this is probably some basic mistake but I am watching tutorial and even though I think I done everything exactly like I should after submitting login form I am redirected to the "failureRedirect" page. When I looked at source code in passport module I something.
After this:
Strategy.prototype.authenticate = function(req, options) {
options = options || {};
var username = lookup(req.body, this._usernameField) || lookup(req.query, this._usernameField);
var password = lookup(req.body, this._passwordField) || lookup(req.query, this._passwordField);
//I added:
console.log("U-> " + username);
console.log("P-> " + password);
console says
U-> null
P-> null
Then after this, rest is not executed.
if (!username || !password) {
return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);
}
I am not sure which parts of code should I post here. Maybe this can help
passport.use(new LocalStrategy(
function(username, password, done){
console.log("passport.use new LocalStrategy"); //never gets executed
//never gets executed
User.getUserByUsername(username, function(err, user){
if (err) throw err;
if(!user) {
console.log("Unknown user");
return done(null, false, {message: "Uknkown User"});
}
User.comparePassword(password, user.password, function(err, isMatch){
if (err) throw err;
if (isMatch) {
return done(null, user);
} else {
console.log("invalid Pass");
return done(null, false, {message: "Invalid Password"});
}
});
});
}));
router.post("/login", passport.authenticate("local", {failureRedirect:"/users/login/err", failureFlash:"invalid username or pass"}), function(req, res){
console.log("Authenticated OK");
req.flash("success", "You are logged in");
res.redirect("/xx");
});
I am not sure about the exact implementation that you are doing. Probably you are overriding the authenticate functionality using the prototype pattern.
However, Authentication using Passportjs is simple. I have done one recently in my side project. Please go through the below link with my own experience on implementing Passportjs
I have a well documented artcile that i wrote on my tech blog. Hope this helps you
// complete code for the exmaple node rest api authentication using passport
var express = require('express');
var passport = require('passport');
var passportHttp = require('passport-http');
var basicStrategy = passportHttp.BasicStrategy; // using the basic authentication
var app = express();
app.get('/',function(req,res){
res.send("There you go");
});
app.use(passport.initialize()); // initialize and use it in express
passport.use(new passportHttp.BasicStrategy(function(username,password,done) {
if(username === password){
done(null,username); //null means no error and return is the username
}
else{
return done(null,'there is no entry for you!'); // null means nothing to say,
//no error. 2nd is the custom statement business rule
}
}));
// this function hits first when there is an API call.
function ensureAuthenticated(req,res,next){
if(req.isAuthenticated()){
next();
// next redirects the user to the next api function waiting to be executed in the express framework
}else{
res.sendStatus(403); //forbidden || unauthorized
}
};
// this means all the API calls that hit via mydomain.com/api/ uses this authentication.
//session is false, because its a HTTP API call.
// setting this helps passport to skip the check if its an API call or a session web call
app.use('/api',passport.authenticate('basic',{session:false}));
// this is served the user once the authentication is a susccess
app.get('/api/data',ensureAuthenticated,function(req,res){
var somevalue = [{name: 'foo'},
{name: 'bar'},
{name: 'baz'}];
res.send(somevalue);
});
app.listen(3250);
console.log('listening to port on ' + 3250);
Related
I'm having some trouble with using Passport for authentication.
I've defined my signup strategy as follows:
passport.use('local_signup', new localStrategy({
usernameField: 'username',
passwordField:'password',
passReqToCallback: true
},function(req,username, password,done){
User.findOne({username: username},function(err,user){
if(err){
console.log(err);
} else{
if(user){
console.log("user exists.")
