【发布时间】:2019-02-15 05:33:59
【问题描述】:
我正在尝试创建单点登录功能,用于检查用户是否已配置,并创建用户或使用最新信息更新数据库。
我已使更新/插入工作正常进行,但现在我无法从查询中返回用户 ID(uid 或 UserID)。
我已经在该部分中留下了一些我尝试过的评论。
基本上,执行插入/更新的查询嵌套在另一个内部,即 post_assert 内部。我需要将刚刚配置的用户的 iresults.insertId 值和来自第一级查询的 results[0].nid 的结果保存到“cookieData”数组中。
现在,我正在获取 cookie 的其余部分(名字、姓氏、用户名、电子邮件、wwwid、国家和地理位置,但是对于我来说,无法在它之前将 cookieData.userid 属性添加到其中被发送回浏览器。
这是一个 expressJS REST API,将数据发送回 VueJS 应用程序。
我已经尝试过回调和全局变量,但似乎没有任何东西可以将新值添加到数组中。
sp.post_assert(idp, options, function (err, saml_response) {
if (err)
res.redirect('https://www.example.com/');
var sessionID = saml_response.response_header.id;
setCookie(res, req, sessionID);
var refererLocation = req.cookies.referLocation;
// Set User Data Variables
const firstName = saml_response.user.attributes.givenName;
const middleName = null;
const lastName = saml_response.user.attributes.sn;
const username = saml_response.user.attributes.uid;
const email = saml_response.user.attributes.mail;
const wwid = saml_response.user.attributes.employeeID;
const country = saml_response.user.attributes.country;
const geo = saml_response.user.attributes.geographicRegion;
/*function setCookieData(val) {
cookieData.userid = val;
}*/
// let userid;
// Check if user exists in DB
res.locals.connection.query('SELECT * FROM users WHERE username = ?', [username], function (error, results, fields) {
if (error) throw error;
// Get the Current Date-Time for insertion
const accessDateTime = new Date();
const adtYear = accessDateTime.getFullYear();
const adtMonth = accessDateTime.getMonth() + 1;
const adtDay = accessDateTime.getDate();
const adtHour = accessDateTime.getHours();
const adtMin = accessDateTime.getMinutes();
const adtSec = accessDateTime.getSeconds();
const dts = `${adtYear}-${adtMonth}-${adtDay} ${adtHour}:${adtMin}:${adtSec}`;
// let userid;
// If results is empty, then the user who just logged in does not currently have
// an account provisioned, so set them up an account.
if (!(results.hasOwnProperty(0))) {
res.locals.connection.query('INSERT INTO users SET ?', {first_name: firstName, middle_name: middleName, last_name: lastName, username: username, email: email, status: 1, created: dts, access: dts, login: dts}, function (ierror, iresults, ifields){
if (ierror) throw ierror;
// Set the User Data Cookie
// res.locals.userid = iresults.insertId;
// setUserIdValue(iresults[0].insertId);
// res.clearCookie('UserInfo');
// res.cookie('UserInfo', cookieData);
// cookieData.userid=iresults[0].insertId;
// res.cookie('UserInfo', cookieData);
app.locals.userid = iresults[0].insertId;
});
// Else, the result was NOT empty, then the user already exists in the DB,
// so just update their Access and Login DATETIME fields.
} else {
res.locals.connection.query('UPDATE users SET login = ?, access = ? WHERE uid = ?', [dts, dts, results[0].uid], function (ierror, iresults, ifields){
if (ierror) throw ierror;
// userid = results[0].uid;
// Set the User Data Cookie
// res.locals.userid = results[0].uid;
// setUserIdValue(results[0].uid);
// res.clearCookie('UserInfo');
// res.cookie('UserInfo', cookieData);
// cookieData.userid=results[0].uid;
// res.cookie('UserInfo', cookieData);
app.locals.userid = results[0].uid;
});
}
});
const cookieData = {
firstName: firstName,
lastName: lastName,
username: username,
email: email,
wwid: wwid,
country: country,
geo: geo,
userid: app.locals.userid,
};
res.cookie('UserInfo', cookieData);
//Add saml ID to database with expiration date
if (refererLocation != undefined) {
res.clearCookie("referLocation");
res.redirect('https://www.example.com' + refererLocation);
} else {
res.redirect('https://www.example.com/uri');
}
// Save name_id and session_index for logout
// Note: In practice these should be saved in the user session, not globally.
