I am trying to render a view after a login validation form has created a session after successful credentials have been entered.
This view must only be accessible after the login procedure, but when I type in the url (127.0.0.1:3000/newsfeed) the 'newsfeed' page is loaded and bypasses the login. I understand that this could be an issue related to routes but I can not get it to work.
//session
app.use(session({
secret: 'secret',
resave: true,
saveUninitialized: true
}))
app.use(bodyParser.urlencoded({extended : true}));
app.use(bodyParser.json());
app.get('/', function(request, response) {
response.sendFile(path.join(__dirname + '/'));
});
// Checking credentials
app.post('/auth', function(request, response) {
var username = request.body.username;
var password = request.body.password;
if (username && password) {
connection.query('SELECT * FROM accounts WHERE username = ? AND password
= ?', [username, password], function(error, results, fields) {
if (results.length > 0) {
request.session.loggedin = true;
request.session.username = username;
response.redirect('authres');
} else {
response.send('Incorrect Username and/or Password!');
}
response.end();
});
} else {
response.send('Please enter Username and Password!');
response.end();
}
});
//**Would like page to appear here instead of text**
app.get('/authres', function(request, response) {
if (request.session.loggedin) {
response.send('Welcome back, ' + request.session.username + '!');
} else {
response.send('Please login to view this page!');
}
response.end();
});
Methods in app.js
//uses routes
app.use('/', indexRouter);
app.use('/users', usersRouter);
app.use('/newsfeed', newsfeedRouter);
index.js route for the log in
router.get('/', function(req, res, next) {
res.render('index');
});
newsfeed.js route for newsfeed page
router.get('/', function(req, res, next) {
res.render('newsfeed');
});
router.get('/', function(req, res, next) {
res.render(req.session.loggedin?"newsfeed":"index");
});
If the user is logged in this will render the newsfeed view.
Related
After implementing using passport-local not able to open profile page
I'm getting this below error
This page isn’t workinglocalhost redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
passport-local-strategy.js
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const User = require('../models/user');
passport.use(new LocalStrategy({
usernameField: 'email'
},
function(email, password, done){
User.findOne({email: email}, function(err, user){
if(err){
console.log('Error in finding user --> Passport');
return done(err);
}
if(!user || user.password!=password){
console.log("Invalid username/password");
return done(null, false);
}
return done(null, user);
});
}
));
// serialize user function
passport.serializeUser(function(user, done){
done(null, user.id);
});
//deserialize the user fn
passport.deserializeUser(function(id, done){
User.findById(id, function(err, user){
if(err){
console.log("Error in finding user --> passport");
return done(err);
}
return done(null, user);
});
});
// check if user is authenticated
passport.checkAuthenticated = function(req, res, next){
if(req.isAuthenticated()){
return next();
}
// if the user is not signed in
return res.redirect('/users/sign-in');
}
passport.setAuthenticatedUser = function(req, res, next){
if(req.isAuthenticated()){
// req.user contains current signed in user data from the login page
res.locals.user = req.user;
}
next();
}
module.exports = passport;
users_controller.js
const User = require('../models/user')
module.exports.profile = function(req, res){
if(req.cookies.user_id){
User.findById(req.cookies.user_id, function(err, user){
if(user){
return res.render('profile',{
title:"Profile",
user:user
});
}
else{
return res.redirect('/users/sign-in')
}
})
}
else{
return res.redirect('/users/sign-in');
}
}
// render the sign up and in page
module.exports.signUp = function(req, res){
if(req.isAuthenticated()){
return res.redirect('/users/profile')
}
return res.render('user_sign_up', {
title: "Codeial | Sign Up"
})
}
module.exports.signIn = function(req, res){
if(req.isAuthenticated()){
return res.redirect('/users/profile')
}
return res.render('user_sign_in', {
title: "Codeial | Sign In"
})
}
// get the sign up data
module.exports.create = function(req, res){
if(req.body.password != req.body.confirm_password){
return res.redirect('back')
}
User.findOne({email:req.body.email}, function(err, user){
if(err){console.log('error in finding user in signing up'); return;}
if(!user){
User.create(req.body, function(err, user){
if(err){console.log('error in finding user in signing up'); return;}
return res.redirect('/users/sign-in')
})
}
else{
return res.redirect('back')
}
})
}
module.exports.createSession = function(req, res){
return res.redirect('/');
}
users.js
const express = require('express')
const router = express.Router();
const passport = require('passport');
const usersController = require('../controllers/users_controller');
router.get('/profile',passport.checkAuthenticated,usersController.profile)
