My React application is logging in successfully, and the backend is also working successfully.
Question: What is going wrong here? This works fine in Postman and retains my cookie/session information.
How do I make sure react retains the necessary authentication details for fetching from the API?
However, when rendering a new page and accessing my API to get user information, I'm received a 401 Unauthorized error.
I am using an emitter to fetch my data.
My API works fine using Postman but does not work in React. Code below:
Passport login & User serialization:
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
connection.query("select * from users where id = "+ id, function(err,user) {
done(err, user[0]);
});
});
passport.use('local-signup', new LocalStrategy({
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true
},
function(req, email, password, done) {
connection.query("select * from users where email = '"+ email +"'",function(err,user) {
console.log(user);
console.log("above row object");
if (err)
return done(err);
if (user.length) {
return done(null, false);
} else {
var passwordHash = sha1(req.body.password)
var newUserMysql = new Object();
newUserMysql.name = req.body.name;
newUserMysql.password = passwordHash;
newUserMysql.email = req.body.email;
newUserMysql.group_id = req.body.group_id;
var insertQuery = "INSERT INTO users (name, password, email, group_id) values ('"+ req.body.name +"','"+ passwordHash +"','"+ req.body.email +"','"+ req.body.group_id +"')";
console.log(insertQuery);
connection.query(insertQuery,function(err,user){
newUserMysql.id = user.insertId;
return done(null, newUserMysql);
});
}
});
}));
My react emitter for profile information:
export default class ProfileController {
constructor(emitter) {
this.Emitter = emitter;
}
init() {
this.Emitter.on('GetMyUser', this.getMyUser.bind(this));
}
getMyUser() {
fetch(`${domain}/api/user/self`, {//This is where it appears to be failing!!!
method: 'GET',
credentials: 'include'
})
.then((res) => {
return res.json();
})
.then((res) => {
this.Emitter.emit('OnGetMyUser', res.data);
})
.catch((e) => {
this.Emitter.emit('OnGetMyUser', 'Failed to load User from Controller.');
Alert.error('Failed to load user.');
});
}
}
And finally, the route itself in my API:
app.get('/api/user/self', function(req, res) {//Get current user by id profile information
if (!req.isAuthenticated()) {
return res.status(401).send({code: 401, message: "Unauthorized"});
}
connection.query("SELECT id, name, email, group_id FROM users WHERE id = ?", [
req.user.id
], function(error, result) {
if (error) {
console.log(error);
return res.status(500).send({code: 500, message: "Internal Server Error"});
}
else if (result.rowCount === 0) {
return res.status(404).send({code: 404, message: "Not found"});
}
console.log(result);
return res.send(userFull(result));
});
});
Related
Server returning "Error: Failed to serialize user into session" when attempting to use register user using Passport.js and AJAX. The code works when not using AJAX from the registration page, but I want to have a popup that processes the registration too.
passport.js
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var User = require('../models/user');
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((id, done) => {
User.findById(id, (err, user) => {
done(err, user);
});
});
passport.use('local.popsignup', new LocalStrategy({
usernameField: 'popUsername',
passwordField: 'popPassword',
passReqToCallback: true
}, (req, email, password, done) => {
User.findOne({'email':email}, (err, user) => {
if(err){
return done(err);
}
if(user){
return done(null, false, req.flash('error', 'Email already exists, please login.'))
}
var newUser = new User();
newUser.email = email;
newUser.password = newUser.encryptPassword(password);
newUser.preferences = preferences;
newUser.save((err) => {
return done(null, newUser);
});
});
}));
user router
module.exports = (app, passport) => {
app.post('/popover', function(req, res, next) {
passport.authenticate('local.popsignup', function(err, user, info) {
if (user !== undefined) {loggedIn = true} else {loggedIn = false};
var errors = req.flash('error')
req.login(user, function(err) {
if (err) return next(err);
res.status(200).send({errors: errors, loggedIn: loggedIn});
});
})(req, res, next);
});
}
view ajax js
$.ajax({
url: "/popover",
type: "POST",
data: $('#popform-tag').serialize(),
success: function(data){
if(data.loggedIn == false) {
$("#email_alert").text(data.errors[0]).show();
} else {
$('#popover').modal('hide')
localStorage.setItem('preferences', 1);
}
//console.log(data);
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
console.log("Status: " + textStatus);
console.log("Error: " + errorThrown);
}
})
Before adding ajax, send some parameters via PostMan to check if your API request-response is working as expected. If yes, only then use Ajax based on API type (post, put etc..)