}
else{
const newUser = new User();
newUser.email = req.body.email;
newUser.password =req.body.password;
newUser.username = req.body.user_name;
newUser.first_name = req.body.first_name;
newUser.last_name = req.body.last_name;
newUser.save(function(err){
if(err){
console.log(err);
}else{
console.log('success');
}
})
}
}
})
})
)
I've then called this strategy in my register route
app.post('/register', passport.authenticate('local_signup', {
successRedirect : '/drinks',
failureRedirect : '/register',
failureFlash : true
}));
If the authentication was successful it should trigger the drinks route
app.get('/drinks',function(req,res){
if(req.isAuthenticated()){
res.render('start');
} else {
res.redirect('/login')
}
})
successRedirect isn't redirecting to the desired page. It remains stuck on the register route. The populated users however are showing up on my database so at least my strategy is working. I don't know how to debug this. Any help would be appreciated. Thanks
You are not making use of done(). From what I understand, it is an exit point from the strategy code and letting the flow go to success or failure based on the params you pass in it. It is a param in your callback in your strategy implementation code. It is something internal to passport.
Call it like this in case of success:
return done(null, newUser);
Call it like this in case of error:
done(err);
I'm building an express js api with passport js, and in order to be able to return custom error messsages formatted as json I'm using custom callbacks.
When I provide an unknown email the custom callback I wrote is called 3 times, resulting in Unhandled rejection Error: Can't set headers after they are sent.. Which makes sense.
Any help is appreciated.
Here is my implementation:
Strategy:
const localLoginStrategy = new LocalStrategy({
usernameField: "emailAddress"
}, (emailAddress, password, done) => {
// Called once
User.findOne({
where: { emailAddress }
}).then((existingUser) => {
// Called once
if (!existingUser) { return done(null, false, { message: "Invalid email/password combination", status: 401 }); }
return existingUser.comparePassword(password);
}).then((userData) => {
return done(null, userData);
}).catch((err) => {
return done(null, false, { message: "Invalid email/password combination", status: 401 });
});
});
passport.use(localLoginStrategy);
Express middleware for authentication using custom callback:
const requireUsernamePassword = (req, res, next) => {
if(!req.body.emailAddress || !req.body.password) {
return res.status(400).json({ message: "No emailAddress and/or password provided" });
}
// Called once
passport.authenticate("local", { session: false }, (err, user, info) => {
// Called three times!
console.log("authenticate callback")
if (!user || err) {
return res
.status(info.status || 400)
.json({ message: info.message || "Authentication error" });
}
req.user = user;
return next();
})(req, res, next);
};
To check your mandatory request body fields create one generic middleware that will check required field and return appropriate return code. Just like below.
module.exports = function checkParams(params) {
params = params || [];
return function(req, res, next) {
var valid = true;
if(Array.isArray(params)) {
params.forEach(function(_param) {
valid = valid && !!req.body[_param];
});
}
if (valid) { next() } else {return res.status(400).end();} //this is for missing required parameters
};
};
Now lets say for example you have two APIs. Login and CreateUser. API routes should looks like below
app.post('/Login', checkParams(['emailAddress', 'password']), passport.authenticate('local', { failureRedirect: '/login' }), actualLoginMethod);
app.post('/CreateUser', checkParams(['userName', 'Phone']), passport.authenticate('local', { failureRedirect: '/login' }), actualCreateUserMethod);
If either of these parameter (userName and Phone in /CreateUser + emailAddress and password in /Login) is missing then it will return 400 status and stop execution from that point, you may change the checkParams's logic as per your need.
If required parameters are available then it will check JWT local strategy. Once request is through to both the check points then it will call actual method.
Hope this might help you.
You are calling the done function multiple times.
I believe when you call return done(...) in the then method, the next then will call done again.
So that's why your callback function from requireUsernamePassword has been called more then one time.
Hope it helps.
My problem is that I'm getting the error "Error: Failed to serialize user into session". I'm confused, because I've set a serializeUser function, but it doesn't appear to be called (my console.log isn't being printed).
This is while I'm following the feathers passport tutorial: http://feathersjs.com/learn/authorization/
Note: my suspicion is that feathers-passport uses a different "passport" object than my own library. Unfortunately I have no idea how I would rememdy such an issue. It seems to me it's just horrendous design by Passport to not work by passing around instances, and instead attaching things to itsself directly.