router.get('/sign-up', usersController.signUp);
router.get('/sign-in', usersController.signIn);
// in above all codes after get('/sign-up') means when we type the keyword sign-up in the browser we need to render the folllowing page which is userController.signUp
// we are using users_controller.js file by importing
router.post('/create', usersController.create);
router.post('/create-session',passport.authenticate(
'local',
{failureRedirect: '/users/sign-in'},
),usersController.createSession);
// above line post create-session is forms action in user_sign_in.ejs file - when we submit the data of the form the post method is invoked
module.exports = router;
mongoose.js
const mongoose = require('mongoose')
mongoose.connect('mongodb://localhost/codeial_development')
const db = mongoose.connection;
db.on('error', console.error.bind(console, "Error connecting to MongoDb"));
db.once('open', function(){
console.log('connected to the database :: MongoDB ')
})
module.exports = db;
index.js
const express = require('express');
const cookieParser = require('cookie-parser');
const app = express();
const port = 8000;
const expressLayouts = require('express-ejs-layouts');
const db = require('./config/mongoose')
const session = require('express-session');
const passport = require('passport');
const passportLocal = require('./config/passport-local-strategy')
const MongoStore = require('connect-mongodb-session')(session)
app.use(express.urlencoded());
/* is a method inbuilt in express to recognize the incoming
Request Object as strings or arrays. This method is called as a
middleware in your application using the code*/
app.use(cookieParser());
app.use(express.static('./assets'));
app.use(expressLayouts);
// extact style and scripts from subpages into the layout
app.set('layout extractStyles', true)
app.set('layout extractScripts', true)
app.set('view engine', 'ejs');
app.set('views','./views')
app.use(session({
name: 'codeial',
secret:'blahsomeone',
saveUninitialized:false,
resave:false,
cookie:{
maxAge: (1000 * 60 * 100)
},
store: new MongoStore({
// mongooseConnection:db
mongoUrl: db._connectionString,
autoRemove: 'disabled'
}, function(err){
console.log(err || 'connect-mongo setup ok')
})
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(passport.setAuthenticatedUser);
// use express router
app.use('/', require('./routes'));
app.listen(port, function(err){
if(err){console.log(`Error running the server: ${err}`)};
console.log(`Server is running on port: ${port}`);
})
I'm not able to view profile page, its redirecting or getting this error
This page isn’t workinglocalhost redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
my app.js not working as i think. so, after i register for a new one, it will send to my MongoDB and take me directly to the page2 but it is taking back to the home page and when i type in and click on login, it will have the error "This site can’t be reached" on localhost:8080/processLogin. im not sure how to fix them. i think errors are on function checkLogin(req, res, user, password) and app.post('/processReg', function(req, res)
app.js
var express = require('express'),
handlebars = require('express-handlebars').create({ defaultLayout: 'main' }),
cookieParser = require('cookie-parser'),
sessions = require('express-session'),
bodyParser = require('body-parser'),
https = require('https'),
fs = require('fs'),
md5 = require('md5'),
mongoose = require('mongoose'),
credentials = require('./credentials'),
Users = require('./models/uCredentials.js');
// load env variables
const dotenv = require("dotenv");
dotenv.config();
var app = express();
//db connection
mongoose
.connect(process.env.MONGO_URI, {
useUnifiedTopology: true,
useNewUrlParser: true,
})
.then(() => console.log("DB Connected"));
mongoose.connection.on("error", (err) => {
console.log(`DB connection error: ${err.message}`);
});
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser(credentials.cookieSecret));
app.use(sessions({
resave: true,
saveUninitialized: false,
secret: credentials.cookieSecret,
cookie: { maxAge: 3600000 },
}));
app.engine('handlebars', handlebars.engine);
app.set('view engine', 'handlebars');
app.set('port', process.env.PORT || 3100);
app.get('/', function(req, res) {
res.render('login');
});
function checklogin(req, res, user, password) {
//implementation of this function
Users.findOne({ uname: user }, function(err, user) {
if (err) {
console.log(err);
res.send({ 'message': 'Login successfully!' });
} else {
res.send({ 'message': 'Username or password do not match our records. Please try again or register if you are a new user!' });
}
});
};
app.post('/processLogin', function(req, res) {
//Determine if user is registering
if (req.body.buttonVar == 'login') {
checklogin(req, res, req.body.uname.trim(), req.body.pword.trim())
} else {
res.redirect(303, 'register');
}
});
app.post('/processReg', function(req, res) {
//implement this end point
if (req.body.pword.trim() == req.body.pword2.trim()) {
const user = new Users({ uname: req.body.uname, pass: req.body.pword });
