对飞行前请求的响应无效 - 护照和反应

时间:2018-05-18 17:26:09

标签: reactjs passport.js

我们正在尝试使用passportjs来使用ADFS进行身份验证。但是,尽管在我们的请求中添加了cors,但仍会抛出错误。添加了服务器代码和客户端代码。服务器代码也可以在这里找到。

auth0 /节点jsonwebtoken#59

服务器 - 代码

'use strict';

// N.B. Encoding problems are being caused by jsonwebtoken
// auth0/node-jsonwebtoken#59

var app = require('express')(),
cookieParser = require('cookie-parser'),
jwt = require('jsonwebtoken'),
passport = require('passport'),
OAuth2Strategy = require('passport-oauth').OAuth2Strategy,
fs = require('fs');

var cors = require('cors');
var https = require('https');
console.warn('Not verifying HTTPS certificates');
https.globalAgent.options.rejectUnauthorized = false;

// Exported from ADFS

var adfsSigningPublicKey = fs.readFileSync('ADFS-Signing.cer','utf8');

var cert = convertCertificate(adfsSigningPublicKey);

function validateAccessToken(accessToken) {
var payload = null;
try {
payload = jwt.verify(accessToken, cert,{algorithms: ["HS256"], ignoreExpiration: true});
}
catch(e) {
console.warn('Dropping unverified accessToken', e);
}
return payload;
}

function convertCertificate (cert) {
//Certificate must be in this specific format or else the function won't accept it
var beginCert = "-----BEGIN CERTIFICATE-----";
var endCert = "-----END CERTIFICATE-----";

cert = cert.replace("\n", "");
cert = cert.replace(beginCert, "");
cert = cert.replace(endCert, "");

var result = beginCert;
while (cert.length > 0) {

    if (cert.length > 64) {
        result += "\n" + cert.substring(0, 64);
        cert = cert.substring(64, cert.length);
    }
    else {
        result += "\n" + cert;
        cert = "";
    }
}

if (result[result.length ] != "\n")
    result += "\n";
result += endCert + "\n";
return result;
}

// Configure passport to integrate with ADFS
var strategy = new OAuth2Strategy({
authorizationURL: 'https://sso.xxx.com/adfs/oauth2/authorize',
tokenURL: 'https://sso.xxx.com/adfs/oauth2/token',
clientID: 'xxxxxxxx-xxxx-xxxx-xxxx-0cxxx4489fa', // This is just a UID I generated and registered
clientSecret: 'shhh-its-a-secret', // This is ignored but required by the OAuth2Strategy
callbackURL: 'http://localhost:3000/getAToken'
},
function(accessToken, refreshToken, profile, done) {
if (refreshToken) {
console.log('Received but ignoring refreshToken (truncated)', refreshToken.substr(0, 25));
} else {
console.log('No refreshToken received');
}
console.log("done ** " + profile);
done(null, profile);
});
strategy.authorizationParams = function(options) {
return {
resource: 'iggggggg' // An identifier corresponding to the RPT
};
};
strategy.userProfile = function(accessToken, done) {
done(null, accessToken);
};
passport.use('provider', strategy);
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});

// Configure express app
app.use(cookieParser());
app.use(cors());
app.use(passport.initialize());
// app.options('*', cors());
app.use(function(req, res, next) {
// res.header('Content-type', 'text/plain')
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', 'http://localhost:3000');
res.header('Access-Control-Allow-Methods', 'GET,POST');

//res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
if ('OPTIONS' == req.method) {
     res.send(200);
 } else {
     next();
 }
});
app.get('/login', passport.authenticate('provider'),function(req, res) {
// Beware XSRF...
// res.json({ message: "ok", token: req.user });
});
app.get('/getAToken', passport.authenticate('provider'), function(req, res) {
// Beware XSRF...
console.log("*********************************");
res.cookie('accessToken', req.user);
res.redirect('/');
//res.json({ message: "ok", token: req.user });
});
app.get('/', function (req, res) {
console.log('default is called');
req.user = validateAccessToken(req.cookies['accessToken']);
res.send(
!req.user ? 'Log In' : 'Log Out' +
'

' + JSON.stringify(req.user, null, 2) + '
');
});
// app.get('/logout',cors(), function (req, res) {
// res.clearCookie('accessToken');
// res.redirect('/');
// });
app.listen(3000);
console.log('Express server started on port 3000');

我的客户端代码如下。 

            const params = {
            method: 'GET',
            headers: {

                    "Access-Control-Allow-Origin": "*",
                    "Access-Control-Allow-Methods": "GET, POST",
                    "Access-Control-Allow-Headers": "Content-type",
                    "Access-Control-Allow-Credentials": true,
                },
                withCredentials: true
            }

            axios('/login', params)
            .then(response => {
                response.data;
            })
            .catch(error => {
                debugger;
                console.log('error');
            })`

收到的错误如下。

对预检请求的响应无效。我的队员出了什么问题?

0 个答案:

没有答案
相关问题
最新问题