1. 首页
  2. 问答
  3. 使用护照登录无法捕获401条件

使用护照登录无法捕获401条件

2017-08-29 41 views
0

我使用PassportJS本地策略和护照本地猫鼬。以下是我的登录脚本:使用护照登录无法捕获401条件

// Configure Passport (server.js) 
// --------------------------------------------------------------- 
passport.use(new LocalStrategy(User.authenticate())); 
passport.serializeUser(User.serializeUser()); 
passport.deserializeUser(User.deserializeUser()); 
// --------------------------------------------------------------- 


// POST to /login (authenticate.js) 
// --------------------------------------------------------------- 
router.post('/login', (req, res) => { 
    // server-side validation 
    const errors = { 
    username: Validator.validateusername(req.body.username), 
    password: Validator.validatepassword(req.body.password), 
    }; 
    if (!isEmpty(errors)) return res.send(JSON.stringify({ error: errors })); 

    passport.authenticate('local')(req, res,() => { 
    // If logged in, we should have user info to send back 
    if (req.user) { 
     const userdata = JSON.stringify(req.user); 
     const token = jwt.sign({ 
     username: req.user.username, 
     firstName: req.user.firstName, 
     lastName: req.user.lastName, 
     email: req.user.email, 
     img: req.user.img, 
     }, process.env.JWT_SECRET); 
     res.cookie('token', token); 
     return res.send(userdata); 
    } 
    // Otherwise return an error 
    return res.send(JSON.stringify({ error: 'There was an error logging in' })); 
    }); 
});

这工作正常,除非有登录错误。如果因任何原因(401或500)登录失败,该脚本是否应该返回There was an error logging in消息?相反,它只是返回一个401 Unauthorized

架构此认证抬头是:

const { mongoose } = require('../config/dbconfig'); 

const Schema = mongoose.Schema; 
const passportLocalMongoose = require('passport-local-mongoose'); 

const User = new Schema({ 
    username: { 
     type: String, 
     lowercase: true, 
     required: true, 
     unique: true, 
    }, 
    password: { 
     type: String, 
     select: false, 
     required: true, 
    }, 
    firstName: { 
     type: String, 
     required: true, 
    }, 
    lastName: { 
     type: String, 
     required: true, 
    }, 
    email: { 
     type: String, 
     lowercase: true, 
     required: true, 
     unique: true, 
    }, 
    img: { 
     type: String, 
    }, 
}, { timestamps: true }); 

User.plugin(passportLocalMongoose); 

module.exports = mongoose.model('User', User);

来源

2017-08-29 TheLearner

回答

1

您呼叫的策略有点不对劲。您应该将其用作中间件,或者使用custom callback的方式。你们之间是一种混合 - 你把这种策略称为中间件,但是提供你自己的next middleware function。由于身份验证称为中间件,但未提供failureRedirect选项,因此Passport将为return 401 by defaultnext函数是called when successfully authenticated,在你的情况下,它不是下一个中间件,而是一个回调函数。

要使用自定义的回调,你应该写的路由处理程序是这样的:

app.post('/login', (req, res, next) => { 
    // ... 
    passport.authenticate('local', (err, user, info) => { 
    if (err) { return next(err); } 
    if (user) { 
     // ... 
     req.login(user, (err) => { 
     if (err) { return next(err); } 
     return res.send(userdata); 
     }); 
    } else { 
     return res.status(401).send({ error: 'There was an error logging in' }); 
    } 
    })(req, res, next); 
});

来源

2017-08-29 17:21:33 vesse

相关问题

 相关问题