0
mein Authentifizierungssystem funktioniert nicht wie erwartet.Passport-Authentifizierung req.isAuthenticated ist immer falsch
zunächst einmal möchte ich Ihnen zeigen, meine node.js
//Initialize Express Web Server
var express = require('express');
var app = express();
var http = require("http").Server(app);
var lusca = require('lusca');
var io = require("socket.io")(http);
//require needs
var api = express.Router();
var ejs = require('ejs');
var expressValidator = require("express-validator");
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var LocalStrategy = require('passport-local').Strategy;
var session = require('express-session');
var passport = require('passport');
var morgan = require('morgan');
var mongo = require('mongodb');
var MongoStore = require('connect-mongo')(session);
//Connect to MongoDB
var mongoose = require('mongoose');
var configDB = require('./config/database.js');
mongoose.connect(configDB.url);
//Resolving paths with nodejs
var path = require('path');
app.use(express.static(path.join(__dirname+"/MP/")));
//cookie parser middleware
app.use(cookieParser());
//Body Parser Middleware
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended:false}));
//Init Sessions
app.use(session({
secret:'SOME_HIDDEN_TEXT',
cookie:{httpOnly:true/*, secure: true*/},
saveUninitialized: false,
resave: false,
store: new MongoStore({mongooseConnection: mongoose.connection, autoReconnect: true})
}));
//Init Passport
app.use(passport.initialize());
app.use(passport.session());
app.use(expressValidator({
errorFormatter: function(param, msg, value) {
var namespace = param.split('.')
, root = namespace.shift()
, formParam = root;
while(namespace.length) {
formParam += '[' + namespace.shift() + ']';
}
return {
param : formParam,
msg : msg,
value : value
};
}
}));
//Security
app.use(morgan('dev'));
//app.use(lusca.csrf());
/*app.use(lusca.csp(
{"policy":{
"default-src":"'self'",
"script-src":"'self' 'https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/*'",
"img-src":"'self' 'http://placehold.it/*'",
"connect-src":"'self'",
"font-src":"*",
"style-src":"'self' 'unsafe-inline' *"
}}
));*/
app.use(lusca.hsts({maxAge:31536000}));
app.use(lusca.xframe('SAMEORIGIN'));
app.use(lusca.p3p('ABCDEF'));
app.use(lusca.xssProtection(true));
app.use(lusca.nosniff());
//Init API
var User = require(path.join(__dirname+"/model/user"));
require("./MP/routes/api")(api);
app.use("/api", api);
/*app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', "http://localhost:3000");
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
if ('OPTIONS' == req.method) {
res.send(200);
} else {
next();
}
});*/
//Setting up listening port
var port = 3000;
io.on("connection", function(socket){
console.log("user connected");
});
app.set('view engine', 'ejs');
app.set("views", path.resolve(__dirname,"MP","view"));
//Render View for Angular
app.get('/', function(req,res){
res.render("index.ejs");
console.log(req.headers.origin);
});
http.listen(port,function(){
console.log('SERVER LISTENING ON PORT: '+port);
});
nächstes meine Winkel App
"use strict";
var app = angular.module("app", ["ngRoute","ui.router", "ngSanitize","ngResource"]);
app.config(["$stateProvider" , "$urlRouterProvider", "$locationProvider" , function ($stateProvider , $urlRouterProvider, $locationProvider, loginService) {
$stateProvider
.state("login", {
url: "/",
templateUrl: "partials/index.html",
controller: "indexCtrl"
})
.state("register", {
url:"/register",
templateUrl: "partials/register.html",
controller: "indexCtrl"
})
.state("home", {
url: "/en/",
abstract: true,
templateUrl: "partials/home.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.news", {
url: "",
templateUrl: "partials/news.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.gamer", {
url: "gamer/",
templateUrl: "partials/gamer.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.search", {
url: "search/",
templateUrl: "partials/search.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.games",{
url: "games/",
templateUrl: "partials/games.html",
resolve: {
loggedIn: checkLogin
}
})
.state("home.verify", {
url: "verify/",
templateUrl: "partials/verify.html",
resolve: {
loggedIn: checkLogin
}
});
$urlRouterProvider.otherwise("/");
$locationProvider.html5Mode({
