I am using Stormpath for Expressjs (without Passport at the moment) to handle my user registration. I am very concerned about what is the proper way to logout an user.
Before, I always did it through the GET method, however Stormpath explicitly requires a POST call to the /logout page.
I display a user menu only when the user is logged in through Stormpath, this is the super-simple middleware that I have in my router.js in Express:
router.use(stormpath.getUser, function (req, res, next) {
if (req.user) {
req.session.useremail = req.user.email;
}
next();
});
Now, of course in this menu there is the Logout entry. I want my user to click this link to Logout, however I know that when anchor links like Logout are used, a GET request is sent, not a POST.
I have been looking for countless number of ways to redirect a GET request to a POST, but I feel that this is absolutely the wrong way. Also I feel it would make no sense to use a form inside a menu like:
<ul>
<li>User Profile</li>
<li>User Settings</li>
<form action="/logout" method="/post">
<input type="submit">
</form>
</ul>
So the question is: what is the best way to simply logout an user via POST?
I don't think there is anything particularity bad about having the form in the menu but if you really want to have a get request you would probably need to do something like so:
var request = require('request')
app.get('/logout', function(req, res) {
// Send logout POST request to stormpath REST api
request.post({
url: 'https://stormpath/logout/url',
form: {
key: 'value'
}
},
function(err, httpResponse, body) {
// Check if there was an error logging the user-out
if (err) return res.send('Error logging out')
// If no error, user is logged out so redirect them or something
res.redirect('/')
})
})
So your express app accepts the GET request and then makes the POST request to Stormpath on the user's behalf to log the user out.
If you do move on to using the Stormpath passport stratergy I think you can simply call req.logout().
Related
I'm trying to authenticate my users via google, facebok, and twitter login apis. I open the login page like this:
<button #click="signInGoogle" class="btn">Sign in with Google</button>
signInGoogle() {
window.open(this.baseUrl + "/google", "_self");
}
And then, on my express server, I handle the request. I manage to set the cookie, but how do I get it back on the client?.
My problem is that I'm not listening to the results of an http request, this apis in conjunction with passport are handling it. I can redirect my user like this:
router.get('/success', isLoggedIn, (req, res) => {
res.redirect('http://localhost:8080')
})
But how can I also get the cookie back to the client?
Edit: When I respond with the cookie, I respond to the google sing in pop up, not my client. I need a way to get the results on that new window to my client.
I'm using passport.js and auth0 strategy to auth users
I'm also using auth0's hosted login page, which supports query parameters like customQueryParam here
ex: https://cool-startup.auth0.com/login?client=some_client_ID&...bunch of params...&customQueryParam=true
You can use customQueryParam to control the auth0 hosted login page and show flash messages and stuff, its handy
here's my issue
after my auth0 middleware runs and I've determined I need to redirect the user back to my auth0 login page with a custom parameter, how should I accomplish that in the context of using passport.js / is it possible?
I'm looking at the source code here
https://github.com/auth0/passport-auth0/blob/master/lib/index.js
which inherits from https://github.com/jaredhanson/passport-oauth2/blob/9ddff909a992c3428781b7b2957ce1a97a924367/lib/strategy.js
and I'm a bit stumped
here is where I find out that I have an error and I need to redirect the user back to auth0 with a custom parameter in the url
app.get('/auth/callback', (req, res, next) => {
passport.authenticate('auth0',
{},
(err, user) => {
if (err) {
// run passport.authenticate('auth0',
// again, but add custom query param
}
return res.redirect('/');
})(req, res, next);
});
any help is greatly appreciated / thanks for reading
You can build the /authorize URL yourself as done here and redirect manually: https://github.com/auth0-samples/auth0-regular-webapp-login-with-sso-and-api/blob/master/utils/authorize.js
Since the URL is in your control here, you can add any query parameters as you'd like (although sending non-standard query parameters to the login page is something that's generally discouraged).
I am a rookie in nodejs. I am making an e-commerce site using kraken framework and dust template. I want to display Log in and Log out text depending upon the session status. My logout and login functionality is working fine. I want to hide the log-in text when the user has logged in and the logout text when the user has logged out.How can I achieve that?
My middleware for checking if a user has logged in is as follows :
app.get('*', function(req, res, next) {
res.locals.user = req.user || null;
next();
});
How can I achieve that using dust-helpers?
At some point, you'll be calling res.render() with a template and a context object to render.
First, you need to pass your user object as part of the context:
return res.render(myTemplate, {
...
user: res.locals.user,
...
});
Then, in the template, you can see if user exists:
{?user}
Logout link
{:else}
Login link
{/user}
I am trying to redirect to a login page after successfully logging a user out, but am having an issue when calling res.redirect() from my logout route handler in express.
I have the following middleware to redirect a user to a login page (note I am using express-session too)
//A request to '/login' will serve the login page
app.use('/login', function(req, res){
res.sendFile(path.join(__dirname+'/public/login.html'))
});
//This will listen for all requests
app.use(function(req, res, next) {
//Here we only want to redirect to the logic route (above) if the request is not
//a login action and there is no access token present on the session object
if (req.url!== '/auth/login' && !req.session.accessToken) {
res.redirect('/login');
} else {
next();
}
});
This redirect above works as expected.
When a user performs a logout, I handle like so:
app.post('/auth/logout', function(req, res){
req.session.destroy();
res.redirect('/login');
});
I can see in Chrome debugger, the network tab shows my login view is being served back to the browser, but the browser window does not change. I notice the login.html is being returned with a 304 code too if that has any relevance. I'm feeling a bit dumb but am failing to see what's different here, can someone shed some light please?
Thanks
I'm developing a node.js app where I'm using passport to build OAuth authentication system. I can access the user through request object in each resource load after configurating it. But my question is: How can I do to check before every URL load - resources defined with app.get('/', function(..) {...}) - if user is loged and redirect the client if it's not loged. I could do it just adding a test in every method, but this is not what I want.
Thanks!
You want a middleware that checks whether the user is logged in.
isAuthenticated = function (req, res, next) {
if (req.user)
return next(); // All good, let the route handler process the request.
else
res.redirect('/login'); // Not logged in.
}
And to use it on every route that needs to be logged in:
app.get('/something', isAuthenticated, function (req, res) {
// Only in here if the user is authenticated.
});
You can also use the middleware on every route, by doing app.use(isAuthenticated), but you will need to have extra logic in the method to not create infinite redirect loops to /login, etc.