Also instead of serialize() try using Ajax in this way -
var data = {
someKey: 'someValue'
}
$.ajax({
url: '/popover', // route path
type: 'POST',
data: JSON.stringify(data),
headers: {
'Content-Type': "application/json",
},
'success': function (data, textStatus, request) {
// do something
},
'error': function (err) {
// do some error handling
}
});
I am trying to authenticate using google plus api and trying to save the google user details in the callback function from google plus api but due to some reason i am unable to pass values from google plus api response to callback request.
Snippet from Router.js
router.get("/auth/google", passport.authenticate('google', { scope: ['profile','email'] }));
router.get("/auth/google/callback" , passport.authenticate('google') , googleInsert);
Snippet from User.controller.js
const {
getGoogleUserByEmail,
createGoogleUser,
} = require("./user.service.js");
module.exports = {
googleInsert: (req, res) => {
body = req.body;
body.googleId = req.body.profile.id;
body.firstName = req.body.profile.name.givenName;
body.lastName = req.body.profile.name.familyName;
body.email = req.body.profile.emails[0].value;
body.photoUrl = req.body.profile.photos[0].value;
//const salt = genSaltSync(10);
//body.password = hashSync(body.password, salt);
//verify if email id exists
getGoogleUserByEmail(body.email, (err, results) => {
if (err) {
console.log(err);
}
//Email id already registered and exists in db
if (results) {
console.log("Google Email already exists");
return res.status(409).json({
success: 0,
data: "Google Email already exist",
});
}
console.log(
"Google Email id is not registered, proceed with Google User Insert"
);
if (!results) {
createGoogleUser(body, (err, createResults) => {
console.log(body);
if (err) {
console.log(err);
return res.status(500).json({
success: 0,
message: "Database connection error",
});
}
if (createResults.affectedRows == 1) {
console.log("inside succcess is 1");
//Insert into UserRole Table
createUserRole(
createResults.insertId,
(body.role_id = 2),
(err, results) => {
console.log(results);
if (err) {
console.log(err);
return res.status(500).json({
success: 0,
message: "DB error",
});
}
if (!err) {
console.log("Google User created successfully");
return res.status(200).json({
success: 1,
data: createResults,
});
}
}
);
}
});
}
});
},
};
Passport.js
const passport = require("passport");
const GoogleStrategy = require("passport-google-oauth20").Strategy;
const keys = require('../config/keys');
passport.use(
new GoogleStrategy(
{
clientID: process.env.clientID,
clientSecret: process.env.clientSecret,
callbackURL: "http://localhost:1111/api/users/auth/google/callback",
//passReqToCallback: true
},
(accessToken, refreshToken, profile, callback) => {
console.log("access token", accessToken);
console.log("refresh token", refreshToken);
console.log("profile", profile);
console.log("callback", callback);
}
)
);
The issue i am getting is i am not sure how to get the value from google authentication to be used in callback request and am not sure if callback is working or not. After i select the email id from google plus api client screen, it just goes into infinite loop and no data is getting inserted into db.
body = req.body;
body.googleId = req.body.profile.id;
body.firstName = req.body.profile.name.givenName;
body.lastName = req.body.profile.name.familyName;
body.email = req.body.profile.emails[0].value;
body.photoUrl = req.body.profile.photos[0].value;
I am persistently getting 'unauthorized' error while authenticating using a JWT. Below is my controller code:
exports.loginPost = async (req, res) => {
winston.info('Calling loginPost()...');
passport.authenticate('local', { session: false }, (err, user, info) => {
if (err) {
return utils.errorHandler(res, err);
} else if (!user) {
return utils.errorHandler(res, {
statusCode: 403,
message: 'Incorrect username or password.'
