuthenticated);
其中isAuthenticated()定义为
exports.isAuthenticated = function (req, res, next) {
// Is the user authenticated?
if (req.isAuthenticated()) {
debug('Info: ' + '----authentication verified');
return next();
} else {
debug('Info: ' + '----authentication verification failed');
// flash error message etc...
return res.redirect('/login');
}
};
结果显示:
Info: --->> Password Matched! <<--- +0ms
Info: Logging in +0ms
Info: serializing user +0ms
...
POST /login 302 295.015 ms - 64
...
Executing (default): UPDATE "Sessions" SET "data"='{"cookie":{"//cookie"},"passport":{"user":37}}'
...
Info: ----authentication verification failed +0ms
....
GET /api 302 19.094 ms - 68
Executing (default): UPDATE "Sessions" SET "data"='{"cookie":{"//cookie"},"passport":{}, "attemptedURL":"/api"}
...
Info: de-serializing user +20ms
...
Executing (default): SELECT "//fields" FROM "Users" AS "User" WHERE "User"."id" = 37 LIMIT 1;
Error: 500 [object SequelizeInstance:User] +5ms
请求肯定会通过密码检查并一直进行,直到重定向之前,并在重定向后死亡。
我观察到3个可能的原因:
坚持住了很多个晚上...非常感谢任何帮助......
答案 0 :(得分:1)
500 [object SequelizeInstance:User]似乎表明你正在将一个续集实例传递给某个认为是错误的地方。也许你正在调用一个只需要err, user的{{1}}的回调:
user