与passport.js制定策略使用req.params而不是req.body

时间:2016-06-04 18:49:04

标签: node.js express passport.js

我制定了这个策略,我通过url参数尝试auth。它从java代码调用。

网址如下:http://localhost/mc/download/filename/user@server.com/secretpass

这个策略:

passport.use('mc-login', new LocalStrategy({
    passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form

    // find a user whose email is the same as the forms email
    // we are checking to see if the user trying to login already exists
    User.findOne({ 'local.email' :  req.params.uname }, function(err, user) {
        // if there are any errors, return the error before anything else
        if (err)
            return done(err);

        // if no user is found, return the message
        if (!user)
            return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash

        // if the user is found but the password is wrong
        if (!user.validPassword(req.params.upass))
            return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata

        // all is well, return successful user
        return done(null, user);
    });

}));    

我尝试在此代码中调用它:

app.get('/mc/download/:fname/:uname/:upass',

        function(req, res, next) {
      passport.authenticate('mc-login', function(err, user, info) {
        if (err) { return next(err); }
        if (!user) { return res.redirect('/login'); }
        req.logIn(user, function(err) {
          if (err) { return next(err); }
          return res.redirect('/users/' + user.username);
        });
      })(req, res, next);
    }

    ,function(req, res){
    ...

但在info变量中返回 [stack=undefined,name="BadRequestError",message="Missing credentials"] 并且用户为空

如何制定策略允许使用req.params变量进行身份验证

1 个答案:

答案 0 :(得分:1)

LocalStrategy要求用户名和密码出现在req.queryreq.body中。如果其中任何一个不存在,策略验证处理程序将不会被调用(这就是为什么即使使用passReqToCallback它也不起作用。)

你可以通过添加一个额外的中间件来设置Passport,让他们认为它们是通过URL参数填充用户名和密码来设置的:

app.get(
  '/mc/download/:fname/:uname/:upass',
  function(req, res, next) {
    // Populate username and password before passing it on to Passport.
    req.query.username = req.params.uname;
    req.query.password = req.params.upass;
    next();
  },
  function(req, res, next) {
    passport.authenticate('mc-login', function(err, user, info) {
      if (err) { return next(err); }
      if (!user) { return res.redirect('/login'); }
      req.logIn(user, function(err) {
        if (err) { return next(err); }
        return res.redirect('/users/' + user.username);
      });
    })(req, res, next);
  }
);