编辑我尝试了两种方式,重定向而不是重定向。重定向时,我得到的结果与我直接请求/的结果相同,但当我不接收时,我会收到包含data = Moved Temporarily. Redirecting to /的对象
鉴于此策略:
var strategy = new LocalStrategy(
{
session: true
},
function (username, password, done) {
User.findOne({ username: username }, function(err, user) {
if (err) { return done(err); }
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
if (user.password !== password) {
return done(null, false, { message: 'Incorrect password.' });
}
return done(null, user);
});
});
这个服务器:
//************ EDIT ****//
function genuuid(req) {
return "Test UID";
}
//************ EDIT ****//
var app = express();
var router = express.Router();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(passport.initialize());
//************ EDIT ****//
app.use(session({
genid: function(req) {
return genuuid() // use UUIDs for session IDs
},
secret: "somethingSecret",
cookie: {maxAge: 60000 },
resave: true,
saveUninitialized: false }));
//************ EDIT ****//
passport.use(strategy);
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login' }));
server = http.createServer(app).listen(port, function(){
console.log('Express server listening on port ' + app.get('port'));
})
我正在尝试从我的客户端(mocha测试)获取生成的令牌,如下所示:
it('Login should redirect to home and return a user token', function(done) {
var postData = querystring.stringify({
username : user,
password : password
});
var options = {
uri: 'http://' + hostname + ':' + port + '/login',
followRedirect: false
};
request.post(options)
.form(postData)
.on('response', function(res) {
res.statusCode.should.equal(302);
})
.on('data',function(data) {
should.exist(data);
should.fail(0,1,'Test not implemented');
done();
})
.on('error', function(e) {
should.fail(0,1,'Problem with request: ' + e.message);
});
});
标题包含
{ 'x-powered-by': 'Express',
location: '/',
vary: 'Accept',
'content-type': 'text/plain; charset=utf-8',
'content-length': '35',
date: 'Tue, 08 Sep 2015 19:46:03 GMT',
connection: 'keep-alive' }
没有饼干或其他什么。我的代币在哪里?
答案 0 :(得分:3)
尝试将会话中间件用于会话,例如express-session:
var session = require('express-session');
// Code to set up your app
var app = express();
// Make sure to replace "somethingSecret" with your own secret value
app.use(session({secret: "somethingSecret", resave: true, saveUnitialized: false}));
我写了一个非常接近你提供的应用程序的应用程序,看到同样的问题,这对我来说很奇怪,因为我以前曾多次使用过快递和护照。当我意识到我没有使用任何会话中间件时,我添加了express-session中间件和 voila ; set-cookie标题。
但请注意,此代码尚未准备好进行生产。来自express-session存储库:
警告默认服务器端会话存储MemoryStore不是专为生产环境设计的。它会在大多数情况下泄漏内存,不会扩展到单个进程,而是用于调试和开发。
有关商店列表,请参阅compatible session stores。
<强> [编辑]
使用此代码(用户被存根以始终返回相同的值):
var bodyParser = require('body-parser');
var express = require('express');
var http = require('http');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var session = require('express-session');
// Stub of User schema for testing
var User = {
findOne: function(user, callback) {
callback(null, {
id: 1234,
username: user.username,
password: 'foo'
});
},
findById: function(id, callback) {
callback(null, {
id: 1234,
username: 'user',
password: 'foo'
});
}
};
var strategy = new LocalStrategy(
{
session: true
},
function (username, password, done) {
User.findOne({ username: username }, function(err, user) {
if (err) { return done(err); }
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
if (user.password !== password) {
return done(null, false, { message: 'Incorrect password.' });
}
return done(null, user);
});
});
function genuuid(req) {
return "Test UID";
}
var app = express();
var router = express.Router();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(passport.initialize());
app.use(session({
genid: function(req) {
return genuuid() // use UUIDs for session IDs
},
secret: "somethingSecret",
cookie: {maxAge: 60000 },
resave: true,
saveUninitialized: false }));
passport.use(strategy);
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login' }));
server = http.createServer(app).listen(51015, function(){
console.log('Express server listening on port ' + app.get('port'));
});
运行测试:
var should = require('should');
var assert = require('assert');
var request = require('request');
var querystring = require('querystring');
it('Login should redirect to home and return a user token', function(done) {
var postData = querystring.stringify({
username : 'user',
password : 'foo'
});
var options = {
uri: 'http://' + '127.0.0.1' + ':' + '51015' + '/login',
followRedirect: false
};
request.post(options)
.form(postData)
.on('response', function(res) {
console.log(res.headers);
res.statusCode.should.equal(302);
})
.on('data',function(data) {
should.exist(data);
should.fail(0,1,'Test not implemented');
done();
})
.on('error', function(e) {
should.fail(0,1,'Problem with request: ' + e.message);
});
});
给出以下输出;注意包含set-cookie标题:
mocha
{ 'x-powered-by': 'Express',
location: '/',
vary: 'Accept',
'content-type': 'text/plain; charset=utf-8',
'content-length': '35',
'set-cookie': [ 'connect.sid=s%3ATest%20UID.NC0hY3rYGMdnN560ewpf%2FaJbO%2BNd9M7QLz3gnse0eLs; Path=/; Expires=Wed, 09 Sep 2015 13:08:06 GMT; HttpOnly' ],
date: 'Wed, 09 Sep 2015 13:07:06 GMT',
connection: 'close' }
1) Login should redirect to home and return a user token
0 passing (69ms)
1 failing
1) Login should redirect to home and return a user token:
Uncaught AssertionError: Test not implemented
除了存根User架构和硬编码配置值之外,我的代码应该与你的相同,所以我有点不知道你是怎么没有获得{{1标题。
您是否正在使用可能影响会话或Cookie的任何其他中间件?
[编辑2]
问题在于(在您的repository中)您将set-cookie中间件添加到与session执行的范围不同的范围内,因此对{{1}所做的更改实际上没有影响。
不是让服务器在测试组之前开始监听,而是让它为每个测试启动一次,并立即将所需的所有参数传递给它。我已经向您的存储库提交了一个pull request,其中包含了我可能这样做的详细信息,因为它不是一小部分代码,并且在这里粘贴并不是很理想。
请花点时间阅读并理解这些更改,因为我只关心会话令牌的发送,而且我不保证其他功能是否会受到这些更改的影响。