console.log('Creating new user ', req.body);
user.save((err, toDB) => {
if (err) {
return res.status(400).json({ error: err });
}
res.status(200).json({ user: toDB });
});
res.redirect(303, 'page2');
} else {
res.render('register', { message: 'The two passwords are not the same !' });
}
});
app.get('/home', function(req, res) {
if (req.session.userName) {
res.render('home');
} else {
res.render('login', { message: 'Please login to access the home page' });
}
});
app.get('/page2', function(req, res) {
if (req.session.userName) {
res.render('page2');
} else {
res.render('login', { message: 'Please login to access the second page' });
}
});
app.get('/register', function(req, res) {
res.render('register');
});
app.get('/logout', function(req, res) {
delete req.session.userName;
res.redirect(303, '/');
});
app.listen(app.get('port'), function() {
console.log('Express started on http://localhost:' + app.get('port') + '; press Ctrl-C to terminate');
});
process.on('unhandledRejection', error => {
// Will print "unhandledRejection err is not defined"
console.log('unhandledRejection', error.message);
});
callback logic for findOne query is wrong. check this out async/await For checkLoging function try using this:
async function checklogin(req, res, user, password) {
try {
//implementation of this function
const user = await Users.findOne({ uname: user }).exec();
if (!user) {
res.send({ 'message': 'Username or password do not match our records. Please try again or register if you are a new user!' });
}
res.send({ 'message': 'Login successfully!' });
} catch (err) {
console.log(err.message)
}
};
If you don't want to use Async/await (which I recomend for mongodb queries) you can use this:
function checklogin(req, res, user, password) {
//implementation of this function
Users.findOne({ uname: user }, function(err, user) {
if (err) {
console.log(err);
res.send({ 'message': 'Username or password do not match our records. Please try again or register if you are a new user!' });
}
res.send({ 'message': 'Login successfully!' });
});
};
I have a server set up to authenticate user login, so far I was able to successfully authenticate user and redirect them to the success page (as well as redirect them back to the login page if failed). However, I can't use my own express middleware to restrict user if they are not logged in, for some reason my req.isAuthenticate() check in the middleware is always false. I feel like my session info is not stored when logging in, but I'm not sure.
Here's my setup (note that I use express-flash-2 instead of connect-flash therefore the req.flash())
In server.js
// ...
var flash = require('express-flash-2');
var session = require('express-session');
var passport = require('passport');
// ...
server.use(session({
secret: 'keyboard cat',
resave: true,
saveUninitialized: true
}));
server.use(flash());
server.use(passport.initialize());
server.use(passport.session());
passport.use(auth_controller.authStrategy);
passport.serializeUser(auth_controller.authSerializer);
passport.deserializeUser(auth_controller.authDeserializer);
server.get('/maintenance_login', (req, res) => {
res.render('login');
});
server.post('/maintenance_login', passport.authenticate('local', {
successRedirect: '/maintenance',
failureRedirect: '/maintenance_login',
failureFlash: true
}));
// This does basically the same as above
// server.post('/maintenance_login', (req, res, next) => {
// passport.authenticate('local', function(err, user, info) {
// if (err) { return next(err); }
// if (!user) { return res.redirect('/maintenance_login'); }
//
// req.logIn(user, function(err) {
// if (err) { return next(err); }
// console.log('is authenticated?: ' + req.user); // this returns true
// return res.redirect('/maintenance');
// });
// })(req, res, next);
// });
server.get('/maintenance:query?', auth_controller.restrict, maintenance_controller.maintenance_list);
In auth_controller.js
var passport = require('passport');
var LocalStrategy = require('passport-local');
var User = require('../models/user');
exports.authStrategy = new LocalStrategy({
usernameField: 'email',
passwordField: 'password'
}, function (email, password, done) {
User.authenticate(email, password, function(err, user) {
// success message
// error message
done(err, user, err ? { message: err.message } : null);
});
});
exports.authSerializer = function(user, done) {
done(null, user.id);
};
exports.authDeserializer = function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
};
exports.restrict = function (req, res, next) {
console.log('is authenticated?: ' + req.isAuthenticated()); // This always returns false
if (req.isUnauthenticated()) {
res.flash('error', 'Access denied, please log in.');
return res.redirect('/maintenance_login');
}
return next();
}
Again, my issue is that whenever I was successfully logged in, I got kicked back to /maintenance_login and the flash showing "Access denied, please log in.". Which means that req.isUnauthenticated() in the restrict middleware returns true.