enabled: true,
requireBase: false
});
}]);
function checkLogin(loginService){
return loginService.loggedIn();
}
hier ist mein loginService
"use strict";
app.factory("loginService",["Api", "$location", "$state", "$q", "$rootScope", function (Api,$location,$state,$q,$rootScope) {
return {
login: function (user,scope) {
Api.login.post(user, function(regRes){
console.log(regRes.data);
if(regRes.data.error){
scope.error = { error : regRes.data.error};
}else if(regRes.data.success === 1){
$state.go("home.news");
}
});
},
loggedIn: function(){
var deferred = $q.defer();
Api.login.get(function(user){
if(user.data != "0"){
$rootScope.currentUser = user;
deferred.resolve();
}else{
$rootScope.currentUser = null;
deferred.reject();
$state.go("login");
}
});
return deferred.promise;
}
}
}]);
Last but not least Datei mein api
'use strict';
var User = require("../../model/user");
var passport = require("passport");
var LocalStrategy = require("passport-local").Strategy;
passport.use(new LocalStrategy({usernameField: "e", passwordField: "p"},function(email, password, done){
var user = new User();
user.findEmail(escape(email),function(err, user){
if(err){
throw err;
}
if(!user){
return done(null,false, {error: "Email or Password is wrong. Please try again."});
}
user.comparePw(escape(password),user.password,function(err, isMatched){
if(!isMatched){
return done(null,false, {error: "Email or Password is wrong. Please try again."});
}else{
return done(null,user);
}
});
});
}));
passport.serializeUser(function(user,done){
done(null, user.id);
});
passport.deserializeUser(function(user,done){
var user = new User();
user.findUserById(user, function(err, user){
done(err,user);
});
});
module.exports = function(router){
router.get("/user", function(req, res){
var user = new User();
user.getGamer(function(err,response){
if(err){
throw err;
}else{
res.json(response);
}
});
});
router.post("/user/login", function(req, res, next) {
passport.authenticate('local', {session: true},function(err, user, info) {
console.log(user + " " + info + " " + err);
if (err) { return next(err); }
if (!user) { return res.json({error: "Email or Password is wrong. Please try again."}); }
if(user.confirm == 0){ return res.json({error: "Please confirm your email address and try again."})}
console.log(req.user);
req.logIn(user, function(err) {
console.log(req.session.id);
console.log(req.user); //req.user is defined
console.log(req.isAuthenticated()); //req.isAuthenticated() is true
if (err) { return next(err); }
res.json({success: 1});
});
})(req, res, next);
});
router.get("/user/login", function(req, res, next) {
console.log(req.isAuthenticated()); //returns false
res.send(req.isAuthenticated() ? req.user: "0"); //send object with data:"0";
});
};
UPDATE: Das ist mein API-Service
app.factory("Api", ["$resource", function($resource){
return {
gamer: $resource("/api/user/:id", {_id: "@id"},{
"get": {
method: "GET",
interceptor: {
response: function(response) {
return response;
}
}
},
"post":{
method: "POST",
interceptor:{
response: function(response){
return response;
}
}
}
}),
login: $resource("/api/user/login", {},{
"post":{
method: "POST",
interceptor:{
response: function(response){
return response;
}
}
},
"get":{
method: "GET",
interceptor:{
response: function(response){
return response;
}
}
}
})
}
}]);
Jederzeit ich die LoggedIn Funktion namens i mit Daten, die eine Antwort eines Objekts bekam: "0". Ich habe keine Ahnung, warum die req.isAuthenticated() immer falsch ist, während die Anmeldung erfolgreich über den Pass erfolgte. Ein Sitzungscookie namens connect.sid ist richtig eingestellt und hat den gleichen Wert wie das Session-Cookie, das in der Mungo-Datenbank gespeichert ist. Wenn ich direkt nach der Anmeldung eine console.log isAuthenticated bekomme, bekomme ich die Antwort von true, sonst ist es immer falsch. Ich habe auch versucht, CORS zu erlauben, aber es hat nicht funktioniert. Ich habe den ganzen Tag auf Google gesucht, um eine Lösung dafür zu finden. Jemand kann mir helfen?
Grüße Chzn
Wenn Sie Ihre API aufrufen, setzen Sie die 'withCredentials: true'? Andernfalls können Ihre AJAX-Anfragen die Cookies (httpOnly) nicht abrufen. –
Ich habe meinen Beitrag aktualisiert. Ich denke, ich mache das nicht:/ – chzn