// name_id = saml_response.user.givenName + "," + saml_response.sn;
// session_index = saml_response.user.session_index;
//var first = saml_response.user.attributes.givenName;
//var last = saml_response.user.attributes.sn;
//res.send("Hello, " + first + " " + last);
});编辑(2018 年 9 月 11 日)
我已将其分解为最简单的概念,但仍然无法让它将“userid”值返回到 cookie 中。即使将所有内容都设置为 ASYNC 和 AWAIT。
app.post('/api/v1/saml/acs', function (req, res) {
const options = {
request_body: req.body,
allow_unencrypted_assertion: true
};
sp.post_assert(idp, options, async function (err, saml_response) {
if (err)
res.redirect('https://www.example.com/');
const sessionID = saml_response.response_header.id;
const user = saml_response.user.attributes;
// Set User Data Variables
const firstName = user.givenName;
const middleName = null;
const lastName = user.sn;
const username = user.uid;
const email = user.mail;
const wwid = user.employeeID;
const country = user.country;
const geo = user.geographicRegion;
app.locals.UserData = {
firstName: firstName,
lastName: lastName,
username: username,
email: email,
wwid: wwid,
country: country,
geo: geo,
// userid: '',
};
// Check if user exists in DB
await res.locals.connection.query('SELECT * FROM users WHERE username = ?', [app.locals.UserData.username], async function (error, results, fields) {
if (error) throw error;
// Get the Current Date-Time for insertion
const accessDateTime = new Date();
const adtYear = accessDateTime.getFullYear();
const adtMonth = accessDateTime.getMonth() + 1;
const adtDay = accessDateTime.getDate();
const adtHour = accessDateTime.getHours();
const adtMin = accessDateTime.getMinutes();
const adtSec = accessDateTime.getSeconds();
const dts = `${adtYear}-${adtMonth}-${adtDay} ${adtHour}:${adtMin}:${adtSec}`;
// If results is empty, then the user who just logged in does not currently have
// an account provisioned, so set them up an account.
if (!(results.hasOwnProperty(0))) {
await res.locals.connection.query('INSERT INTO users SET ?', {first_name: app.locals.UserData.firstName, middle_name: app.locals.UserData.middleName, last_name: app.locals.UserData.lastName, username: app.locals.UserData.username, email: app.locals.UserData.email, status: 1, created: dts, access: dts, login: dts}, async function (ierror, iresults, ifields){
if (ierror) throw ierror;
app.locals.UserData.userid = 22;
// app.locals.UserData.userid = iresults.insertID;
});
} else {
await res.locals.connection.query('UPDATE users SET login = ?, access = ? WHERE uid = ?', [dts, dts, results[0].uid], async function (ierror, iresults, ifields){
if (ierror) throw ierror;
app.locals.UserData.userid = 44;
// app.locals.UserData.userid = results[0].uid;
});
}
});
// Set User Session Cookie
res.cookie('UserData', app.locals.UserData);
// Set SAML Session Cookie
setCookie(res, req, sessionID);
// Get the referrer location
var refererLocation = req.cookies.referLocation;
// If it is undefined, then send the user back to where they started the Sign On process.
