为什么 req.user 恢复后调用 passport.deserializeUser?

【问题标题】:Why is passport.deserializeUser called after req.user has been restored?为什么 req.user 恢复后调用 passport.deserializeUser?
【发布时间】:2021-03-30 03:35:57
【问题描述】:

根据Passport Documentation on Sessions

...只有用户 ID 被序列化到会话中,保留金额 存储在会话中的数据很小。当后续请求 收到,这个ID用来找用户,会恢复到 请求用户。

但是我的test SPA 基于Passport form-based authentication sample 并添加了调试消息表明req.userapp.get 路由处理程序被触发之前已经恢复。

这是来自 HTTP POST 的输出,其中用户名和护照字段为空 -

[nodemon] starting `node app.js`
agenda-spa app listening at http://localhost:3000
handling request for:  / POST
handling request for:  / GET
xxx get root
xxx req.user  undefined
handling request for:  /style.css GET

req.user 未按预期定义

这是来自带有经过身份验证的用户名和密码的 HTTP POST 的输出

handling request for:  / POST
xxx passport.use  sss
xxx findByUsername sss
xxx password match
xxx serializeUser { id: 1, username: 'sss', password: 'sss' }
xxx auth success
xxx deserializeUser 1
xxx findById 1
handling request for:  / GET
xxx get root
xxx req.user  { id: 1, username: 'sss', password: 'sss' }
xxx deserializeUser 1
xxx findById 1
handling request for:  /style.css GET

我希望它是-

...
xxx deserializeUser 1
xxx findById 1
xxx req.user  { id: 1, username: 'sss', password: 'sss' }
...

为什么在req.user 恢复后调用passport.deserializeUser

【问题讨论】:

    标签: node.js express passport.js


    【解决方案1】:

    首先,就我而言,我得到:

    xxx passport.use  sss
xxx findByUsername sss
xxx password match
xxx serializeUser { id: 1, username: 'sss', password: 'sss' }
xxx auth success
xxx deserializeUser 1
xxx findById 1
handling request for:  / GET
xxx get root
xxx req.user  { id: 1, username: 'sss', password: 'sss' }

    为了重现该问题,我运行以下脚本:

    #!/usr/bin/env bash
set -eu
rm cookies.txt || true
args=(
-sSv -b cookies.txt -c cookies.txt
)
curl "${args[@]}" -d 'username=sss&password=sss' localhost:3000
curl "${args[@]}" localhost:3000

    让我们添加一些调试信息来了解请求从哪里开始:

    $ DEBUG=* node app.js
...
  express:router dispatching POST / +10s
  express:router session  : / +1ms
  express-session no SID sent, generating session +1ms
  express:router initialize  : / +3ms
  express:router authenticate  : / +1ms
  express:router <anonymous>  : / +0ms
handling request for:  / POST
xxx passport.use  sss
xxx findByUsername sss
xxx password match
xxx serializeUser { id: 1, username: 'sss', password: 'sss' }
xxx auth success
  express-session saving y4TUFn7tzccSARC7kHiDbuKY8qXj1sCU +13ms
  express-session split response +1ms
  express-session set-cookie connect.sid=s%3Ay4TUFn7tzccSARC7kHiDbuKY8qXj1sCU.yxt3TbHx4HSzm03JMrtPcTPrm3K40FbHiuS6NGT%2Fd7E; Path=/; HttpOnly +3ms
...
  express:router dispatching GET / +14ms
  body-parser:urlencoded skip empty body +0ms
  express:router session  : / +0ms
  express-session fetching y4TUFn7tzccSARC7kHiDbuKY8qXj1sCU +1ms
  express-session session found +1ms
  express:router initialize  : / +1ms
  express:router authenticate  : / +0ms
xxx deserializeUser 1
xxx findById 1
  express:router <anonymous>  : / +1ms
handling request for:  / GET
xxx get root
xxx req.user  { id: 1, username: 'sss', password: 'sss' }
...

    因此,在您的情况下,第二个请求的输出是:

    xxx deserializeUser 1
xxx findById 1
handling request for:  / GET
xxx get root
xxx req.user  { id: 1, username: 'sss', password: 'sss' }
xxx deserializeUser 1
xxx findById 1

    正如您所料,但由于某种原因,会话策略被触发了两次。我无法复制。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2014-01-28
      • 2017-12-06
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2012-02-09
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode