I use connect-mongo to store sessions in a DaaS, then I added a Remember me checkbox in the login page but when I don't check the textbox, it still writes the sessions in the sessions table. I wonder what I can be doing wrong:
server.js:
// server.js
// set up ======================================================================
// get all the tools we need
var express = require('express');
var app = express();
var port = process.env.PORT || 5000;
var mongoose = require('mongoose');
var passport = require('passport');
var flash = require('connect-flash');
var morgan = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var session = require('express-session');
var MongoStore = require('connect-mongo')(session);
var path = require('path'); //join method
var configDB = require('./config/database.js');
//pass passport for configuration
require('./config/passport')(passport);
// configuration ===============================================================
mongoose.connect(configDB.url, {useMongoClient : true}); // connect to our database
// set up our express application
app.use(express.static(path.join(__dirname, 'views'))); //angular and css files
app.use(morgan('dev')); // log every request to the console
app.use(cookieParser()); // read cookies (needed for auth)
app.use(bodyParser()); // get information from html forms
app.set('view engine', 'ejs'); // set up ejs for templating
//required for passport
app.use(session({
store: new MongoStore({ mongooseConnection: mongoose.connection, ttl: 14 * 24 * 60 * 60, autoRemove:'native', collection:'AllSessions' }),
secret: 'foo'
}));
app.use(passport.initialize());
app.use(passport.session()); // persistent login sessions
// use connect-flash for flash messages stored in session
app.use(flash());
// routes ======================================================================
require('./app/routes.js')(app, passport); // load our routes and pass in our app and fully configured passport
//log all other requests here
app.get('*', (req, res) => {
res.sendFile(path.join(__dirname, 'views'));
});
// launch ======================================================================
app.listen(port);
console.log('The magic happens on port ' + port);
routes.js (POST code):
// process the login form
app.post('/login', passport.authenticate('local-login', {
successRedirect: '/profile', // redirect to the secure profile section
failureRedirect: '/login', // redirect back to the signup page if there is an error
failureFlash: true // allow flash messages
}),
function(req, res, next)
{
if (!req.body.remember_me)
{
return next();
}
else{
app.use(session({
store: new MongoStore({ mongooseConnection: mongoose.connection, ttl: 14 * 24 * 60 * 60, autoRemove:'native', collection:'AllSessions' }),
secret: 'foo'
}));
}
});
Any suggestions are appreciated. Thanks in advance.
You're trying to initialize session when remember me is clicked, so rather than doing that. Initialize the session with a bare-minimum timeout and then use the code below:
app.use(session({
store: new MongoStore({ mongooseConnection: mongoose.connection, ttl: 3600000, autoRemove:'native', collection:'AllSessions' }),
secret: 'foo'
}));
app.post('/login', passport.authenticate('local-login', {
successRedirect: '/profile', // redirect to the secure profile section
failureRedirect: '/login', // redirect back to the signup page if there is an error
failureFlash: true // allow flash messages
}),
function(req, res, next)
{
if (!req.body.remember_me)
{
req.session.cookie.expires = false;
return next();
}
else{
req.session.cookie.maxAge = 2628000000; // for one month.
}
});
Related
I am using passport to implement a login function on my application. However, every time I try to authenticate the user, I cannot get passed the authentication and am redirected to the failure URL. I have confirmed that there is a user in the MongoDB database and the user supplied password is correct. However, I cannot get past the passport authentication. Can anyone please help me out ?
