I am trying to set it to true and only then redirect to another page. However I get redirected first and then it's set to true..
Code:
exports.logIn= function(req, res, next) {
req.session.loggedIn = true;
res.redirect("/home");
};
You can achieve this using res.locals
exports.logIn= function(req, res, next) {
//AUTHENTICATE
res.locals.loggedIn = true;
res.redirect("/home");
};
Then on '/home' route you can check the user is logged in or not by reading res.locals.loggedIn
if(res.locals.loggedIn){
// DO SOMETHING
} else {
//REDIRECT TO LOGIN
}
Related
My app is on express, mongoDB. I add authorization by session. Don't work logout. There is the link on a page (this is pug):
a(href="/logout") logout
It's handler:
app.get('/logout', function (req, res, next) {
if (req.session) {
// delete session object
req.session.destroy(function (err) {
if (err) {
return next(err);
} else {
return res.redirect('/');
}
});
}
});
When clicked, it displays this and redirect does not occur. If you delete everything except redirect, then redirect will work. But I need to delete the authorization session.
try something like this
app.get('/logout', function (req, res, next) {
// If the user is loggedin
if (req.session.loggedin) {
req.session.loggedin = false;
res.redirect('/');
}else{
// Not logged in
res.redirect('/');
}
});
If you are using passportjs, you need to call the req.logout() to terminate a login session. See documentation here
Currently using node.js, express & passport.js to create a custom website/application.
Having followed several guides, I have a functioning login/logout system with authentication. However, should a user revisit and their session is still active, it doesn't redirect them to the 'dashboard'.
Current root route:
/* GET login page. */
router.get('/',function(req, res) {
// Display the Login page with any flash message, if any
res.render('index', { message: req.flash('message') });
});
I am making use of the isAuthenticated function, as below:
var isAuthenticated = function (req, res, next) {
if (req.isAuthenticated())
return next();
res.redirect('/');
}
How do I get it to automatically redirect users with an existing session? Any pointers most welcome!
Ok, I figured it out. In the / route, I queried whether req.user was set.
/* GET login page. */
router.get('/',function(req, res) {
if(req.user){
res.redirect("/dashboard");
}else{
// Display the Login page with any flash message, if any
res.render('index', { message: req.flash('message') });
}
});
You can attach a middleware with "/" endpoint something like this.
router.get('/', sessionValidate, function(req, res, next) {
res.render('login');
});
Where sessionValidate looks something like this :
function sessionValidate(req,res,next){
console.log(req.user,"i am here");
users.findById(req.user,function(err, user) {
if(user!=null){
req.session.user = user;
res.locals.user=user;
res.redirect("/home")
}
else {
next();
}
});
}
I am trying to add two authentication controllers to one route. For example, this is basically what I am trying to make:
router.route('/employees')
.get(authController1.isAuthenticated, myController1.get1)
.get(authController2.isAuthenticated, myController2.get2);
The isAuthenticated function is as follows:
exports.isAuthenticated = passport.authenticate('basic', {
session: false
});
Does anyone know how this would be possible?
Thanks,
Daniel
Route:
router.route('/employees')
.get(authController.isAuthenticated1, authController.isAuthenticated2, myController1.get1)
authController :
exports.isAuthenticated = function(req, res, next) {
// Authentication code
if (!req.isAuthenticated) {
// Not authenticated
return res.status(401).send({
message: 'User is not authenticated'
});
}
next();
};
exports.isAuthenticated2 = function(req, res, next) {
// Authentication2 code
if (!req.isAuthenticated2) {
// Not authenticated
return res.status(401).send({
message: 'User is not authenticated'
});
}
next();
};
myController
exports.get1 = function(req, res) {
// Both are authenticated so we can proceed.
}
Perhaps something like this?
exports.isAuthenticated = function(req, res, next) {
req.user == 'type1' ? fnType1(req, res, next) : fnType2(req, res, next); // Do check and call method.
};
function fnType1(req, res, next) {
//Authentication code
// Attach type to req
req.userType = 1;
next();
}
function fnType2(req, res, next) {
//Authentication code
// Attach type to req
req.userType = 2;
next();
}
exports.get1 = function(req, res) {
// Both are authenticated so we can proceed.
if(req.userType = 1){
// Do something
} else {
// Do something else
}
}
I'm setting up dynamic routes and using basicAuth (when a user/pass has been configured). Here's what I have:
var basicAuth = express.basicAuth,
auth = function(req, res, next) {
if (config.hasOwnProperty(req.params.project)) {
var auth = config[req.params.project].auth;
if (auth) {
basicAuth(function(user, pass, callback) {
// Check credentials
callback(null, user === auth.user && pass === auth.pass);
})(req, res, next);
} else {
// No authentication
return true;
}
}
};
Then, my route looks like this:
app.get("/:project", auth, function (req, res) {
...
});
It's getting the config from a file which either contains the auth object with auth.user and auth.pass or is set to false. When set to false I'd like to (obviously) skip authentication.
The basicAuth is working when turned on, but I can't figure out how to dynamically bypass it.
Connect doesn't check the return value of the middleware, so returning true doesn't mean anything. You need to call the next function so that Connect knows to continue.
var basicAuth = express.basicAuth,
auth = function(req, res, next) {
if (config.hasOwnProperty(req.params.project)) {
var auth = config[req.params.project].auth;
if (auth) {
basicAuth(function(user, pass, callback) {
// Check credentials
callback(null, user === auth.user && pass === auth.pass);
})(req, res, next);
} else {
// No authentication
next();
}
}
};
Also, it looks like the basicAuth callback can be synchronous, so it's probably cleaner to do this:
basicAuth(function(user, pass) {
// Check credentials
return user === auth.user && pass === auth.pass;
})(req, res, next);
Finally, basicAuth has another alternate form, so you can just do:
basicAuth(auth.user, auth.pass)(req, res, next);
I have a express route like this:
app.get('/', auth.authOrDie, function(req, res) {
res.send();
});
where authOrDie function is defined like that (in my auth.js module):
exports.authOrDie = function(req, res, next) {
if (req.isAuthenticated()) {
return next();
} else {
res.send(403);
}
});
Now, when the user is not authenticated, I would like to verify if the http request has a Authorization (Basic) header. To do that, I would like to use the great connect middleware basicAuth().
As you know, Express is built on top of Connect, so I can use express.basicAuth.
The basicAuth is generally used like that:
app.get('/', express.basicAuth(function(username, password) {
// username && password verification...
}), function(req, res) {
res.send();
});
But, I would like to use it in my authOrDie function like that:
exports.authOrDie = function(req, res, next) {
if (req.isAuthenticated()) {
return next();
} else if {
// express.basicAuth ??? ******
} else {
res.send(403);
}
});
****** How can I call the basicAuth function with the good parameters (req ? res ? next ? ...).
Thanks.
Calling the express.basicAuth function returns the middleware function to call, so you'd invoke it directly like this:
exports.authOrDie = function(req, res, next) {
if (req.isAuthenticated()) {
return next();
} else {
return express.basicAuth(function(username, password) {
// username && password verification...
})(req, res, next);
}
});