我制定了这个策略,我通过url参数尝试auth。它从java代码调用。
网址如下:http://localhost/mc/download/filename/user@server.com/secretpass
这个策略:
passport.use('mc-login', new LocalStrategy({
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : req.params.uname }, function(err, user) {
// if there are any errors, return the error before anything else
if (err)
return done(err);
// if no user is found, return the message
if (!user)
return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash
// if the user is found but the password is wrong
if (!user.validPassword(req.params.upass))
return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
// all is well, return successful user
return done(null, user);
});
}));
我尝试在此代码中调用它:
app.get('/mc/download/:fname/:uname/:upass',
function(req, res, next) {
passport.authenticate('mc-login', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/users/' + user.username);
});
})(req, res, next);
}
,function(req, res){
...
但在info变量中返回
[stack=undefined,name="BadRequestError",message="Missing credentials"]
并且用户为空
如何制定策略允许使用req.params
变量进行身份验证
答案 0 :(得分:1)
LocalStrategy
要求用户名和密码出现在req.query
或req.body
中。如果其中任何一个不存在,策略验证处理程序将不会被调用(这就是为什么即使使用passReqToCallback
它也不起作用。)
你可以通过添加一个额外的中间件来设置Passport,让他们认为它们是通过URL参数填充用户名和密码来设置的:
app.get(
'/mc/download/:fname/:uname/:upass',
function(req, res, next) {
// Populate username and password before passing it on to Passport.
req.query.username = req.params.uname;
req.query.password = req.params.upass;
next();
},
function(req, res, next) {
passport.authenticate('mc-login', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/users/' + user.username);
});
})(req, res, next);
}
);