I'm setting up passport for serialization and authentication using the following:
var LocalStrategy = require('passport-local').Strategy;
function GetPassport(userService, Passport) {
console.log('passport has been prepared.\n');
Passport.serializeUser(function(user, done) {
console.log('user: ', user);
done(null, user._id);
});
Passport.deserializeUser(function(id, done) {
userService.get(id, {}, done);
});
Passport.use(new LocalStrategy(function(username, password, done) {
userService.authenticate(username, password, done);
}));
return Passport;
}
module.exports = GetPassport;
Then I'm using:
var userService = UserService(config.db);
var passport = GetPassport(userService);
app.post('/login', passport.authenticate('local'));
If you need more details here is UserService:
var MongoDB = require('feathers-mongodb');
var Crypto = require('crypto');
var UserService = function(database) {
return MongoDB({
db: database,
collection: '_users',
}).extend({
authenticate: function(username, password, callback) {
this.find({query: {username: username}}, function(error, users) {
if(error)
callback(error);
var user = users[0];
if(!user)
return callback(new Error('No User Found'));
if(user.password !== hash(password, user.salt))
return callback(new Error('Password Is Incorrect'));
//success, return the authenticated user
return callback(null, user);
});
},
setup: function() {
this.before({
create: function(hook, next) {
//Create the salt
var salt = Crypto.randomBytes(128).toString('base64');
hook.data.salt = salt;
hook.data.password = hash(hook.data.password, hook.data.salt);
next();
},
});
},
});
};
module.exports = UserService;
function hash(string, salt) {
var shasum = Crypto.createHash('sha256');
shasum.update(string + salt);
return shasum.digest('hex');
}
The error trace:
Error: Failed to serialize user into session
at pass (/Users/funk/Development/Projects/generic_rest_server/node_modules/feathers-passport/node_modules/passport/lib/authenticator.js:277:19)
at Authenticator.serializeUser (/Users/funk/Development/Projects/generic_rest_server/node_modules/feathers-passport/node_modules/passport/lib/authenticator.js:295:5)
at IncomingMessage.req.login.req.logIn (/Users/funk/Development/Projects/generic_rest_server/node_modules/passport/lib/http/request.js:48:29)
at Strategy.strategy.success (/Users/funk/Development/Projects/generic_rest_server/node_modules/passport/lib/middleware/authenticate.js:228:13)
at verified (/Users/funk/Development/Projects/generic_rest_server/node_modules/passport-local/lib/strategy.js:83:10)
at /Users/funk/Development/Projects/generic_rest_server/user-service.js:22:24
at /Users/funk/Development/Projects/generic_rest_server/node_modules/feathers-mongodb/node_modules/mongoskin/node_modules/mongodb/lib/mongodb/cursor.js:158:16
at commandHandler (/Users/funk/Development/Projects/generic_rest_server/node_modules/feathers-mongodb/node_modules/mongoskin/node_modules/mongodb/lib/mongodb/cursor.js:651:16)
at /Users/funk/Development/Projects/generic_rest_server/node_modules/feathers-mongodb/node_modules/mongoskin/node_modules/mongodb/lib/mongodb/db.js:1670:9
at Server.Base._callHandler (/Users/funk/Development/Projects/generic_rest_server/node_modules/feathers-mongodb/node_modules/mongoskin/node_modules/mongodb/lib/mongodb/connection/base.js:382:41)
The answer was in my note.
This should be helpful for anyone else who gets stuck following:
"http://feathersjs.com/learn/authorization/"
You must provide the FeathersPassport call with the passport option. If not, feathers-passport well use a different version of passport, than the one you add serializeUser to:
app.configure(FeathersPassport(function(result) {
// MongoStore needs the session function
var MongoStore = ConnectMongo(result.createSession);
result.secret = 'noymysecret';
result.store = new MongoStore({
db: config.db,
});
result.resave = false;
result.saveUninitialized = false;
//*HERE*//
result.passport = passport;
//**//
return result;
}));
I blame Passport inexplicably being a singleton, for not noticing this sooner.
