I have an API that I have previously defined like this.
app.get('/login', function(req, res){
//API implementation
});
I now have a second part of the API that needs to use the login API for verification.
app.get('/changePassword', function(req, res){
//Make request to /login endpoint and verify user credentials
});
How do I make a request to the login API from the change password function?
You could use the following function
res.redirect("/login");
Related
If I wasn't using react and was using express(nodejs) in the backend, this is what I would do for [an extremely simplified] auth system:
//Auth Middleware
const auth = (req, res, next)=>{
if(req.session.loggin_in===true){ next()}
else{ res.redirect('/login')}
}
//Endpoints
app.get('/', auth, (res, req)=>{ res.render('homepage')})
app.get('/login', (req, res)=>{ res.render('login')})
I know that you can use react routing to redirect the user to different pages, but how can you use middleware and session variables?
Do you have to send an http request for authentication from the client side to see whether the user is logged in? If this was the case, and supposing I wasn't logged in and tried to access the home page, I would first go to the home page before being redirected to the login page.
Thanks.
I have in my backend server, which was built with Node JS, an authentication with the package "passport-azure-ad". I put the important elements of the code here in the post.
Basically, the process is that when I call the URI "localhost:3000/login", I start the authentication and (if you are not already logged in) the login window I get from Azure pops up. After the login, it routes to the callback URI.
I.e. I have the complete "login infrastructure" I need for my use case. However, now I built a frontend with Angular and unfortunately I have absolutely no idea how to best proceed to integrate the authentication I built in Node JS into my frontend (Angular)?
I want to check if there is a login when calling my frontend (localhost:4200), if not I want to route to 3000/login to trigger the Microsoft login window. I do this check in the backend with the ensureAuthenticated function. Now I wonder how to call all this from the frontend? It would be nice if someone could support me on this, any tips or any suitable sources would be greatly appreciated - thanks!
// session management
app.use(session({
resave: true,
saveUninitialized: true,
secret: process.env.COOKIE_SECRET
}));
app.use(passport.initialize());
app.use(passport.session());
// check if logged in
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login');
};
// call azures login page
app.get('/login',
passport.authenticate('azuread-openidconnect')
);
// callback uri after authentication
app.post('/auth/oauth/callback',
function (req, res, next) {
passport.authenticate('azuread-openidconnect',
{
failureRedirect: '/failure',
}
)(req, res, next);
},
function (req, res) {
res.redirect('/account');
});
// protected ressource
app.get('/account', ensureAuthenticated, function (req, res) {
res.redirect('Login succesfull!');
});
// logout
app.get('/logout', function (req, res) {
req.logout();
req.session.destroy();
res.send('Ausgeloggt!');
});
When using an SPA like Angular, you can't no longer use this kind of authentication flow by using passport strategies to authenticate to third party endpoints like Microsoft/Google.
Instead, you start the OAuth2.0 flow from your Angular application straight to the Microsoft authentication endpoint. Tokens will be used for further authentication.
Some links:
Microsoft identity platform and OAuth 2.0 authorization code flow
Sign in users and call the Microsoft Graph API from an Angular single-page application (SPA) using auth code flow
I am logging in user successfully /login and able to show information on my /profile route.
Now, I am trying to /logout the authenticate user, but seems it is not working. When trying passing logout route , nothing is happening. The JWT token is not getting expire so the /profile data is there even after logout click.
//logout testing
router.post('/logout' , checkAuth, (req, res) => {
req.logOut();
res.status(200).send(["logged out"]).redirect('/login');
});
This is my /profile:-
router.get('/profile', checkAuth, (req, res, data) =>{
User.find(req.userData, function(err, users) {
res.send(req.userData);
});
});
I want the logout to be global. The user must get logged out from each device user is logged in
When you use a JWT your server is stateless, you don't have a session in your server. You must delete the stored JWT from the client side or (but I'm not fan of this technique, it's not a good practice) you can store the list of "revoked" JWT, in the server side, when you logout and check if the token send by the client is on this list. You can also store the date of the last logout and check if the date of the JWT is oldest than the logout date, if is oldest the JWT is not valid.
var claims = [];
app.get('/', ensureAuthenticated, function(req, res) {
claims = req.user['_json'];
app.use(express.static(path.join(__dirname, '/client/build')));
res.sendFile(path.join(__dirname, '/client/build/index.html'));
});
Above route and middleware authenticates the user that is trying to log in to my application, I want the logged in user details to be sent to UI along with res.sendFile and access them in my angular2 .ts file. How can I do so?
claims has the logged in user details
Using Express, you can't send a file and data at the same time. You will need to create two separate routes to get your user details and the webpage.
See this answer for more details : https://stackoverflow.com/a/31461737/4719679
I am currently developing an application with Node.js backend and vue.js as a frontend framework. As a log in for the application I am using passport-steam which works perfectly on the backend. A user is redirected to steam from the frontend in order to log in, the backend deals with the login and returns a req.user. Checking for user.isAuthenticated works on the backend. My question is how to pass that user information and the session that a user is authenticated to the frontend client ?
Server code:
app.get('/auth/steam/return',
passport.authenticate('steam', { failureRedirect: '/' }),
function(req, res) {
res.redirect('http://localhost:8080/#/index');
});
app.get('/account', ensureAuthenticated, function(req, res){
res.send({user: req.user});
});
When the user is successfully authenticated with steam he is redirected to the frontend --> localhost:8080/#/index which creates an axios request to localhost:/3001/account the backend whith the information for the steam account. Unfortunately nothing happens as the frontend request is not authenticated. Any suggestions ?
Thanks a lot !!