问题
This is a weird one, but I'm not sure what else could be going on. I've successfully deployed the passport-local strategy for a Node.js Express app with user accounts stored in MongoDB. I'm using Mongo as a service via MongoLab.
My accounts and login auth works as expected locally. But when I deploy my app to AWS (using the same Mongo service still), the same account credentials fail. I'm wondering... is Passport somehow using the URL, port, or other environment-specific information to authenticate users? Perhaps in how password lookup is performed?
I've narrowed it down to the passport.authenticate('local')
middleware, although it would surprise me if this library somehow performed differently in different environments with the exact same code.
I should also mention that I'm using the passport-local-mongoose
plugin for my User model.
回答1:
OK - I figured this out.
On my local system, I had a newer version of node, but on my deployed version (on AWS ElasticBeanstalk) it was using v0.10.36.
If you look at the code for passport-local-mongoose
you'll see this:
var pbkdf2DigestSupport = semver.gte(process.version, '0.12.0');
...
var pbkdf2 = function(password, salt, callback) {
if (pbkdf2DigestSupport) {
crypto.pbkdf2(password, salt, options.iterations, options.keylen, options.digestAlgorithm, callback);
} else {
crypto.pbkdf2(password, salt, options.iterations, options.keylen, callback);
}
};
So if the two different versions of node has one above 0.12.0 and one below, you are going to get different crypto functionality.
来源:https://stackoverflow.com/questions/34080488/passport-local-strategy-auth-seems-to-only-work-on-localhost-with-a-shared-mongo