I am using nestjs 8.0 with typeorm, passport-jwt, and passport-local. Everything seems to be working fine other than the LocalAuthGuard. I am able to successfully create a new user and even use the routes that have JwtAuthGuard but LocalAuthGuard seems to have some issues as I keep getting 401 Unauthorized error
Also, is there a way to console log some output from within the LocalAuthGuard or LocalStrategy?
auth.controller.ts
#Controller(['admin', 'user'])
export class AuthController {
constructor(
private authService: AuthService,
) {}
#UseGuards(LocalAuthGuard)
#Post('login')
login(#Request() req) {
console.log('object');
if (req.path.includes('admin') && !req.user.isAdmin) {
throw new UnauthorizedException();
}
return this.authService.login(req.user);
}
...
}
local.guard.ts
import { Injectable } from '#nestjs/common';
import { AuthGuard } from '#nestjs/passport';
#Injectable()
export class LocalAuthGuard extends AuthGuard('local') {}
local.strategy.ts
#Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
constructor(private authService: AuthService) {
super();
}
async validate(usernameOrEmail: string, password: string): Promise<any> {
const user = await this.authService.validateUser({
usernameOrEmail,
password,
});
if (!user) {
throw new UnauthorizedException();
}
return user;
}
}
auth.service.ts
#Injectable()
export class AuthService {
constructor(
#InjectRepository(User)
private userRepository: Repository<User>,
private jwtService: JwtService,
) {}
async validateUser({ usernameOrEmail, password }: LoginDto) {
const user = (await this.userRepository.findOne({ username: usernameOrEmail })) ||
(await this.userRepository.findOne({ email: usernameOrEmail }));
if (user && (await bcrypt.compare(password, user.password))) {
return user;
}
return null;
}
...
}
auth.module.ts
#Module({
imports: [
TypeOrmModule.forFeature([User]),
PassportModule,
JwtModule.registerAsync({
imports: [ConfigModule],
inject: [ConfigService],
useFactory: async (configService: ConfigService) => {
return {
secret: configService.get('JWT_KEY'),
signOptions: {
expiresIn: '6000s',
},
};
},
}),
],
providers: [AuthService, LocalStrategy, JwtStrategy],
exports: [AuthService],
controllers: [AuthController],
})
export class AuthModule {}
Any help or suggestion is greatly appreciated.
EDIT
It seems for LocalAuthGuard, username, and password are a must and other properties are optional.
You can create multiple local strategies with different parameters. For example,
Username and password
Phone and OTP
Email and password
Email and OTP
For using multiple local strategies, refer to this answer
Then, you can also pass an options object to specify different property names, for example: super({ usernameField: 'email', passwordField: 'otp' })
implement local strategy as follows
import { Strategy } from 'passport-local';
import { PassportStrategy } from '#nestjs/passport';
import { Inject, Injectable, UnauthorizedException } from '#nestjs/common';
import { IAuthService } from '../services';
import { LoginDto, OtpLoginDto } from '../dto';
import { UserDto } from 'src/modules/user/dto';
import { plainToClass } from 'class-transformer';
#Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
constructor(
#Inject(IAuthService)
private readonly authService: IAuthService,
) {
super({
usernameField: 'user_name',
passwordField: 'otp',
});
}
async validate(user_name: string, otp: string): Promise<any> {
const loginDto = plainToClass(OtpLoginDto, {
username: user_name,
otp: otp,
});
const user: UserDto = await this.authService.verifyOtp(loginDto);
if (!user) {
throw new UnauthorizedException();
}
return user;
}
}
ref: customize passport
Related
Hi awesome developers,
I'm trying to implement Authentication using passport-local and Nestjs with reference to https://progressivecoder.com/how-to-implement-nestjs-passport-authentication-using-local-strategy/.
I have implemented exactly same but Nestjs always returns 401 Unauthorized even with valid user. I can't seem to find what I am missing.
