Anmeldung fehlgeschlagene Loopback-Authentifizierung

Question

Ich hatte ein Problem mit Benutzer-Login-Loopback. als ich versuchte,

{ 
    "error": { 
    "statusCode": 401, 
    "name": "Error", 
    "message": "login failed", 
    "code": "LOGIN_FAILED", 
    "stack": "Error: login failed\n at d" 
    } 
} 

Antwort mit Loopback-Explorer um sich einzuloggen:

{ 
    "date": "Tue, 18 Jul 2017 06:20:01 GMT", 
    "content-encoding": "gzip", 
    "x-content-type-options": "nosniff", 
    "x-download-options": "noopen", 
    "x-frame-options": "DENY", 
    "content-type": "application/json; charset=utf-8", 
    "access-control-allow-origin": "http://localhost:10010", 
    "transfer-encoding": "chunked", 
    "connection": "keep-alive", 
    "access-control-allow-credentials": "true", 
    "vary": "Origin, Accept-Encoding", 
    "x-xss-protection": "1; mode=block" 
} 

create-lb-Tabellen in mixin: (Serverseite)

var server = require('./server');  
var ds = server.dataSources["sql-local"];  
var lbTables = ['User', 'AccessToken', 'ACL', 'RoleMapping', 'Role'];  
ds.automigrate(lbTables, function(er) {  
  if (er) throw er;  
  console.log('Loopback tables [' - lbTables - '] created in ', ds.adapter.name);  
  ds.disconnect();  
}) 

auth.service.js (Kundenseite):

(function() { 
    'use strict'; 

    angular.module('CrudAngular') 
     .factory('authService', authService); 

    authService.$inject = ['User', '$rootScope']; 

    function authService(User, $rootScope) { 
     var service = { 
      login: login, 
      logout: logout, 
      register: register, 
      isAuthenticated: isAuthenticated, 
      getCurrentUser: getCurrentUser 
     }; 
     return service; 

     function login(email, password) { 
      return User 
       .login({ email: email, password: password }) 
       .$promise; 
     } 

     function logout() { 
      return User 
       .logout() 
       .$promise; 
     } 

     function register(email, password) { 
      return User 
       .create({ 
        email: email, 
        password: password 
       }) 
       .$promise; 
     } 

     function isAuthenticated() { 
      return User.isAuthenticated(); 
     } 

     function getCurrentUser() { 
      return User.getCurrent(); 
     } 
    } 
})(); 

dies Controller für die Anmeldung und app.js

.controller('LoginController', ['$scope', '$state', 'authService', '$location', function ($scope, $state, authService, $location) { 
     $scope.login = function() { 
      authService.login(this.username, this.password).then(function (response) { 
       $location.path('/home'); 
       console.log(response); 
      }, function (err) { 
       alert(err.data.error.message); 
       console.log(err); 
      }); 
     }; 
    }]) 

    .run(['$rootScope', '$location', '$http', 'User', function ($rootScope, $location, $http, User) { 
     console.log(User.isAuthenticated());  

     $rootScope 
      .$on('$stateChangeStart', 
      function (event, toState, toParams, fromState, fromParams) { 
       $("#ui-view").html(""); 
       $(".page-loading").removeClass("hidden"); 
      }); 

     $rootScope 
      .$on('$stateChangeSuccess', 
      function (event, toState, toParams, fromState, fromParams) { 
       $(".page-loading").addClass("hidden"); 
      }); 


     $rootScope.$on('$locationChangeStart', function (event, next, current) { 
      // redirect to login page if not logged in and trying to access a restricted page 
      var restrictedPage = $.inArray($location.path(), ['/login', '/register']) === -1; 
      if (restrictedPage && !User.isAuthenticated()) { 
       console.log("Not Authenticated"); 
       $location.path('/login'); 
      } 

      if (User.isAuthenticated()) { 
       $location.path('/home'); 
      } 
     }); 
    }]) 

login.html:

<div ng-controller="LoginController"> 

<div class="col-md-6 col-md-offset-3"> 
    <h2>Login</h2> 
    <form name="form" ng-submit="login()" role="form"> 
     <div class="form-group" ng-class="{ 'has-error': form.username.$dirty && form.username.$error.required }"> 
      <label for="username">Username</label> 
      <input type="text" name="username" id="username" class="form-control" ng-model="username" required /> 
      <span ng-show="form.username.$dirty && form.username.$error.required" class="help-block">Username is required</span> 
     </div> 
     <div class="form-group" ng-class="{ 'has-error': form.password.$dirty && form.password.$error.required }"> 
      <label for="password">Password</label> 
      <input type="password" name="password" id="password" class="form-control" ng-model="password" required /> 
      <span ng-show="form.password.$dirty && form.password.$error.required" class="help-block">Password is required</span> 
     </div> 
     <div class="form-actions"> 
      <button type="submit" ng-disabled="form.$invalid || vm.dataLoading" class="btn btn-primary">Login</button> 
      <a href="#!/register" class="btn btn-link">Register</a> 
     </div> 
    </form> 
</div> 

Answer 1

dieses Beispiel Siehe here Zeigen Sie, wie mit Google SIGIN, facebook, twitter

Answer 2

zusätzlichen ACL hinzufügen in Konto/Benutzermodell wie unten erläutert:

"acls": [{ 
    "accessType": "*", 
    "principalType": "ROLE", 
    "principalId": "$unauthenticated", 
    "permission": "ALLOW", 
    "property": "find" 
}] 

Es wird die ermöglichen Account- (Benutzer) -Modell zum Abrufen des Kontos und dessen Konto, da die Standard-ACL für das Benutzermodell eine Autorisierung für jede Anforderung erfordert, mit Ausnahme der POST-Anforderung.