});
}
const token = jwt.sign(user, sharedSecret, { expiresIn: '24h' });
//req.user = user;
return res.json({ user, token });
// req.login(user, { session: false }, (err) => {
// if (err) {
// res.send(err);
// }
// // generate a signed json web token with the contents of user object and return it in the response
// const token = jwt.sign(user, sharedSecret, { expiresIn: '24h' });
// //req.user = user;
// return res.json({ user, token });
// });
})(req, res);
};
exports.isUserLoggedIn = async (req, res) => {
let login = {"message": "all good !"}
console.log(req)
return res.status(200).json(login);
//return res.status(200).json(req.user);
};
and passport.js strategy script is as follows:
passport.use(new LocalStrategy({
usernameField: 'username',
passwordField: 'password'
}, async function (username, password, cb) {
//this one is typically a DB call. Assume that the returned user object is pre-formatted and ready for storing in JWT
try {
let user = await userService.getUserWithPassword(username, password);
console.log("passport.js: ",user);
if (!user || user.walletKey !== password) {
throw { statusCode: 403, message: 'Incorrect username or password.' };
}
// // purge password field
// delete user.currentPassword;
return cb(null, user, { message: 'Logged In Successfully' });
} catch (err) {
cb(err);
}
}));
passport.use(new JWTStrategy({
jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
secretOrKey: sharedSecret,
passReqToCallback: true
},
async function (req, jwtPayload, cb) {
// Return user object from the JWTPayload
try {
let user = await userService.getUserWithPassword(jwtPayload.walletName, jwtPayload.walletKey);
console.log("passport.js: ",user);
req.user = user
return cb(null, user); //jwtPayload
} catch(err){
return cb(err,false);
}
}
));
I am able to generate token successfully, however, on calling isUserLoggedIn method using Bearer Token, it's prompting me unauthorized error. I am not making an traditional db call to login, instead I am just creating account in a Hyperledger-Indy pool nodes. Using swagger express middleware on a Node.js app.
Adding isUserLoggedIn method script below:
exports.isUserLoggedIn = async (req, res) => {
//let login = {"message": "all good !"}
console.log(req)
return res.status(200).json(req.user);
//return res.status(200).json(req.user);
};
So, I have everything working but it is not showing it is an authenticate user even though it arrives at the proper places...
javascript code from the page to validate login
var UserManager = {
validateLogin : function (username, password) {
var userData = {
username: username,
password: password
}
return new Promise(function(resolve, reject) {
$.ajax({
url: "/musicplayer/users/api/login",
dataType: "json",
data: userData,
type: "POST",
success: function loginSuccess(result, status, xhr) {
resolve(null);
},
error: function loginError(xhr, status, result) {
reject(new Error(result));
},
});
});
}
}
function userLogin(){
UserManager.validateLogin($('#loginEmail').val(), $('#loginPassword').val()).then(function(response) {
window.location = '/musicplayer/library'
},
function(error){
$("#msgBox").messageBox({"messages" : error.message, "title" : "Warning", boxtype: 4 });
$("#msgBox").messageBox("show");
});
return false;
}
local.strategy.js
var passport = require('passport');
var localStrategy = require('passport-local').Strategy;
var userLibrary = require('../../classes/music/userlibrary.js');
module.exports = function () {
passport.use(new localStrategy(
{
usernameField: 'username',
passwordField: 'password'
},
function(username, password, done) {
//validating user here
var userManager = new userLibrary.UserManager();
userManager.login(username, password).then(
function (user){
done(null, user);
},
function (reason){
if (reason.err) {
done(err, false, info);
}
else {
done(null, false, {message: reason.message});
}
}
);
})
);
};
Router
/******* validate the user login ********/
usersRouter.post('/api/login', function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) {
console.log("Login Failed", err.message + " - " + err.stack);
if (req.xhr){
res.status(500).send({ error: 'Internal Error' });
}
else {
next(err);
}
}
else if (!err && !user){
err = new Error();
err.message = info.message;
err.status = 401;
console.log("Invalid Data", err.message);
if (req.xhr){
res.status(401).send({ error: err.message });
}
else {
next(err);
}
}
else if (user){
console.log("Successful Login:", user);
res.status(200).send({message: "successful"});
}
}
)(req, res, next);
});
passport.js file which has my Middleware...
var passport = require("passport");
module.exports = function (app) {
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done){
done(null, user);
});
passport.deserializeUser(function(user, done){
done(null, user);
});
require('./strategies/local.strategy')();
app.all('/musicplayer/*', function (req, res, next){
// logged in
//need function for exceptions
if (req.user || req.url === '/musicplayer/users/api/login' || req.url === '/musicplayer/users/signin') {
next();
}
// not logged in
else {
// 401 Not Authorized
var err = new Error("Not Authorized");
err.status = 401;
next(err);
}
});
}
Userlibrary/UserManager
I am using promises to be able to utilize the creation of a library and to deal with sync versus async issues that I ran into early on...