I am trying to make a node.js web application that tells the user to sign in using their gmail.
So I tried to use the instructions over here: http://passportjs.org/guide/google/. I changed the url www.example.com to localhost, then ran the application. It tells me that it can't find User. Here is the whole log: User.findOrCreate({openID: identifier }, function(err, user) {(and then on the next line) ReferenceError: User is not defined.
You need to define "User" by calling it from a model. Create a User model (if you haven't already) and import it as a variable. E.g.
var User = require('/path/to/User');
Sometimes I find it helpful for debugging to log the callback to the console, to see if the desired output is being spit out.
I just implemented one maybe this will help , I'm using Express the routes section is on the bottom.. Remember to set your host in the Google Key, my App has de full url of the AWS Server
var passport = require('passport');
// ====== Passport and OAuth2 API
var GoogleStretegy = require('passport-google-oauth').OAuth2Strategy;
passport.serializeUser(function (user, done) {
done(null, user);});
passport.deserializeUser(function (obj, done){
done(null, obj);});
// Set Passport Initialize and Sessions
app.use(passport.initialize());
app.use(passport.session());
passport.use(new GoogleStretegy({
clientID: CREDENTIALS.google.GOOGLE_CLIENT_ID,
clientSecret: CREDENTIALS.google.GOOGLE_CLIENT_SECRET,
callbackURL:"<host>/oauth2callback"
},
function (req, accessToken, refreshToken, profile, done) {
process.nextTick(function () {
console.log(JSON.stringify(profile));
console.log(req);
var username= profile.emails[0].value.split('#');
User.findOne({email: profile.emails[0].value,username:username[0]}).exec(function (err,user) {
if(!user){
var user = new User({username: username[0]});
user.set('email',profile.emails[0].value);
user.set('FullName',profile.DisplayName);
user.save(function (err) {
if(err){
console.log(err);
profile=null;
return done(null,profile);
}else {
return done(null, profile);
}
});
}else {
return done(null, profile);
}
});
// return done(null, profile);
});
}
));
/// ROUTES !
router.get('/logout', function (req, res) {
req.session.destroy(function () {
// Google log out
req.logout();
res.redirect('/login');
});
});
//Google OAuth2
router.get('/auth/google',passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/userinfo.profile','https://www.googleapis.com/auth/userinfo.email'] }));
router.get('/oauth2callback', passport.authenticate('google', { failureRedirect: '/login' }), function (req, res) {
res.redirect('/');
});
I am newby in node.js and I try to implement the simplest authorization in Express. I want to set req.session.userId to users id from database. I can get user id from database using simple form and post request, but I can't set req.session.userId . The most incomprehensible thing for me - why sometimes req.session is working and sometimes is not.
My code for explanation.
in app.js:
Configure segment:
app.use(express.session({secret: 'asdads', key: 'sid', cookie: { maxAge: 600000, httpOnly: false }}));
After that I handle POST request with:
app.post('/login', routes.authorize);
My routes.authorize:
exports.authorize = function(req, res){
if(req.body){
var login = req.body.login;
var password = req.body.password;
//gET USER FROM DATABASE
db.getUser(login, password, function(err, results){
//ensure that results is correct
console.log(results);
if(err){ res.send("User not found", 500); return;}
//PLACE WITH BUG :)
req.session.userId = results[0].id;
});
}
res.render('login', { title: 'Express!' });
}
I think I couldnt set req.session.userId in this place because I access here via POST. If I am right please help me to get access to req.session in this place.
Thanks in advance.
I think the problem is that you're immediately responding to the request before your db.getUser() completes. IIRC the Express session middleware saves session changes when the response is sent, so try something like this instead:
exports.authorize = function(req, res) {
if (!req.body)
return res.render('login', { title: 'Express!' });
var login = req.body.login;
var password = req.body.password;
db.getUser(login, password, function(err, results) {
if (err)
return res.send("User not found", 500);
req.session.userId = results[0].id;
res.render('login', { title: 'Express!' });
});
}