问题描述
我正在使用Express(v4.11.2)和Passport,以便支持多个提供商(本地,facebook,twitter和google)访问我正在构建的Web应用程序。作为后端我正在使用mysql。现在我有两个本地策略:本地注册和本地登录。我遇到的问题是req.session.passport和req.user始终是空的,实际上,serializeUser和deserializeUser从不被调用。
I'm using Express (v4.11.2) with Passport in order to support multiple providers (local, facebook, twitter and google) for access to the web app I'm building. As a backend I'm using mysql. For now I have two local strategies: local-signup and local-signin. The issue I'm experiencing is that the req.session.passport and req.user are always empty and that, in fact, serializeUser and deserializeUser are never being called.
以下是快递和护照的设置:
Here is the setup of express and passport:
var bodyParser = require('body-parser');
var session = require('express-session');
var MemoryStore = session.MemoryStore;
var _ = require('underscore');
var passport = require('passport');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
key: 'KEY',
secret: 'SECRET331156%^!fafsdaasd',
store: new MemoryStore({reapInterval: 60000 * 10}),
saveUninitialized: true,
resave: false
}));
app.use(passport.initialize());
app.use(passport.session());
require('./config/passport')(passport); // pass passport for configuration
这里是具有认证策略的护照文件:
and here is the passport file with authentication strategies:
module.exports = function (passport) {
passport.serializeUser(function (user, done) {
logger.info('SERIALIZE USER');
done(null, user.id);
});
passport.deserializeUser(function (id, done) {
logger.info('DESEIRALIZE USER!');
mysqllib.getConnection(function (err, connection) {
if (err) {
done(err);
}
var sql = "SELECT * FROM users WHERE idusers = ?";
logger.info('sql: ' + sql);
connection.query(sql, [id], function (err, rows) {
connection.release();
var user = {};
user.id = rows[0].idusers;
done(err, user.id);
});
});
});
passport.use('local-signup', new LocalStrategy({
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true // allows us to pass back the entire request to the callback
},
function (req, email, password, done) {
logger.info('CALLING local-signup');
var firstname = req.body.firstname;
var lastname = req.body.lastname;
var role = req.body.role;
mysqllib.getConnection(function (err, connection) {
var sql = "INSERT INTO users VALUES(0, ?, ?, ?, ?, null, ?, 0, null, null, null, null, null, null, 0, 0)";
logger.info('sql: ' + sql);
connection.query(sql, [email, password, firstname, lastname, role], function (err, rows) {
connection.release();
if (err) {
if (err.code == 'ER_DUP_ENTRY') {
logger.info('er_dup_entry');
return done(err);
} else {
logger.info('general err');
return done(err);
}
} else {
logger.info('everything is OK!');
var user = {};
user.id = rows.insertId;
req.session.user_auth = user.id;
return done(null, user);
}
});
});
}));
passport.use(
'local-login',
new LocalStrategy({
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true // allows us to pass back the entire request to the callback
},
function (req, email, password, done) {
mysqllib.getConnection(function (err, connection) {
if (err) {
logger.info('getConnection: ' + err);
return done(err);
}
var sql = "SELECT idusers, first_name, last_name, email, phone, dob, address, role, photo1, photo2, photo3, photo4, phonevalidated, uservalidated FROM users WHERE email = " + connection.escape(email) + " AND password = " + connection.escape(password);
connection.query(sql, function (err, rows) {
connection.release();
if (err) {
logger.error("select user", err);
return done(err);
} else if (rows.length) {
var user = rows[0];
user.id = rows[0].idusers;
return done(null, user);
} else {
logger.warn('Incorrect Login credentials, username: ' + email + ' password: ' + password);
return done(null, false, {message: 'unauthorized'});
}
});
});
})
);
};
,最后,以下是我在快速路线中使用策略:
and, for last, here is how I'm using the strategies in express routes:
app.post('/login', function (req, res, next) {
passport.authenticate('local-login', function (err, user, info) {
if (err) {
mysend(res, 500, 'Ups. Something broke!');
} else if (info) {
mysend(res, 401, 'unauthorized');
} else {
mysend(res, 200, JSON.stringify(user));
logger.info(req.user);
logger.info(req.session);
}
})(req, res, next);
});
一切都很好,即使在策略中,我可以设置会话中的用户ID的值,如:
Everything works fine, even in a strategy I can set the value of user's id in the session like this:
req.session.user_id = user.id
并继续手动使用,但我真的不明白为什么serializeUser和deserializeUser不被调用。
and continue to use it manually but I really don't get why serializeUser and deserializeUser aren't being called.
推荐答案
您需要在,然后调用 serializeUser 并设置用户对象到会话:
You need to call req.login() in custom callback which will then call serializeUser and set the user object to the session:
app.post('/login', function (req, res, next) {
passport.authenticate('local-login', function (err, user, info) {
if (err) {
mysend(res, 500, 'Ups. Something broke!');
} else if (info) {
mysend(res, 401, 'unauthorized');
} else {
req.login(user, function(err) {
if (err) {
mysend(res, 500, 'Ups.');
} else {
mysend(res, 200, JSON.stringify(user));
}
}
}
})(req, res, next);
});
这篇关于req.session.passport和req.user为空,serializeUser和deserializeUser从不被调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!