This is my index.js
const express = require('express');
const app = express();
const mongoose = require('mongoose');
const path = require('path');
const ejsMate = require('ejs-mate');
const loginRoutes = require("./routes/login");
const User = require('./models/users');
const session = require('express-session');
const userRoutes = require('./routes/user');
const passport = require('passport');
const localStrategy = require('passport-local');
sessionConfig = {
name: "session",
secret: 'BetterSecret',
resave: false,
saveUninitialized: true,
cookie: {
httpOnly: true,
expires: Date.now() + 604800000, //Date.NOW + No. of Miliseconds in the week
maxAge: 604800000
}
};
//Connection strings only beyond this line
mongoose.connect('mongodb://localhost:27017/myLoc').then(console.log("DB connected")).catch(error => handleError(error));
app.listen(5500, (req, res, next) => {
console.log("Connected");
});
//app.uses
app.use(express.urlencoded({ extended: true }));
app.use("/", loginRoutes);
app.use("/business", userRoutes);
app.engine('ejs', ejsMate);
app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views')); //setting up the views directory
app.use(express.static(path.join(__dirname, 'public'))); //public directory to serve static content
app.use(session(sessionConfig));
app.use(passport.initialize());
app.use(passport.session());
passport.use(new localStrategy(User.authenticate()));
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
This is the router for the login:
const express = require('express');
const router = express.Router();
const users = require('../controllers/users');
const passport = require('passport');
router.route('/login')
.get(users.renderLoginForm)
.post(passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login' }), users.login);
router.route('/register')
.get(users.renderRegisterForm)
.post(users.createNewUser);
module.exports = router;
and for the controller I just have a console.log for now
module.exports.login = (req, res, next) => {
console.log("I am here");
};
I am using PassportJS to authenticate users in my application. After a user logs in, the session is created, but soon after being redirected, the session appears to become undefined once again because it hasn't been saved. I found online that often times with redirects, the redirect completes before the session is saved, and so it's as if authentication never happened. The apparent solution is to use the req.session.save function so that redirects will only happen after the session is saved. However, I am getting an error log of "TypeError: req.session.save is not a function." Can somebody please help?
Here is my code for app.js.
var express = require('express'),
passport = require('passport'),
session = require('express-session'),
bodyParser = require('body-parser'),
RedisStore = require('connect-redis')(session),
redis = require('redis'),
logger = require('morgan'),
errorHandler = require('express-error-handler'),
site = require('./site'),
oauth2 = require('./oauth2'),
port = process.env.PORT || 8080;
var app = express();
var redisClient = redis.createClient(8080, 'localhost');
// use sessions for tracking logins
app.use(session({
secret: 'keyboard cat',
resave: true,
saveUninitialized: true,
store: new RedisStore({
client: redisClient,
host: "pub-redis-14280.us-central1-1-1.gce.garantiadata.com",
port: 12543,
ttl: 260
})
}));
app.use(logger('dev'));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json({ type: 'application/json' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(errorHandler({ dumpExceptions: true, showStack: true }));
// use ejs as file extension for views
app.set('view engine', 'ejs');
app.use(express.static(__dirname + '/views'));
// use passport
require('./auth');
// Account linking
app.get('/', site.index);
app.get('/login', site.loginForm);
app.post('/login', site.login);
app.get('/logout', site.logout);
app.get('/authorize', oauth2.authorization);
app.post('/authorize/decision', oauth2.decision);
// set up local server
if (module === require.main) {
// [START server]
// Start the server
var server = app.listen(process.env.PORT || 8080, function () {
var port = server.address().port;
console.log('App listening on port %s', port);
});
// [END server]
}
module.exports = app;
site.js:
var passport = require('passport');
var login = require('connect-ensure-login');
// get layout
exports.index = function (req, res) {
console.log("layout loaded");
res.render('layout');
}
// get login form
exports.loginForm = function (req, res) {
console.log("login page loaded");
res.render('login');
}
// post login form
exports.login = [
passport.authenticate('local'),
function (req, res) {
req.session.save(function (err) {
res.redirect('/');
});
}
]
// logout
exports.logout = function (req, res) {
req.logout();
res.redirect('/');
}
Passport serialize/deserialize user:
passport.serializeUser(function(id, done) {
console.log("serializing user");
done(null, id);
});
passport.deserializeUser(function(id, done) {
console.log("deserializing user");
done(null, id);
});
In my passport authentication, I return the user id for simplicity, since that's all I need to represent users in my system.
In case anybody else is still having this issue (like me), try following Nathan's comment above and debug your connection to your redis/mongo/etc store.
What worked for me was I had my redis host set to http://localhost so I swapped it to 127.0.0.1 (local development of course) and everything immediately worked.
I developing login page.
If user successfully logs in , then I want to store user_Id into session variable,which I will be using to authenticate other pages.