Code Structure
Authentication Module
User Module
Here's the code:
Authentication Module:
authentication.module.ts
import { Module } from '#nestjs/common';
import { PassportModule } from '#nestjs/passport';
import { UserModule } from 'src/user/user.module';
import { AuthenticationController } from './controllers/authentication.controller';
import { AuthenticationService } from './services/authentication.service';
import { LocalStrategy } from './strategies/local.strategy';
#Module({
imports:[UserModule, PassportModule],
controllers: [AuthenticationController],
providers: [AuthenticationService, LocalStrategy]
})
export class AuthenticationModule {}
authentication.controller.ts
import { Controller, Post, Request, UseGuards } from '#nestjs/common';
import { AuthGuard } from '#nestjs/passport';
import { UserService } from 'src/user/services/user.service';
#Controller('authentication')
export class AuthenticationController {
constructor(private userService: UserService){}
#UseGuards(AuthGuard('local'))
#Post('signin')
async signin(#Request() req){
return req.user;
}
}
authentication.service.ts
import { Injectable } from '#nestjs/common';
import { UserService } from 'src/user/services/user.service';
#Injectable()
export class AuthenticationService {
constructor(private userService: UserService) {}
async validateUser(email: string, password: string): Promise<any> {
const user = await this.userService.readUserByEmail(email);
if (user && user.password === password) {
const { password, ...result } = user;
return result;
}
return null;
}
}
local.strategy.ts
import { Injectable, UnauthorizedException } from "#nestjs/common";
import { PassportStrategy } from "#nestjs/passport";
import { Strategy } from "passport-local";
import { AuthenticationService } from "../services/authentication.service";
#Injectable()
export class LocalStrategy extends PassportStrategy(Strategy){
constructor(private authenticationService: AuthenticationService){
super();
}
async validate(username: string, password: string): Promise<any> {
const user = await this.authenticationService.validateUser(username, password);
if (!user) {
throw new UnauthorizedException();
}
return user;
}
}
User Module:
user.module.ts
import { Module } from '#nestjs/common';
import { UserController } from './controllers/user.controller';
import { UserService } from './services/user.service';
#Module({
controllers: [UserController],
providers: [UserService],
exports: [UserService]
})
export class UserModule {}
user.controller.ts
Skipping user controller as it is irrelevent
user.service.ts
import { Injectable } from '#nestjs/common';
import { prisma } from 'src/main';
import { CreateUserDTO } from '../dto/create-user.dto';
import { UpdateUserDTO } from '../dto/update-user.dto';
#Injectable()
export class UserService {
private readonly users = [
{
id: "1",
name: "Ajitesh",
email: "ajitesh.k-s#lloydsbanking.com",
password: "secret"
}
]
//....other methods
async readUserByEmail(email: string){
return this.users.find(user => user.email === email);
}
}
Request:
{
"email": "ajitesh#example.com",
"password": "secret"
}
Thanks in advance.
passport-local expects req.body to be populated with username and password fields. If you plan to use something else for the username, like email, then you need to tell passport about that in your strategy using the usernameField option in super
import { Injectable, UnauthorizedException } from "#nestjs/common";
import { PassportStrategy } from "#nestjs/passport";
import { Strategy } from "passport-local";
import { AuthenticationService } from "../services/authentication.service";
#Injectable()
export class LocalStrategy extends PassportStrategy(Strategy){
constructor(private authenticationService: AuthenticationService){
super({
usernameField: 'email',
});
}
async validate(username: string, password: string): Promise<any> {
const user = await this.authenticationService.validateUser(username, password);
if (!user) {
throw new UnauthorizedException();
}
return user;
}
}
I have created auth for application by google (passport-google-oauth20) and apple (passport-appleid). When i try to invoke GET google-sign-in, I have the following error
[Nest] 987 - 07/22/2022, 9:49:18 AM ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'callbackURL')
TypeError: Cannot read properties of undefined (reading 'callbackURL')
at GoogleStrategy.OAuth2Strategy.authenticate (/home/node/app/node_modules/passport-appleid/lib/strategy.js:76:59)
at attempt (/home/node/app/node_modules/passport/lib/middleware/authenticate.js:369:16)
at authenticate (/home/node/app/node_modules/passport/lib/middleware/authenticate.js:370:7)
at /home/node/app/node_modules/#nestjs/passport/dist/auth.guard.js:96:3
at new Promise (<anonymous>)
at /home/node/app/node_modules/#nestjs/passport/dist/auth.guard.js:88:83
at MixinAuthGuard.<anonymous> (/home/node/app/node_modules/#nestjs/passport/dist/auth.guard.js:49:36)
at Generator.next (<anonymous>)
at fulfilled (/home/node/app/node_modules/#nestjs/passport/dist/auth.guard.js:17:58)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
If i commented Apple Strategy in user module, everything work fine.
I can't understand why GoogleStrategy.OAuth2Strategy.authenticate go to the appleid packages
And If I use only Google Strategy or only Apple Strategy everything works.