Any ideas?
Well, it turns out that missing the .Strategy is crucial. Changing var LocalStrategy = require('passport-local'); to var LocalStrategy = require('passport-local').Strategy; fixes this issue. Incase anyone else is having the same problem.
I have started developing little project where I have React with Redux on the client side, and the backend is being done with Node, Express and Passport.js
I will try to describe best What I am struggling with for some hours.
after authentication, when user is being send from server to client, field req.session.passport is set, along with req.user. but when i do next request, no matter is it logout or for example /something/add these fields are undefined.
when authenticating, serializeUser is being called, but deserializeUser not and i dont think it should here, maybe im wrong. as far as I went into debugging the problem, req.login is being called too.
on the next requests it seems that passport isnt doing anything, and i'm out of ideas and anwsers from SO and google. i didnt try the custom callback.
req.session just before sending anwser to client looks like:
Session {
cookie:
{ path: '/',
_expires: 2017-01-11T02:31:49.235Z,
originalMaxAge: 14400000,
httpOnly: false,
secure: false } }
the code on the server side is:
passport.serializeUser(function(user, done) {
done(null, user._id);
});
passport.deserializeUser(function(id, done) {
global.Models.User.findById(id, function(err, user) {
done(err, user);
});
});
passport.use(new LocalStrategy(
{
usernameField: 'login',
passwordField: 'password',
passReqToCallback: true
},
function(req, login, password, done) {
global.Models.User.logIn({login: login, password: password}, function(err, user){
if(err){
done(err);
}
else{
done(null, user);
}
});
}
));
var app = express();
var router = express.Router();
router.use(cookieParser());
router.use(bodyParser.urlencoded({extended: false}));
router.use(bodyParser.json());
router.use(session({
cookie : {
secure : false,
maxAge : (4 * 60 * 60 * 1000),
httpOnly: false
},
secret: this._config.session.secret,
resave: false,
saveUninitialized: true
}));
router.use(passport.initialize());
router.use(passport.session());
require('./Router')();
app.use(router);
session object here is the express-session. code under is the Router.js required above
var User = require('../Models/User');
var News = require('../Models/News');
var passport = global.Application.getInstanceOf("passport");
function setRoutes(){
router.use(function (req, res, next) {
var log = global.Application.getInstanceOf("logger");
var clientIP = req.headers['x-forwarded-for'] ||
req.connection.remoteAddress ||
req.socket.remoteAddress ||
req.connection.socket.remoteAddress;
log.log("info", req.method + " request from ip: " + clientIP);
res.header('Access-Control-Allow-Origin', 'http://localhost:8080');
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH,OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
if('OPTIONS' == req.method){
res.sendStatus(200);
}
else{
next();
}
});
router.get('/ping', function(req, res){
res.send('ping');
});
router.get('/login/:login', (req, res) => {
Database.client.query(Database.queries.USER_LOGIN, {login: req.params.login}, {useArray: true},
(err, rows) => {
if(err){
res.send({error: "ERROR_DATABASE"});
}
else{
res.send(rows[0][0]);
}
});
});
router.post('/login', passport.authenticate('local', {session: true}),
function(req, res){
console.log(req.session);
req.session.save();
res.send(req.user);
}
);
router.post('/register', (req, res) => {
User.create(req.body, (err, result) => {
if(err){
res.send({error: "ERROR_DATABASE"});
}
res.send(result);
});
});
router.get('/logout', function(req, res){
console.log(req.session);
req.logout();
res.sendStatus(200);
});
router.post('/cms/article', isAuthenticated, (req, res) => {
res.send("BLA");
});
function isAuthenticated(req, res, next){
console.log(req.user);
console.log(req.session);
console.log(req.session.passport);
if(req.isAuthenticated()){
next();
}
else{
res.send("OK");
}
}
}
module.exports = setRoutes;
I have solved the problem.
Explanation:
Cookie was being sent by express to client, but it wasn't saved. For that, it needed change from using $.post to $.ajax with xhrFields option set to {withCredentials: true}.
Aside from that, the problem could also be that, that cookieParser probably need to know cookie secret too now.