App.js
var express = require('express');
var bodyParser = require('body-parser');
var mongoose = require('mongoose');
var passport = require('passport');
var cookieParser = require('cookie-parser');
var session = require('express-session');
app.use(bodyParser.json());
app.use('/user', userRoutes);
app.use('/', index);
app.use(cookieParser());
app.use(session({
secret: "helloKey",
resave: false,
saveUninitialized: true,
store: new MongoStore({ mongooseConnection: mongoose.connection}),
cookie: { maxAge: 180 * 60 * 1000 }
}));
User router
var express = require('express');
var router = express.Router();
User = require('../models/user');
//Login User
router.post('/login', function (req, res) {
var user = new User(req.body);
User.login(user, function (err, user) {
if (err) {
res.sendStatus(500);
throw err;
}
if (!user) {
res.sendStatus(404);
return;
}
req.session.name = user.id;
res.json(user.id);
});
});
Problem is if I execute this code I am getting Cannot set property 'name' of undefined
What I am doing wrong?
Please Help.
Problem is that your routes are already setup before session so you have to reorder the code.
Move these lines
app.use('/user', userRoutes);
app.use('/', index);
Below the app.use(session) declaration.
app.use(session({
secret: "helloKey",
resave: false,
saveUninitialized: true,
store: new MongoStore({ mongooseConnection: mongoose.connection}),
cookie: { maxAge: 180 * 60 * 1000 }
}))
I'm trying to access 'testpage' route. But the req.isAuthenticated() returns false only for this route. (This route was there before I started to add authentication).
I'm able to go to login page and authenticate with google. Then I can access 'signup' or 'user_profile' route without problems.
After login if I try:
localhost:8080/testpage
the server sends me to "/". But if I try:
localhost:8080/testpage#
with hash sign in the end, the page is rendered.
// routes/users.js
var express = require('express');
var router = express.Router();
module.exports = function (passport) {
router.get('/login', function (req, res) {
res.render('login', { message: req.flash('loginMessage') });
});
router.get('/auth/google', passport.authenticate('google', { scope: ['profile', 'email'] }));
router.get('/auth/google/callback',
passport.authenticate('google', {
successRedirect: '/',
failureRedirect: '/'
}));
router.get('/user_profile', isLoggedIn, function (req, res) {
res.render('user_profile');
});
router.get('/signup', isLoggedIn, function (req, res) {
res.render('signup');
});
router.get('/testpage', isLoggedIn, function (req, res) {
res.render('testpage');
});
return router;
};
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
res.redirect('/');
}
Any ideas why this is happening?
* update *
Here my app.js
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var passport = require('passport');
var flash = require('connect-flash');
var session = require('express-session');
var db = require('./mongoose');
var app = express();
require('./config/passport')(passport);
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'hbs');
// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use(session({
secret: 'secret123',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
var users = require('./routes/users')(passport);
app.use('/', users);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
It could be due to the express-session middleware that is needed for passport. you can fix it by using middleware in following order.
var session = require('express-session')
var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
secret: 'yoursecret',
resave: true,
saveUninitialized: true,
cookie: { secure: true },
// you can store your sessions in mongo or in mysql or redis where ever you want.
store: new MongoStore({
url: "mongourl",
collection: 'sessions' // collection in mongo where sessions are to be saved
})
}))
// Init passport
app.use(passport.initialize());
// persistent login sessions
app.use(passport.session());
See https://github.com/expressjs/session for more details.
Also I think so you have not config google strategy.
try some thing like following
var GoogleStrategy = require('passport-google-oauth').OAuthStrategy;
// Use the GoogleStrategy within Passport.
// Strategies in passport require a `verify` function, which accept
// credentials (in this case, a token, tokenSecret, and Google profile), and
// invoke a callback with a user object.
passport.use(new GoogleStrategy({
consumerKey: GOOGLE_CONSUMER_KEY,
consumerSecret: GOOGLE_CONSUMER_SECRET,
callbackURL: "http://www.example.com/auth/google/callback"
},
function(token, tokenSecret, profile, done) {
User.findOrCreate({ googleId: profile.id }, function (err, user) {
return done(err, user);
});
}));
Finally after one entire day I just realized that when I was typing localhost:8000/testpage in the url bar it was been changed to www.localhost:8000/testpage. And the auth dos not work with www*. Another thing is that google chrome tries to predict what url you will type and this could cause this type of error, and it is annoying at debugging. So I unchecked this options at chrome's settings, preventing prediction.
In my production app, saving data to a session then redirecting is completely unreliable. A console.log after saving the session shows the data has been attached. Then on redirect, another console.log shows that the session has been reset. Every 3-5 tries, the session will persist across the redirect, but it is mostly unreliable. In my development app this code works flawlessly...