#UseGuards(AuthGuard('google'))
#ApiOperation({ summary: 'google sign in' })
#Get('google-sign-in')
public async signInWithGoogle(#Req() req: any) {
return req.user;
}
#UseGuards(AuthGuard('google'))
#ApiOperation({ summary: 'google redirect' })
#Get('auth/google/redirect')
public async signInWithGoogleRedirect(#Req() req: any) {
return this.userService.socialSignIn(req.user);
}
#UseGuards(AuthGuard('apple'))
#ApiOperation({ summary: 'apple sign in' })
#Get('apple-sign-in')
public async signInWithApple(#Req() req: any) {
return req.user;
}
#UseGuards(AuthGuard('apple'))
#ApiOperation({ summary: 'apple redirect' })
#Get('apple/redirect')
public async signInWithAppleRedirect(#Req() req: any) {
return this.userService.socialSignIn(req.user);
}
import { Injectable } from '#nestjs/common';
import { PassportStrategy } from '#nestjs/passport';
import { Profile } from 'passport';
import { Strategy, VerifyCallback } from 'passport-google-oauth20';
import { RegisteredPlatformsEnum } from 'src/_enum/registered-platforms.enum';
import { ConfigService } from '../config.services';
#Injectable()
export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
constructor(configService: ConfigService) {
super({
clientID: configService.get('GOOGLE_AUTH_CLIENT_ID'),
clientSecret: configService.get('GOOGLE_AUTH_CLIENT_SECRET'),
callbackURL: configService.get('GOOGLE_AUTH_CALLBACK_URL'),
scope: ['email', 'profile'],
});
}
public async validate(
accessToken: string,
refreshToken: string,
profile: Profile,
done: VerifyCallback,
): Promise<any> {
const { name, emails } = profile;
const [userEmail] = emails;
const user = {
email: userEmail.value,
name: name.givenName,
registeredPlatform: RegisteredPlatformsEnum.GOOGLE,
accessToken,
};
done(null, user);
}
}
import path from 'path';
import { Injectable } from '#nestjs/common';
import { PassportStrategy } from '#nestjs/passport';
import { Profile } from 'passport';
import { Strategy, VerifyCallback } from 'passport-appleid';
import { RegisteredPlatformsEnum } from 'src/_enum/registered-platforms.enum';
import { ConfigService } from '../config.services';
#Injectable()
export class AppleStrategy extends PassportStrategy(Strategy, 'apple') {
constructor(configService: ConfigService) {
super({
clientID: configService.get('APPLE_AUTH_CLIENT_ID'),
callbackURL: configService.get('APPLE_AUTH_CALLBACK_URL'),
teamId: configService.get('APPLE_AUTH_TEAM_ID'),
keyIdentifier: configService.get('APPLE_AUTH_KEY_IDENTIFIER'),
privateKeyPath: path.join(
__dirname,
`./AuthKey_${configService.get('APPLE_AUTH_KEY_IDENTIFIER')}.p8`,
),
});
}
public async validate(
accessToken: string,
refreshToken: string,
profile: Profile,
done: VerifyCallback,
): Promise<any> {
const { name, emails } = profile;
const [userEmail] = emails;
const user = {
email: userEmail.value,
name: name.givenName,
registeredPlatform: RegisteredPlatformsEnum.APPLE,
accessToken,
};
done(null, user);
}
}
import { Module, forwardRef, Logger } from '#nestjs/common';
import { TypeOrmModule } from '#nestjs/typeorm';
import { AppModule } from '../../app.module';
import { ConfigService } from '../../services/config.services';
import { UserService } from './services/users.service';
import { UserController } from './user.controller';
import { UserEntity } from '../../model/user.entity';
import { EmailService } from '../../services/email.service';
import { UserRepository } from 'src/repositories/user.repository';
import { GoogleStrategy } from 'src/services/strategy/google-strategy';
import { AppleStrategy } from 'src/services/strategy/apple-strategy';
#Module({
imports: [
forwardRef(() => AppModule),
TypeOrmModule.forFeature([UserEntity, UserRepository]),
],
controllers: [UserController],
providers: [
Logger,
UserService,
ConfigService,
EmailService,
// passport strategies
AppleStrategy,
GoogleStrategy,
],
exports: [UserService],
})
export class UserModule {}
I'm developing a backend using nestjs and passport-local strategy. I use local strategy only for owners login in my projects. but at end of validation it returns the owner in req.user.
how can I change it so it returns the owner in req.owner?
