req.session.passport and req.user empty, serializeUser and deserializeUser are never called

家住魔仙堡 提交于 2019-12-30 04:58:25

问题


I'm using Express (v4.11.2) with Passport in order to support multiple providers (local, facebook, twitter and google) for access to the web app I'm building. As a backend I'm using mysql. For now I have two local strategies: local-signup and local-signin. The issue I'm experiencing is that the req.session.passport and req.user are always empty and that, in fact, serializeUser and deserializeUser are never being called.

Here is the setup of express and passport:

var bodyParser = require('body-parser');
var session = require('express-session');
var MemoryStore = session.MemoryStore;
var _ = require('underscore');
var passport = require('passport');

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
    key: 'KEY',
    secret: 'SECRET331156%^!fafsdaasd',
    store: new MemoryStore({reapInterval: 60000 * 10}),
    saveUninitialized: true,
    resave: false
}));
app.use(passport.initialize());
app.use(passport.session());
require('./config/passport')(passport); // pass passport for configuration

and here is the passport file with authentication strategies:

module.exports = function (passport) {
    passport.serializeUser(function (user, done) {
        logger.info('SERIALIZE USER');
        done(null, user.id);
    });

    passport.deserializeUser(function (id, done) {
        logger.info('DESEIRALIZE USER!');
        mysqllib.getConnection(function (err, connection) {
            if (err) {
                done(err);
            }
            var sql = "SELECT * FROM users WHERE idusers = ?";
            logger.info('sql: ' + sql);
            connection.query(sql, [id], function (err, rows) {
                connection.release();
                var user = {};
                user.id = rows[0].idusers;
                done(err, user.id);
            });
        });
    });

    passport.use('local-signup', new LocalStrategy({
            usernameField: 'email',
            passwordField: 'password',
            passReqToCallback: true // allows us to pass back the entire request to the callback
        },
        function (req, email, password, done) {
            logger.info('CALLING local-signup');
            var firstname = req.body.firstname;
            var lastname = req.body.lastname;
            var role = req.body.role;
            mysqllib.getConnection(function (err, connection) {
                var sql = "INSERT INTO users VALUES(0, ?, ?, ?, ?, null, ?, 0, null, null, null, null, null, null, 0, 0)";
                logger.info('sql: ' + sql);
                connection.query(sql, [email, password, firstname, lastname, role], function (err, rows) {
                    connection.release();
                    if (err) {
                        if (err.code == 'ER_DUP_ENTRY') {
                            logger.info('er_dup_entry');
                            return done(err);
                        } else {
                            logger.info('general err');
                            return done(err);
                        }
                    } else {
                        logger.info('everything is OK!');
                        var user = {};
                        user.id = rows.insertId;
                        req.session.user_auth = user.id;
                        return done(null, user);
                    }
                });
            });
        }));

    passport.use(
        'local-login',
        new LocalStrategy({
                usernameField: 'email',
                passwordField: 'password',
                passReqToCallback: true // allows us to pass back the entire request to the callback
            },
            function (req, email, password, done) { 
                mysqllib.getConnection(function (err, connection) {
                    if (err) {
                        logger.info('getConnection: ' + err);
                        return done(err);
                    }
                    var sql = "SELECT idusers, first_name, last_name, email, phone, dob, address, role, photo1, photo2, photo3, photo4, phonevalidated, uservalidated FROM users WHERE email = " + connection.escape(email) + " AND password = " + connection.escape(password);
                    connection.query(sql, function (err, rows) {
                        connection.release();
                        if (err) {
                            logger.error("select user", err);
                            return done(err);
                        } else if (rows.length) {
                            var user = rows[0];
                            user.id = rows[0].idusers;
                            return done(null, user);
                        } else {
                            logger.warn('Incorrect Login credentials, username: ' + email + ' password: ' + password);
                            return done(null, false, {message: 'unauthorized'});
                        }
                    });
                });
            })
    );
};

and, for last, here is how I'm using the strategies in express routes:

app.post('/login', function (req, res, next) {
    passport.authenticate('local-login', function (err, user, info) {
        if (err) {
            mysend(res, 500, 'Ups. Something broke!');
        } else if (info) {
            mysend(res, 401, 'unauthorized');
        } else {
            mysend(res, 200, JSON.stringify(user));
            logger.info(req.user);
            logger.info(req.session);
        }
    })(req, res, next);
});

Everything works fine, even in a strategy I can set the value of user's id in the session like this:

req.session.user_id = user.id

and continue to use it manually but I really don't get why serializeUser and deserializeUser aren't being called.


回答1:


You need to call req.login() in custom callback which will then call serializeUser and set the user object to the session:

app.post('/login', function (req, res, next) {
    passport.authenticate('local-login', function (err, user, info) {
        if (err) {
            mysend(res, 500, 'Ups. Something broke!');
        } else if (info) {
            mysend(res, 401, 'unauthorized');
        } else {
            req.login(user, function(err) {
                if (err) {
                    mysend(res, 500, 'Ups.');
                } else {
                    mysend(res, 200, JSON.stringify(user));
                }
            }
        }
    })(req, res, next);
});


来源:https://stackoverflow.com/questions/28277094/req-session-passport-and-req-user-empty-serializeuser-and-deserializeuser-are-n

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!