• I've tried changing the version of express-session
• I've tried moving the static folder above the session middleware in server.js
• I've tried using req.session.save()
UPDATE ******
This is a known issue with the session middleware: https://github.com/expressjs/session/pull/69
Here is my server.js
// Module Dependencies
var express = require('express');
var app = express();
var mongoose = require('mongoose');
var bodyParser = require('body-parser');
var session = require('express-session');
var favicon = require('serve-favicon');
var methodOverride = require('method-override');
// Set Environment from ENV variable or default to development
var env = process.env.NODE_ENV = process.env.NODE_ENV || 'development';
var config = require('./config/config');
// Set Port
var port = process.env.PORT || config.app.port;
// Connect to our MongoDB Database
// mongoose.connect(config.db);
// set the static files location /public/img will be /img for users
app.use(express.static(__dirname + '/public'));
// Express Session
app.use(session({
secret: 'asfasfa3asfa',
resave: true,
saveUninitialized: true,
cookie: {
secure: false,
maxAge: 2160000000
}
}));
// Favicon
app.use(favicon(__dirname + '/public/img/favicon.ico'));
// Set Jade as the template engine
app.set('views', './app/views');
app.set('view engine', 'jade');
// Get req.body as JSON when receiving POST requests
app.use(bodyParser.json()); // parse application/json
app.use(bodyParser.json({
type: 'application/vnd.api+json'
})); // parse application/vnd.api+json as json
app.use(bodyParser.urlencoded({
extended: true
})); // parse application/x-www-form-urlencoded
// override with the X-HTTP-Method-Override header in the request. simulate DELETE/PUT
app.use(methodOverride('X-HTTP-Method-Override'));
// routes ==================================================
require('./app/routes')(app); // pass our application into our routes
// start app ===============================================
app.listen(port);
console.log('****** App is now running on port ' + port + ' ******'); // shoutout to the user
exports = module.exports = app; // expose app
Here is the controller where the session is being saved:
// Module dependencies.
var config = require('../../config/config');
// Render Either Home Page or Dashboard Page If User is Logged In
var index = function(req, res) {
console.log("Session At Home Page: ", req.session)
if (req.session.user) {
res.render('dashboard');
} else {
res.render('home');
}
};
// Handle Authentication Callback
var callback = function(req, res) {
// Get Access Token via Service-SDK
Service.getAccessToken(req, function(error, tokens) {
if (error) {
console.log(error);
return res.redirect('/');
}
// Otherwise, Save User Data & API Tokens To Session
req.session.regenerate(function(err) {
req.session.user = tokens.user_id;
req.session.access_token = tokens.access_token;
req.session.client_token = tokens.client_token;
req.session.save(function(err) {
console.log("Session Before Redirect: ", req.session);
res.redirect('/');
})
});
});
};
module.exports = {
index: index,
callback: callback
};
My Routes
app.get('/auth/service/callback', application.callback)
app.get('/logout', application.logout);
app.get('/', application.index);
There is a conflict between the livereload and the express-session in the Express 4. You can read more about it here https://github.com/expressjs/cookie-session/issues/14
But in short, the livereload must be called AFTER the session. As this:
var express = require("express");
var http = require("http");
var session = require("express-session");
var livereload = require("connect-livereload");
var app = express();
app.set("port", 9090);
/**
* First you must config the session
*/
app.use(session({
secret: "keyboardcat",
name: "mycookie",
resave: true,
saveUninitialized: true,
cookie: {
secure: false,
maxAge: 6000000
}
}));
/**
* Then you can config the livereload
*/
app.use(livereload())
/**
* This simple url should create the cookie.
* If you call the livereload first, the cookie is not created.
*/
app.get("/",function(req,res){
req.session.name = "blaine";
res.end("ok");
});
/**
* If you call the livereload first, the session will always return nothing
* because there is no cookie in the client
*/
app.get("/me",function(req,res){
var name = req.session.name;
var message = "Hello [" + name + "]!";
res.end(message);
});
http.createServer( app ).listen(
app.get("port"),
function(){
console.log("server is running in port ", app.get("port"));
}
)
If you call the livereload BEFORE the session config, all will seems to work but the cookie will not persist. This was a tricky bug and I lost a full day into it. I hope this help somebody.