if (refererLocation != undefined) {
res.clearCookie("referLocation");
res.redirect('https://www.example.com' + refererLocation);
} else {
res.redirect('https://www.example.com/uri');
}
});
});对 dmfay 的回应
我相信我已经听从了您的建议,但它仍然没有返回 'userid' 属性。
我已将“下一个”参数添加到
app.post('/api/va/saml/acs', function (){...});
并在末尾添加了一个“next()”调用
sp.post_assert(idp, options, async function(...){
// logic here with nested calls trying to update app.locals.UserData
next();
});
我还尝试了 post_assert 之外的“next()”调用,我收到了以下消息:
Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
更新后的代码见下文。
app.post('/api/v1/saml/acs', function (req, res, next) {
const options = {
request_body: req.body,
allow_unencrypted_assertion: true
};
sp.post_assert(idp, options, async function (err, saml_response) {
if (err)
res.redirect('https://www.example.com/');
const sessionID = saml_response.response_header.id;
const user = saml_response.user.attributes;
// Set User Data Variables
const firstName = user.givenName;
const middleName = null;
const lastName = user.sn;
const username = user.uid;
const email = user.mail;
const wwid = user.employeeID;
const country = user.country;
const geo = user.geographicRegion;
app.locals.UserData = {
firstName: firstName,
lastName: lastName,
username: username,
email: email,
wwid: wwid,
country: country,
geo: geo,
// userid: '',
};
// Check if user exists in DB
await res.locals.connection.query('SELECT * FROM users WHERE username = ?', [app.locals.UserData.username], async function (error, results, fields) {
if (error) throw error;
// Get the Current Date-Time for insertion
const accessDateTime = new Date();
const adtYear = accessDateTime.getFullYear();
const adtMonth = accessDateTime.getMonth() + 1;
const adtDay = accessDateTime.getDate();
const adtHour = accessDateTime.getHours();
const adtMin = accessDateTime.getMinutes();
const adtSec = accessDateTime.getSeconds();
const dts = `${adtYear}-${adtMonth}-${adtDay} ${adtHour}:${adtMin}:${adtSec}`;
// If results is empty, then the user who just logged in does not currently have
// an account provisioned, so set them up an account.
if (!(results.hasOwnProperty(0))) {
await res.locals.connection.query('INSERT INTO users SET ?', {first_name: app.locals.UserData.firstName, middle_name: app.locals.UserData.middleName, last_name: app.locals.UserData.lastName, username: app.locals.UserData.username, email: app.locals.UserData.email, status: 1, created: dts, access: dts, login: dts}, async function (ierror, iresults, ifields){
if (ierror) throw ierror;
app.locals.UserData.userid = 22;
// app.locals.UserData.userid = iresults.insertID;
});
} else {
await res.locals.connection.query('UPDATE users SET login = ?, access = ? WHERE uid = ?', [dts, dts, results[0].uid], async function (ierror, iresults, ifields){
if (ierror) throw ierror;
app.locals.UserData.userid = 44;
// app.locals.UserData.userid = results[0].uid;
});
}
});
// Set User Session Cookie
res.cookie('UserData', app.locals.UserData);
// Set SAML Session Cookie
setCookie(res, req, sessionID);
// Get the referrer location
var refererLocation = req.cookies.referLocation;
// If it is undefined, then send the user back to where they started the Sign On process.
if (refererLocation != undefined) {
res.clearCookie("referLocation");
res.redirect('https://www.example.com' + refererLocation);
} else {
res.redirect('https://www.example.com/uri');
}
next();
});
});工作代码
感谢 DMFAY 和 BennetQuigley。此问题已解决。
工作解决方案在下面评论。
app.post('/api/v1/saml/acs', function (req, res, next) {
const options = {
request_body: req.body,
allow_unencrypted_assertion: true
};
sp.post_assert(idp, options, function (err, saml_response) {
if (err)
res.redirect('https://www.example.com/');
// Get the Sessions ID
const sessionID = saml_response.response_header.id;
// Set the returned User Info to a Variable
const user = saml_response.user.attributes;
// Set the app.locals.UserData variable
app.locals.UserData = {
firstName: user.givenName,
middleName: null,
lastName: user.sn,
username: user.uid,
email: user.mail,
wwid: user.employeeID,
country: user.country,
geo: user.geographicRegion,
};
// Check if user exists in DB
res.locals.connection.query('SELECT * FROM users WHERE username = ?', [app.locals.UserData.username], function (error, results, fields) {
if (error) throw error;
// Get the Current Date-Time for Insert/Update of user logon history
const accessDateTime = new Date();
const adtYear = accessDateTime.getFullYear();
const adtMonth = accessDateTime.getMonth() + 1;
const adtDay = accessDateTime.getDate();
const adtHour = accessDateTime.getHours();
const adtMin = accessDateTime.getMinutes();
const adtSec = accessDateTime.getSeconds();
const dts = `${adtYear}-${adtMonth}-${adtDay} ${adtHour}:${adtMin}:${adtSec}`;
// If results is empty, then the user who just logged in does not currently have
// an account provisioned, so set them up an account.