import { Injectable } from '#nestjs/common';
import { OwnerService } from '../owner/owner.service';
#Injectable()
export class AuthService {
constructor(private ownerService: OwnerService) {}
async validateOwner(username: string, pass: string): Promise<any> {
const owner = await this.ownerService.findOneByUsername(username);
// later check with hashed pass
if (owner && owner.owner && owner.owner.password === pass) {
const { password, ...result } = owner.owner;
return result;
}
return null;
}
}
and
import { Strategy } from 'passport-local';
import { PassportStrategy } from '#nestjs/passport';
import { Injectable, HttpException } from '#nestjs/common';
import { AuthService } from './auth.service';
#Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
constructor(private authService: AuthService) {
super({
usernameField: 'username',
passwordField: 'password',
});
}
async validate(username: string, password: string): Promise<any> {
const owner = await this.authService.validateOwner(username, password);
if (!owner) {
throw new HttpException('No Owner found', 404);
}
return owner;
}
}
how I use it:
#UseGuards(AuthGuard('local'))
#Post('login')
async login(#Request() req) {
console.log(req.owner, req.user);
return req.owner;
}
req.owner is empty but req.user has value
UPDATE:
my Authmodule.ts:
import { Module } from '#nestjs/common';
import { AuthService } from './auth.service';
import { OwnerModule } from '../owner/owner.module';
import { LocalStrategy } from './local.strategy';
import { PassportModule } from '#nestjs/passport';
import { JwtModule } from '#nestjs/jwt';
#Module({
providers: [AuthService, LocalStrategy],
imports: [
OwnerModule,
PassportModule.register({
property: 'owner',
})
],
exports: [AuthService],
})
export class AuthModule {}
PassportModule.register({ property: 'owner' })
where PassportModule is imported from #nestjs/passport
I created a LocalAuthGuard class that extends my local strategy:
import { Injectable } from '#nestjs/common';
import { AuthGuard } from '#nestjs/passport';
#Injectable()
export class LocalAuthGuard extends AuthGuard('local') {
constructor() {
super({
property: 'owner',
});
}
}
then wherever I use this guard, it adds my target field to req.owner instead of req.user.
#UseGuards(LocalAuthGuard)
#Post('login')
async login(#Request() req): Promise<LoginResponse> {
return this.authService.login(req.owner);
}
When a user logs into the API generates a token so that he has access to other endpoints, but the token expires in 60sec, I made a function to generate a new valid token using the old token (which was stored in the database), but when I'm going to generate a new valid token I'm getting the secretOrPrivateKey must have a value error
The function refreshToken use function login to generate a new token
Nest error:
secretOrPrivateKey must have a value
Error: secretOrPrivateKey must have a value
at Object.module.exports [as sign] (C:\Users\talis\nova api\myflakes_api\node_modules\jsonwebtoken\sign.js:107:20)
at JwtService.sign (C:\Users\talis\nova api\myflakes_api\node_modules\#nestjs\jwt\dist\jwt.service.js:28:20)
at AuthService.login (C:\Users\talis\nova api\myflakes_api\src\auth\auth.service.ts:18:39)
at TokenService.refreshToken (C:\Users\talis\nova api\myflakes_api\src\token\token.service.ts:39:37)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at TokenController.refreshToken (C:\Users\talis\nova api\myflakes_api\src\token\token.controller.ts:12:16)
at C:\Users\talis\nova api\myflakes_api\node_modules\#nestjs\core\router\router-execution-context.js:46:28
at C:\Users\talis\nova api\myflakes_api\node_modules\#nestjs\core\router\router-proxy.js:9:17
My code:
Function refreshToken in the file token.service.ts
async refreshToken(oldToken: string) {
let objToken = await this.tokenRepository.findOne({hash: oldToken})
if (objToken) {
let user = await this.userService.findOneOrFail({email:objToken.email})
return this.authService.login(user)
} else {
return new UnauthorizedException(MessagesHelper.TOKEN_INVALID)
}
}
Function login in the file auth.service.ts
async login(user: UsersEntity) {
const payload = { email: user.email, sub: user.idUser }
const token = this.jwtService.sign(payload) // here!!!
this.tokenService.save(token, user.email)
return {
token: token
};
}
Error is on const token = this.jwtService.sign(payload)
Here is the file jwt.strategy.ts
import { Injectable } from "#nestjs/common";
import { PassportStrategy } from "#nestjs/passport";
import { ExtractJwt, Strategy } from "passport-jwt";
import { jwtConstants } from "../constants";
#Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor() {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: false,
secretOrKey: jwtConstants.secret,
});
}
async validate(payload: { sub: any; email: any; }) {
return { id: payload.sub, email: payload.email}
}
}
And here local.strategy.ts
import { Injectable, UnauthorizedException } from "#nestjs/common";
import { PassportStrategy } from "#nestjs/passport";
import { Strategy } from "passport-local";
import { MessagesHelper } from "src/helpers/messages.helper";
import { AuthService } from "../auth.service";
#Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
constructor(private authService: AuthService) {
super({ usernameField: 'email' });
}
async validate(email: string, password: string): Promise<any> {
const user = await this.authService.validateUser(email, password);
if(!user)
throw new UnauthorizedException(MessagesHelper.PASSWORD_OR_EMAIL_INVALID)
return user;
}
}
this is the AuthModule where is JwtModule.register
#Module({
imports: [
ConfigModule.forRoot(),
UsersModule,
PassportModule,
TokenModule,
JwtModule.register({
secret: jwtConstants.secret,
signOptions: { expiresIn: '60s' },
}),
],
controllers: [AuthController],
providers: [AuthService, LocalStrategy, JwtStrategy],
exports: [JwtModule, AuthService]
})
export class AuthModule {}
Guys i tried to use images, but i'm new user and i still don't have a reputation, sorry.
