【问题标题】:Express Passport.js not persisting user object in sessionExpress Passport.js 不在会话中保留用户对象
【发布时间】:2018-05-22 00:56:30
【问题描述】:

我有一个 Express 应用程序在端口 3000 上运行。前端在端口 80 上运行,所以这是一个 CORS 应用程序。用户存储在 SQL 服务器数据库中。我使用护照作为本地策略以及快速会话中间件的身份验证方法。该应用程序是一个单页应用程序,所有发送到服务器的请求都是通过 ajax 完成的。用户在页面上登录并发送凭据,如果身份验证成功,用户 ID 以及用户名和 FullNmae 应该被持久化到会话中。

我对此有很多问题:主要是登录后,express 使用护照将用户名和其他数据保存到新会话中,并返回一个 html sn-p 以替换上的 body 标签页。但是,为了测试用户对象是否存在,我调用 /create-user 路由,它说用户对象不存在。此外,每个请求都会启动一个新会话(我检查日志并看到每次都显示不同的会话 ID)。不仅如此,在某一时刻,我还能够在浏览器中看到会话 cookie,但我再也看不到它了。我试图回到可以看到 cookie 的位置,但它仍然没有出现!

我已经绞尽脑汁好几个小时了,不知道为什么不调用 deserializeUser,也不知道为什么不保留数据。我哪里错了?

注意:省略了一些明显的代码(app.listen()、require 语句等)

/* ------ CONFIGURATIONS ------ */
const app = express();
const mssqlConfig = JSON.parse(fs.readFileSync("mssql-config.json", "utf8"));
passport.use(new LocalStrategy(
    function loginAuthentication(username, password, done) {
        let connPool = new mssql.ConnectionPool(mssqlConfig);
        connPool.connect(error => {
            if (error) {console.log(error); return done(error);}
            ps = new mssql.PreparedStatement(connPool);
            ps.input('username', mssql.NVarChar(20));
            ps.input('password', mssql.NVarChar(50));
            ps.prepare('SELECT FullName, fldLoginName, fldEmployeeID, fldPassword FROM tblEmployees WHERE fldLoginName = @username AND fldPassword = @password;', error => {
                if (error) {console.log(error); return done(error);}
                ps.execute({username, password}, (error, result) => {
                    if (error) {console.log(error); return done(error);}
                    console.log(result);
                    if (result.recordset.length == 0) {
                        return done(null, false, {message: "There is no user with those credentials!"});
                    } else if (result.recordset[0].fldLoginName != username || result.recordset[0].fldPassword != password) {
                        return done(null, false, {message: "Username or password is incorrect!"})
                    } else {
                        return done(null, {
                            ID: result.recordset[0].fldEmployeeID,
                            username: result.recordset[0].fldLoginName,
                            fullName: result.recordset[0].FullName
                        });
                    }
                    ps.unprepare(error => console.log(error));
                });
            });
        });
    }
));
passport.serializeUser((user, done) => {
    done(null, JSON.stringify(user));
})
passport.deserializeUser((user, done) => {
    console.log(user);
    done(null, JSON.parse(user));
});

/* ----- MIDDLEWARE ------ */
app.use(function allowCrossDomain(request, response, next) { // CORS
    // intercept OPTIONS method
    response.header('Access-Control-Allow-Credentials', true);
    response.header('Access-Control-Allow-Origin', request.headers.origin);
    response.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    response.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
    response.header('Access-Control-Max-Age', '60');
    if ('OPTIONS' == request.method) {
        response.sendStatus(200);
    } else {
        next();
    }
});
app.use(bodyParser.json());
app.use(session({
    secret:"long string of characters",
    name:'officetools-extensions',
    saveUninitialized:false,
    resave:false,
    cookie:{secure:false, httpOnly:true, maxAge:86400000, domain:"http://officetools-extensions"},
    store: new MemoryStore({checkPeriod:86400000})
}));
app.use(passport.initialize());
app.use(function checkRestrictedURL(request, response, next){
    console.log(request.url);
    if (!request.url.match(/^\/login$/g)) {
        console.log("passed");
        passport.session()(request, response, next);
    } else {
        next();
    }
});

/* ------ ROUTES ------ */
app.post('/login', bodyParser.urlencoded({extended:false}), (request, response, next) => { 
    passport.authenticate('local', {session:true}, (error, user, info) => {
        if (error) { error.status = 500; return next(error); }
        if (info) { let err = new Error(info.message); err.status = 400; return next(err);}
        if (!user) { return response.status(401).send("User could not be logged in!"); }
        console.log(request.sessionID);
        console.log(user);
        console.log(request.session);
        request.logIn(user, function loginCallBack(error) {
            if (error) { error.status = 500; return next(error);}
            console.log("after login", request.session);
            console.log(request.isAuthenticated());
            return response.sendFile(path.join(__dirname + "/templates/barcodes.html"));
        })
    })(request, response, next);
});
app.get("/current-user", (request, response, next) => {
    console.log(request.user, request.session);
    console.log(request.sessionID);
    console.log(request.isAuthenticated());
    if (request.user) { 
        response.header("Content-Type", "application/json");
        return response.send(request.user);
    }
    else { return response.status(401).send("There is no user currently logged in!"); }
});

【问题讨论】:

    标签: node.js express session passport.js


    【解决方案1】:

    我想通了。我只需要删除会话设置中的域属性。这使它起作用了。

    【讨论】:

      猜你喜欢
      • 2021-07-08
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2012-05-01
      • 2017-09-21
      • 1970-01-01
      • 2017-05-24
      • 1970-01-01
      相关资源
      最近更新 更多