if (!(results.hasOwnProperty(0))) {
res.locals.connection.query('INSERT INTO users SET ?', {
first_name: app.locals.UserData.firstName,
middle_name: app.locals.UserData.middleName,
last_name: app.locals.UserData.lastName,
username: app.locals.UserData.username,
email: app.locals.UserData.email,
status: 1,
created: dts,
access: dts,
login: dts
}, function (ierror, iresults, ifields){
if (ierror) throw ierror;
// set the app.locals.UserData.userid value to the newly inserted ID
app.locals.UserData.userid = `["${iresults.insertID}"]`;
// From here to 'next()' has to be repeated in both cases
// 'next()' must be used to return the values and actions to the parent
// Call.
// Set User Session Cookie
res.cookie('UserData', app.locals.UserData);
// Set SAML Session Cookie
setCookie(res, req, sessionID);
// Get the referrer location
var refererLocation = req.cookies.referLocation;
// If it is undefined, then send the user back to where they started the Sign On process.
if (refererLocation != undefined) {
res.clearCookie("referLocation");
res.redirect('https://clpstaging.mcafee.com' + refererLocation);
} else {
res.redirect('https://clpstaging.mcafee.com/clp');
}
// Tell the callback to move forward with the actions.
next();
});
} else {
res.locals.connection.query('UPDATE users SET login = ?, access = ? WHERE uid = ?', [dts, dts, results[0].uid], function (ierror, iresults, ifields){
if (ierror) throw ierror;
// Set the app.locals.UserData.userid to the Users PK
app.locals.UserData.userid = results[0].uid;
// From here to 'next()' has to be repeated in both cases
// 'next()' must be used to return the values and actions to the parent
// Call.
// Set User Session Cookie
res.cookie('UserData', app.locals.UserData);
// Set SAML Session Cookie
setCookie(res, req, sessionID);
// Get the referrer location
var refererLocation = req.cookies.referLocation;
// If it is undefined, then send the user back to where they started the Sign On process.
if (refererLocation != undefined) {
res.clearCookie("referLocation");
res.redirect('https://www.example.com' + refererLocation);
} else {
res.redirect('https://www.example.com/uri');
}
// Tell the callback to move forward with the actions.
next();
});
}
});
});
});【问题讨论】:
-
仍在寻求这方面的帮助。我什至尝试将每个级别拆分为它自己的 ASYNC 函数,并在每个内部函数或调用上强制等待。
-
哎呀,我没有注意到你的结构中的其他内容 - 从
res.cookie('UserData', ...)开始的所有内容都需要 insideSELECT查询回调,而不仅仅是在内部post_assert回调。 Bennett 提到,只要你使用的所有东西都有一个 Promise API,Promise 就是避免这种“末日金字塔”效应回调的好方法。 -
当我将 res.cookie('UserData', ...) 中的所有内容放入其他任何一个 res.locals.connection.query() 回调中时,我收到错误消息:` Error [ERR_HTTP_HEADERS_SENT ]: 发送到客户端后无法设置标头`我已将其放在 if
(!(results.hasOwnProperty(0))){...}检查的 IF 和 ELSE 语句中以及直接在 else 语句之后。在 if 语句内部,我也在嵌套的res.locals.connection.query(''){...}调用之后和内部直接尝试过,所有这些都给了我与上面相同的错误。 -
每次执行路径到达回调时,您不应该在该回调之后和之外执行任何其他操作。现在你要 post_assert -> 选择 -> 插入或更新(我的错,没有喝咖啡)。如果您需要在插入/更新回调中设置本地人,那么这就是您需要设置 cookie 的地方(两个地方)。也使这些异步函数真的没有做任何事情,异步函数等待承诺并且你没有使用承诺。
-
完美。这行得通,非常感谢你们。我会将最终的工作代码放入问题的更新中。
标签: node.js express session-cookies