I couldn't figure out why my flash message wasn't available when testing a bad password login. Finally I figured it out; flash doesn't work with Axios.
Why is it that flash-connect doesn't work with Axios but it works with Postman? I'm a noob with sessions, so I think it may have something to do with sessions.
I used Node.js, Express.js, Passport.js
Here is the gist.
How to recreate using the gist:
Save each file in a project folder
npm install
npm start
You'll see axios log to the console: "Error from Flash Message: undefined". The flash message is missing.
If you use Postman and post to http://localhost:3300/login with the body { "email":"test#test.com", "password": "paskword" } you get the correct flash message: Error from Flash Message: invalid password.
Related
I have followed the tutorials for adapting passport authentication strategies to Loopback 4, and have successfully gotten passport-http to work. But, when trying to get passport-ldapauth to work with loopback 4, I am consistently getting the following error Http response (using postman):
{
"error": {
"statusCode": 401,
"name": "UnauthorizedError",
"message": {
"message": "Missing credentials"
}
}
}
I have confirmed the online LDAP test server works with my setup (used a plain Express app with passport-ldapauth, with total success). Using the same LDAP config in Loopback 4, however, produces the above error.
My test Loopback app is here: https://replit.com/#woff2/CarefulGreenBits
It seems to me that I am doing something wrong with passing the verifyFn in to the AuthenticationStragegy.
Can anyone see what I am doing wrong? I have been at this for three or four days now!
It would be of great benefit to the community to solve this. I have seen many people online wanting the same auth method to work in Loopback over the past week.
UPDATE: I've narrowed it down to the request body not being processed. Whether the request body contains the username/password pair or not, the same 'Missing credentials' error results.
I found out that the username/password tuple must be passed as params on the http request. This information was contained in source-code comments of the passport-ldapauth package. Note however that when using passport-ldapauth with Express framework, passing the tuple in the request body does work.
Nodejs api is working fine with postman but while i'm trying it with react i'm getting some errors like message: "Request aborted", name: "AxiosError", code: "ECONNABORTED"
I haven't added the authentication yet in my api so that is not needed i guess.
I tried to send it in various ways even i tried to handle preflight problem of cors but not sure if i handled that or not! the api is working with postman absolutely ok response as expected.
make sure you don't pass credentials query params in you get request. if you have added credentials in your get request replace your http method with post.
I am trying to send an auth header along with an axios POST request from inside a Vue application. I currently am getting a 401 from my back end with an auth header that works when I do a curl.
I've tried splitting it up into variables and putting it in but that did not work and resulted in the same error (401).
This is just the axios code I am trying to get to work. I have checked with console.log and all values I am trying to send exist, though I don't know how to check the axios headers before sending.
axios.defaults.headers.common["Authorization"] = JWTtoken;
axios.post(updateURL, {
token: result.token
});
The backend code can't be changed easily for testing so need to figure out why not sending from the front end
I'd like it to send the correct header along with my request so I don't get a 401 status code.
I think you need this..
axios.defaults.headers.common["Authorization"] = "Bearer " + JWTtoken;
axios.post(updateURL, {
token: result.token
});
Notice that I add Bearer in the Authorization. It is how JWT was meant to be used according to their introduction.
However, if the answer is wrong. Help us by providing more information about your response in Developer Console as #RuChernChong suggest. Any error logs would be helpful as well.
Another way by using Axios globals to set for example X-Auth-Token encoding from JWT.io directly like this:
axios.defaults.headers.common["X-Auth-Token"] = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
I am so confused,
all the Firebase authentication tutorial online are teaching how to login in frontend,
of course you can get the token and send it to server for verification if its a post request,
but what about normal get request like a page request? I have installed firebase-admin already but i didnt find any method for getting current user........
i am using node and express
for example
app.get('/', function(req, res) {
const idToken = (where can i get the token??)
console.log(idToken);
res.render('index.ejs');
});
You still have to arrange for the auth token to be sent in the HTTP request. You can do that with a header in the request. Sample code showing exactly this case can be found in the official samples. This will work for any HTTP method, and is a lot better than trying to use a POST body.
The sample uses the Authorization header to transmit the token and verifyIdToken() to make sure it's valid.
So when a login fails to validate, I currently respong with res.send(401). However I want to send a snippet of text or html along with the error code.
I tried this:
res.write('string');
res.send(401);
but threw an error and my server wouldn't start.
You're mixing Express methods with the native HTTP methods. Since Express' internally uses the native HTTP modules, you should use one or the other.
// Express
res.status(401);
res.send('string');
// or the shortcut method
res.send(401, 'string');
// HTTP
res.writeHead(401);
res.end('string');
From the examples in express docs
res.status(404).send('Sorry, we cannot find that!');
res.status(500).send({ error: 'something blew up' });
A bit more verbose example, but works even when you try to render a template:
res.status(401).send('Unauthorized')
or
res.status(401).render('/401.html')
res.send(error_code,msg);
is deprecated. You should do this instead.
res.status(error_code).send(msg);
Update:
For express v 4.13.4, it will throw error when you do this.
res.status(error_code).send(msg);
saying you can't set headers after they are sent.