Server side code:
var User = require("./models/user");
var express = require('express'),
app = express(),
Account = require("./models/account"),
mongoose = require('mongoose'),
passport = require("passport"),
basicAuth = require('basic-auth'),
bodyParser = require("body-parser"),
LocalStrategy = require("passport-local"),
passportLocalMongoose = require("passport-local-mongoose"); //libraries
mongoose.connect("mongodb://localhost/test");
app.set('view engine', 'ejs'); //using engine of ejs file
app.use(bodyParser.urlencoded({extended: true}));
app.use(require("express-session")({
secret: "kiss my ass",
resave: false,
saveUninitialized: false
}));
app.use(passport.initialize());
app.use(passport.session());
passport.use(new LocalStrategy(Account.authenticate()));
passport.serializeUser(Account.serializeUser());
passport.deserializeUser(Account.deserializeUser());
// AUTH Routes
//create account success
app.get('/success', function (req, res) {
res.render('success');
});
// deleteUser form
app.get("/delete", function(req, res, next) {
res.render("deleteuser");
});
app.get("/viewall", function(req, res, next) {
res.render("viewall");
});
//view all User form
app.get('/view', function (req, res) {
console.log('getting all user');
Account.find({})
.exec(function(err, results) {
if(err) {
res.send('error has occured');
}else{
console.log(results);
res.json(results);
}
});
});
app.get('/viewall/:id', function (req, res) {
console.log('getting one user');
Account.findOne({
_id:req.params.id
})
.exec(function(err, account) {
if(err) {
res.send('error occured');
}else{
console.log(account);
res.json(account);
}
})
})
// LOGIN for user
// render login form
app.get("/", function(req, res) {
res.render("login");
});
//login for user
//middleware
app.post("/login", passport.authenticate("local", {
successRedirect: "http://localhost:8082/viewImage.html",
failureRedirect: "http://localhost:8081/error"
}), function(req, res) {
});
//logout from basicauth
app.get('/logout', function (req, res) {
res.set('WWW-Authenticate', 'Basic realm=Authenticate Required');
return res.sendStatus(401);
// res.send("<a href='/login'>Show Users</a>");
});
//basicauth for admin login
var auth = function (req, res, next) {
function unauthorized(res) {
res.set('WWW-Authenticate', 'Basic realm=Authenticate Required');
return res.send(401);
};
var user = basicAuth(req);
if (!user || !user.name || !user.pass) {
return unauthorized(res);
};
if (user.name === 'admin' && user.pass === 'admin123') {
return next();
} else {
return unauthorized(res);
};
};
//LOGIN for admin
//render login form
app.get("/register", auth, function(req, res) {
res.render("register");
});
// register post
app.post("/register", function(req,res){
Account.register(new Account({username: req.body.username}), req.body.password, function(err, user){
if(err){
console.log(err);
return res.render('/register');
}
passport.authenticate("local")(req, res, function(){
res.redirect("/success");
});
});
});
app.listen(8081, function () {
console.log('ImageViewer listening on port 8081!');
});
JS code:
$scope.delete = function (data) {
if (confirm('Do you really want to delete?')){
$window.location.reload();
$http['delete']('/viewall/' + data._id).success(function() {
$scope.users.splice($scope.users.indexOf(data), 1);
});
}
};
html code:
<tr ng-repeat="user in users | filter:searchBox | orderBy:'+username'">
<td>{{user._id}}</td>
<td>{{user.username}}</td>
<td><button class="btn btn-primary" ng-click="delete(user)">Delete</button></td>
This is the error i got:
DELETE
XHR
http://localhost:8081/viewall/5784919136ccb93d0ba78d4b [HTTP/1.1 404 Not Found 8ms]
But when i run the url of http://localhost:8081/viewall/5784919136ccb93d0ba78d4b and it does give me the data:
{"_id":"5784919136ccb93d0ba78d4b","username":"qs","__v":0}
Anybody can help me? don't know what's with the error404 when i'm able to get the data.
You have no route for '/viewall/:id' with DELETE verb. So you should add route with DELETE verb. like
app.delete('/viewall/:id',function(req,res){
// rest of code here
// assume your model name Account
Account.remove({ _id: req.params.id },function(err,doc) {
if(err) {
return res.status(400).send({msg: 'Error occurred during delete account'});
}
return res.status(200).send({msg: 'Successfully deleted'});
});
}
and you should reload after success in your angular controller. like
$http['delete']('/viewall/' + data._id).then(function(response) {
$scope.users.splice($scope.users.indexOf(data), 1);
$window.location.reload();
});