出于某种原因,我测试了我的身份验证,我创建了一个登录 8 === D 和密码123 的用户,然后passportjs表示当我尝试登录时无法序列化该用户,但是使用任何常规的用户名如 bill@kentucky.com ,然后它可以正常工作并在登录时序列化用户。我也可以提供代码作为示例,但是它是否具有奇怪的字符(喜欢'=')吗?
另外,为什么我只能使用.id而不是._id进行序列化,为什么这样做?我使用mongoDB,它总是生成_id。
exports.postLogin = function(req, res, next) {
// Do email and password validation for the server
passport.authenticate('local', function(err, user, info) {
if(err) return next(err);
if(!user) {
req.flash('errors', {msg: info.message});
console.log("ERROR BOYS");
}
// Passport exposes a login() function on req (also aliased as logIn()) that can be used to establish a login session
req.logIn(user, function(err) {
console.log("User: " +user + " has been logged in");
if(err) return next(err);
req.flash('success', { msg: 'Success! You are logged in'});
res.end('Success');
});
})(req, res, next);
};
/**
* GET /logout
*/
exports.getLogout = function(req, res, next) {
// Do email and password validation for the server
console.log("You have been logged out");
req.logout();
res.redirect('/');
};
/**
* POST /signup
* Create a new local account
*/
exports.postSignUp = function(req, res, next) {
var user = new User({
email: req.body.email,
password: req.body.password,
profile: {
firstName : req.body.firstName,
lastName : req.body.lastName,
section : req.body.section
}
});
User.findOne({email: req.body.email}, function(err, existingUser) {
if(existingUser) {
req.flash('errors', { msg: 'Account with that email address already exists' });
res.redirect('/sign');
}
user.save(function(err) {
if(err) return next(err);
req.logIn(user, function(err) {
if(err) return next(err);
console.log('Successfully created');
console.log('Printing user');
console.log(user);
console.log('Print our body from our request');
console.log(req.body);
res.redirect('/');
res.end();
});
});
});
};
serialize部分:
/* Initializing passport.js */
var User = require('../models/user');
var local = require('./passport/local');
/*
* Expose
*/
module.exports = function(app, passport, config) {
// serialize sessions
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
//use the following strategies
passport.use(local);
};
也许它与登录?? :: ???
有关else {
renderedResult = (
<div>
<div className={styles['wrapper']}>
<div className={styles['container']}>
<h1 className={styles['welcomelogin']}>Welcome, If ya just signed up then go ahead and sign in</h1>
<fieldset className = {styles['loginSet']}>
<input type="text" className = {styles['form-control']} placeholder="Username" ref = "email" name = "email" />
<input type="password" className = {styles['form-control']} placeholder="Password" ref = "password" name = "password" />
<button type="submit" className={styles['login-button']} to = "dashboard" onClick={this._onLoginSubmit}>Login</button>
</fieldset>
<hr/>
<p>Need an account? <Link to="register">Signup</Link></p>
</div>
</div>
</div>
);
}}
return (
<div>
{renderedResult}
</div>
);
}
}
用户模型:
/**
* Defining a User Model in mongoose
*
*/
var bcrypt = require('bcrypt-nodejs');
var mongoose = require('mongoose');
var crypto = require('crypto');
// Other oauthtypes to be added
/*
User Schema
*/
var UserSchema = new mongoose.Schema({
email: { type: String, unique: true},
password: String,
tokens: Array,
profile: {
firstName: { type: String, default: ''},
lastName: {type: String, default: ''},
gender: { type: String, default: ''},
location: { type: String, default: ''},
website: { type: String, default: ''},
picture: { type: String, default: ''},
section: { type: String, default: ''}
},
resetPasswordToken: String,
resetPasswordExpires: Date,
google: {},
isStaff : { type: Boolean, default: false}
});
/**
* Password hash middleware.
*/
UserSchema.pre('save', function(next) {
var user = this;
if (!user.isModified('password')) return next();
bcrypt.genSalt(5, function(err, salt) {
if (err) return next(err);
bcrypt.hash(user.password, salt, null, function(err, hash) {
if (err) return next(err);
user.password = hash;
next();
});
});
});
/*
Defining our own custom document instance method
*/
UserSchema.methods = {
comparePassword: function(candidatePassword, cb) {
bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
if(err) return cb(err);
cb(null, isMatch);
})
}
};
/**
* Statics
*/
UserSchema.statics = {}
module.exports = mongoose.model('User', UserSchema);
答案 0 :(得分:1)
Serialize函数确定应该在会话中存储来自用户对象的数据。 serializeUser方法的结果作为req.session.passport.user = {}附加到会话,例如它(因为我们提供id作为键)
req.session.passport.user = {id:'xyz'}
Passport会将用户实例序列化和反序列化 会话。 在此示例中,仅将用户标识序列化为会话, 保持会话中存储的数据量很小。什么时候 收到后续请求,此ID用于查找用户, 将恢复为
req.user。序列化和反序列化逻辑由。提供 应用程序,允许应用程序选择合适的 数据库和/或对象映射器,没有强加的 身份验证层。 http://passportjs.org/docs
基本上,您需要解决此问题,在html代码中转换=或不允许这些符号。请记住,会话使用&和=转换为字符串。喜欢:
data=data&data2=data2