Doing what #Micael Levi mentioned in the comments worked for me, so it would be:
const token = this.jwtService.sign(payload, jwtConstants.secret)
For future reference, I encountered this issue despite my environment variables being defined (process.env.SECRET_KEY being undefined was a common problem seen in other similar questions). So what I did to fix mine was:
return {
access_token: this.jwtService.sign(payload, { secret: process.env.JWT_SEC }),
};
I have created the Nest.js app. And I use AWS Cognito to manage user authentication and authorization. I use amazon-cognito-identity-js for handling user signin/signout and #nestjs/passport / #UseGuards(AuthGuard('jwt')) for validating tokens and user access for the routes.
Now I need to get access to the current user attributes(email, phone_number...) in other routes of the app. What is the best way to do this?
auth.service.ts
import { AuthConfig } from './auth.config';
import { Injectable } from '#nestjs/common';
import {
AuthenticationDetails,
CognitoUser,
CognitoUserPool,
CognitoUserAttribute,
} from 'amazon-cognito-identity-js';
#Injectable()
export class AuthService {
private userPool: CognitoUserPool;
private sessionUserAttributes: {};
constructor(private readonly authConfig: AuthConfig) {
this.userPool = new CognitoUserPool({
UserPoolId: this.authConfig.userPoolId,
ClientId: this.authConfig.clientId,
});
}
registerUser(registerRequest: {
name: string;
email: string;
password: string;
}) {
const { name, email, password } = registerRequest;
return new Promise((resolve, reject) => {
return this.userPool.signUp(
name,
password,
[new CognitoUserAttribute({ Name: 'email', Value: email })],
null,
(err, result) => {
if (!result) {
reject(err);
} else {
resolve(result.user);
}
},
);
});
}
authenticateUser(user: { name: string; password: string }) {
const { name, password } = user;
const authenticationDetails = new AuthenticationDetails({
Username: name,
Password: password,
});
const userData = {
Username: name,
Pool: this.userPool,
};
const newUser = new CognitoUser(userData);
return new Promise((resolve, reject) => {
return newUser.authenticateUser(authenticationDetails, {
onSuccess: (result) => {
resolve(result);
},
onFailure: (err) => {
reject(err);
},
});
});
}
}
jwt.strategi.ts
import { ExtractJwt, Strategy } from 'passport-jwt';
import { PassportStrategy } from '#nestjs/passport';
import { Injectable } from '#nestjs/common';
import { AuthService } from './auth.service';
import { passportJwtSecret } from 'jwks-rsa';
import { AuthConfig } from './auth.config';
#Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor(
private readonly authService: AuthService,
private authConfig: AuthConfig,
) {
super({
secretOrKeyProvider: passportJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `${authConfig.authority}/.well-known/jwks.json`,
}),
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
audience: authConfig.clientId,
issuer: authConfig.authority,
algorithms: ['RS256'],
});
}
public async validate(payload: any) {
return !!payload.sub;
}
}
app.controller.ts
import { Controller, Get, UseGuards, Header } from '#nestjs/common';
import { AppService } from './app.service';
import { AuthGuard } from '#nestjs/passport';
#Controller()
export class AppController {
constructor(private readonly appService: AppService) {}
#Get()
#UseGuards(AuthGuard('jwt'))
#Header('Content-Type', 'text/html')
getHello(): string {
return this.appService.getHello();
}
}
user is set as a property on the request when passport successfully authenticates the user.
The request can be injected in your controller and user property then accessed.
import { Controller, Get, UseGuards, Header, Request } from '#nestjs/common';
import { AppService } from './app.service';
import { AuthGuard } from '#nestjs/passport';
#Controller()
export class AppController {
constructor(private readonly appService: AppService) {}
#Get()
#UseGuards(AuthGuard('jwt'))
#Header('Content-Type', 'text/html')
getHello(#Request() req): string {
console.log(req.user);
return this.appService.getHello();
}
}