1
我已经使用护照和express.js设置了登录/注册界面和机制。我遇到的问题是,在用户注册后,我们被重定向到登录页面,但我们最终可以更改URL并立即在用户配置文件中输入,但这当然不是预期和想要的。我希望用户在注册后没有通过身份验证,并且他需要在登录页面中手动输入他/她的凭据,然后才能输入其个人资料。使用护照注册后防止用户身份验证
router.get('/', isAuthenticated, function(req, res) {
res.render('library', {
// passing the id of and username the connecting user to the dust
userid: req.user._id,
username: req.user.userName
});
});
router.get('/library', isAuthenticated, function(req, res) {
res.render('library', {
// passing the id of and username the connecting user to the dust
userid: req.user._id,
username: req.user.userName
});
});
/* GET login page. */
router.get('/login', function(req, res) {
// Display the Login page with any flash message, if any
res.render('login', {
message: req.flash('message')
});
});
/* Handle Login POST
password.authenticate is used to delegate the authentication
to the login strategy when a HTTP POST is made to /login.
*/
router.post('/login', passport.authenticate('login', {
successRedirect: '/library',
failureRedirect: '/',
failureFlash: true
}));
/* GET Registration Page */
router.get('/signup', function(req, res) {
res.render('signup', {
message: req.flash('message')
});
});
/* Handle Registration POST
password.authenticate is used to delegate the authentication
to the signup strategy when a HTTP POST is made to /signup.
*/
router.post('/signup', passport.authenticate('signup', {
successRedirect: '/login',
failureRedirect: '/signup',
failureFlash: true
}));
和isAuthenticated
功能/中间件定义如下
var isAuthenticated = function(req, res, next) {
// if user is authenticated in the session, call the next() to call the next request handler
// Passport adds this method to request object. A middleware is allowed to add properties to
// request and response objects
if (req.isAuthenticated()) {
return next();
} else {
res.redirect('/login');
}
}
我在做什么错?
基本上,注册后,我有一个按钮,重定向到/
,如果我们被重定向到library
(就像它发生在我身上),那么用户应该已经被认证,但我不想这.. 。
如果我在传递给'passport.authenticate('注册',{...})的对象中设置'session'为false,然后在'passport.authenticate('login' ,{',实际效果如何? – nbro
它可能会做你所期望的:注册并不会创建一个新的会话,但是登录的确如此,虽然设置'session:true'是多余的,因为这是默认的值 – mscdex
但是我的问题是:是否有任何情况下创建一个会话在注册将是有用和安全的? – nbro