var sqlite3 = require('sqlite3').verbose();
function User() {
this.email = "";
this.password = "";
this.userid = "";
};
function UserManager () {
this.user = new User();
};
UserManager.prototype.login = function (email, password) {
var db = new sqlite3.Database('./data/MusicPlayer.db');
params = {
$email: email,
$password: password
}
var self = this;
return new Promise(function(resolve, reject){
db.serialize(function () {
db.get("SELECT * FROM users WHERE email = $email and password = $password", params, function (err, row) {
db.close();
if (!err && row) {
//log in passed
self.user.userid = row.userid;
self.user.email = row.email;
self.user.password = row.password;
resolve(self.user);
}
else if (!err) {
//log in failed log event
reject({
err: err,
message: null
});
}
else {
//error happened through out an event to log the error
reject({
message : "Email and/or Password combination was not found",
err : null
});
}
});
});
});
};
module.exports = {
User : User,
UserManager : UserManager
}
Now, I have debugged this and it is for sure getting to "successful Login"
Returns to the browser with success, the browser says okay let me redirect you to the library page (which is really just a blank page). When it goes to my library page I get a 401 unauthorized.
So if I debug inside the middleware to ensure authentication. I look at req.user and it is undefined and I try req.isAuthenticated() it returns a false.
I think I must be missing something...
What I want is a global authentication saying hey is this person logged in. And then I will set up the route/route basis say okay do they have permission for this page or web service call.
Right now I am sticking with session for everything as it is not useful to me to learn web tokens at this point and time.
Any help would be appreciated... I been around and around on this looking at examples out there. But the examples I find are the "basic" examples no one calling a library to validate from database or they are not trying to set up the authorization globally but rather on a route by route basis.
Upon searching I found this article
https://github.com/jaredhanson/passport/issues/255
then I found this in documentation
app.get('/login', function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/users/' + user.username);
});
})(req, res, next);
});
and that worked for me... I basically forgot to do the req.logIn method itself when using the custom callback.... I knew it was something simple... Hope this helps someone in the future.
I am trying for days to setup Passport on SPA page. On Client Side I am using AngularJS $http and generally it's working.
angular.module('Factory', []).factory('MainFactory', ['$http',function($http) {
return {
RegisterNewAccount : function(AccountInformation) {
return $http.post('/api/PageSignup', AccountInformation);
}
}
}]);
angular.module('Controllers', [])
.controller('MainPage', ['$scope','MainFactory', function($scope, MainFactory) {
$scope.Signup = function(){
var account = {
email: $scope.RegisterEmail,
password: $scope.RegisterPassword
};
MainFactory.RegisterNewAccount(account)
.success(function(data) {
console.log(data);
});
};
}]);
My problem is on server side code, i am new to passport and still cant figure it out how to make it work without redirect thing. My passport setup is below:
var passport = require('passport');
var LocalStrategy= require('passport-local').Strategy;
passport.use('local-signup', new LocalStrategy({
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true
},
function(req, email, password, done) {
if (email) email = email.toLowerCase();
process.nextTick(function() {
if (!req.user) {
User.findOne({ 'local.email' : email }, function(err, user) {
if (err) return done(err);
if (user) return done(null, false, { message: 'That email is already taken.' });
else {
var newUser = new User();
newUser.local.email = email;
newUser.local.password = newUser.generateHash(password);
newUser.save(function(err) {
if (err) return done(err);
return done(null, newUser);
});
}
});
} else if ( !req.user.local.email ) {
User.findOne({ 'local.email' : email }, function(err, user) {
if (err) return done(err);
if (user) {
return done(null, false, { message: 'That email is already taken.'});
} else {
var user = req.user;
user.local.email = email;
user.local.password = user.generateHash(password);
user.save(function (err) {
if (err)
return done(err);
return done(null,user);
});
}
});
} else {
return done(null, req.user);
}
});
}));
var app = express();
app.post('/api/PageSignup', function(req, res, next) {
passport.authenticate('local-signup', function(err, user, info) {
if (err) { return next(err) }
if (!user) {
return res.send(info.message);
}
req.logIn(user, function(err) {
return res.send(user);
});
})(req, res, next);
});
If there are clear example on SPA Authentication with passport please show me.
Overwise can you show me where I am mistaking in my server side code?