我有两种不同的策略'登录'和' adminlogin':
app.post('/login', passport.authenticate('login', {
failureRedirect : '/login',
failureFlash : true
}), function(req, res) {
res.redirect('/');
});
app.post('/adminlogin', passport.authenticate('adminlogin', {
failureRedirect : '/adminlogin',
failureFlash : true
}), function(req, res) {
res.redirect('/admin');
});
adminlogin定义为:
assport.use('adminlogin', new LocalStrategy({
usernameField : 'uname',
passwordField : 'password',
passReqToCallback : true
},
function(req, uname, password, done) {
process.nextTick(function() {
findAdminByUserName(uname, function(err, user) {
if (err) {
console.log("1- ERROR::adminlogin: ", err);
return done(err);
}
if (!user) {
return done(null, false, req.flash('loginMessage', 'Unknown Admin: ' + uname));
}
// Now we do the comparison
CUtil.comparePasswords(password, user.password, user.salt, function (err, isMatch) {
if (err) {
console.log("2- ERROR::adminlogin: ", err);
return done(err, null);
}
if (!isMatch) {
return done(null, false, req.flash('loginMessage','Invalid admin or password'));
}
return done(null, cleanAdminUser(user));
});
});
});}));
使用以下附加代码:
function cleanAdminUser(pAdmin) {
if (!pAdmin)
return null;
var newAdmin = {
_id: pAdmin._id,
fname: pAdmin.fname,
lname: pAdmin.lname,
uname: pAdmin.uname,
role: 'admin',
};
return newAdmin;}
passport.serializeUser(function(user, done) {
done(null, user._id);});
passport.deserializeUser(function(id,done){
findById(id, function (err, user) {
done(err, user);
});});
我遇到的问题是,当非管理员用户登录,进行身份验证,最后重定向到用户仪表板时,会话将得到维护。使用adminlogin会话丢失。
重定向前的管理员:
{ instance:
Authenticator {
_key: 'passport',
_strategies: { session: [Object], login: [Object], adminlogin: [Object] },
_serializers: [ [Function] ],
_deserializers: [ [Function] ],
_infoTransformers: [],
_framework:
{ initialize: [Function: initialize],
authenticate: [Function: authenticate] },
_userProperty: 'user',
_sm: SessionManager { _key: 'passport', _serializeUser: [Function: bound ] },
Authenticator: [Function: Authenticator],
Passport: [Function: Authenticator],
Strategy: { [Function: Strategy] Strategy: [Circular] },
strategies: { SessionStrategy: [Object] } },
***session: { user: 59f3c0d7f75cc7ef38733644 }*** }
重定向后的管理员(在isAuthenticated()中):
{ instance:
Authenticator {
_key: 'passport',
_strategies: { session: [Object], login: [Object], adminlogin: [Object] },
_serializers: [ [Function] ],
_deserializers: [ [Function] ],
_infoTransformers: [],
_framework:
{ initialize: [Function: initialize],
authenticate: [Function: authenticate] },
_userProperty: 'user',
_sm: SessionManager { _key: 'passport', _serializeUser: [Function: bound ] },
Authenticator: [Function: Authenticator],
Passport: [Function: Authenticator],
Strategy: { [Function: Strategy] Strategy: [Circular] },
strategies: { SessionStrategy: [Object] } },
***session: {}*** }
isAuthenticated的代码:
function ensureAuthenticated(req, res, next) {
console.log(req._passport);
if (req.isAuthenticated()) {
return next();
}
//Passport.authenticate('adminlogin', {session: false})(req, res, next);
//res.redirect('/login');
res.send({loggedOut:true});}
如何检查isAuthenticated()使用adminlogin的用户,因为默认行为仅检查login?
答案 0 :(得分:0)
基本上应用程序结构应该是:
/app1
--/index.html as well as config.js & controllers.js
/app2
--/index.html as well as config.js & controllers.js