我想弄清楚我在这里做错了什么。看完文档(遗憾地过时了)并搜索网页后,我相信我已经正确配置了护照的所有内容,但由于某种原因,无法调用serializeUser和deserializeUser,导致req.user永远不会被设置。
好的,这是我的root server.js文件(汇总)
/**
* Module dependencies
*/
var express = require('express'),
app = module.exports = express(),
bodyParser = require('body-parser'),
cookieParser = require('cookie-parser'),
env = process.env.NODE_ENV || 'development',
errorHandler = require('errorhandler'),
http = require('http'),
methodOverride = require('method-override'),
morgan = require('morgan'),
passport = require('passport'),
path = require('path'),
routes = require('./server/routes/index'),
secret = process.env.SESSION_SECRET,
session = require('express-session'),
FileStore = require('session-file-store')(session);
/**
* Configuration
*/
// all environments
app.set('http-port', process.env.PORT || 3000);
app.set('views', __dirname + '/public');
app.engine('.html', require('ejs').renderFile);
app.use(morgan('dev'));
app.use(methodOverride());
app.use(express.static(path.join(__dirname, 'public')));
app.use(cookieParser(secret));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
// development enviornment only
if (env === 'development') {
app.use(session({
cookie: { maxAge: (60 * 60 * 10) }, // User session will expire after 60 minutes.
resave: false,
saveUninitialized: false,
secret: secret,
}));
app.use(errorHandler());
}
app.use(passport.initialize());
app.use(passport.session());
/**
* Routes
*/
routes.SESSION_SECRET = secret; // Set env var for the router;
app.use('/', routes); // Handle defined routes
app.get('/', routes.index); // Serve index
app.get('*', routes.index); // Redirect all others to the index (HTML5 history)
/**
* Start Server
*/
var httpServer = http.createServer(app);
httpServer.listen(app.get('http-port'), function () {
console.log('Express http server listening on port ' + app.get('http-port'));
});
你会注意到以上这一行:
routes = require('./server/routes/index'),
这是路由文件(汇总):
var express = require('express');
var router = express.Router();
var auth = require('./modules/auth');
// AUTH ROUTES
router.post('/login', auth.login); // Log a local user into the application using passport
router.post('/ldap-login', auth.ldapLogin); // Log a LDAP user into the application using passport
router.get('/logout', auth.logout); // Log the current user out of the system
router.get('/isLoggedIn', auth.isLoggedIn); // Check is the user is logged in
router.post('/updatePassword', auth.updatePassword); // Updates a users password
你会再次注意到这个参考:
var auth = require('./modules/auth');
这是auth模块(汇总)。
'use strict'
var passport = require('passport');
var secret = process.env.SESSION_SECRET;
var crypto = require('../../crypto');
var models = require('../../models');
var User = models.User;
require('../../passport');
// Log a local user into the application using passport
exports.login = function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if(err) { return next(err); }
if(user) {
User.find({
where: {
email: user.email
}
})
.then(function(currentUser) {
if(currentUser) {
currentUser.updateAttributes({
last_login: new Date()
});
}
});
user.email = crypto.decrypt(user.email);
user.first_name = crypto.decrypt(user.first_name);
user.last_name = crypto.decrypt(user.last_name);
return res.json({ token: user.generateJWT(secret) });
} else {
return res.status(401).json(info);
}
})(req, res, next);
}
在该文件中,我引用了我的护照配置,其中包含我希望达到的功能。
require('../../passport');
这是在那里引用的护照配置(摘要)。
(function() {
var models = require('./models');
var User = models.User;
/**
* Passport authentication
*/
var passport = require('passport');
// Passport Local Strategy
var locStrategy = require('passport-local').Strategy;
passport.use(new locStrategy({
usernameField: 'username'
},
function(username, password, done) {
User.find({
where: {
username: username
}
})
.then(function(user) {
if(!user) {
console.log('No such user found');
return done(null, false);
}
user.verifyPassword(password, function(err, isMatch) {
if(err) {
console.log('Error checking password. Error: ' + err);
return done(err);
} else if(!isMatch) {
// Password did not match
console.log('Passwords did not match');
return done(null, false);
} else {
// Success
console.log('User logged in');
return done(null, user);
}
});
})
.catch(function(err) {
console.log('Error logging user in. Message: ' + err);
return done(err);
});
}
));
passport.serializeUser(function(user, done) {
console.log('serializeUser'); // I expect this to be logged
done(null, user);
});
passport.deserializeUser(function(user, done) {
console.log('deserializeUser'); // I expect this to be logged
done(null, user);
});
exports.isAuthenticated = passport.authenticate(['local', 'ldapauth']);
})();
你会注意到那里对用户模型的引用,但由于这样可以正常工作,我不会包含任何代码。
我不确定这里有什么问题阻止我点击上面的passport.serializeUser和passport.deserializeUser方法。我以为我可能需要在server.js root中包含这些方法,所以我尝试在session({})config之上以及在passport.session()调用之后移动方法,并且这两种更改都没有任何影响。
答案 0 :(得分:3)
发现问题,希望我可以帮助别人。
要调用deserializeUser,您需要在passport.authenticate()解析后手动调用req.login()。我没有这样做,因为在Passport文档中它说:
"Note: passport.authenticate() middleware invokes req.login() automatically."
至少对我来说听起来像护照应该调用login,然后当你调用passport.authenticate()时自动deserializeUser,但这是不正确的。
以下是我的auth模块中的更新代码:
exports.login = function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if(err) { return next(err); }
if(user) {
User.find({
where: {
email: user.email
}
})
.then(function(currentUser) {
if(currentUser) {
currentUser.updateAttributes({
last_login: new Date()
})
}
});
user.email = crypto.decrypt(user.email);
user.first_name = crypto.decrypt(user.first_name);
user.last_name = crypto.decrypt(user.last_name);
req.login(user, function(err) { // I added req.login() here and now deserializeUser is being called and req.user is being set correctly.
if(err) {
return res.status(401).json(err);
} else {
return res.json({ token: user.generateJWT(secret) });
}
});
} else {
return res.status(401).json(info);
}
})(req, res, next);
}