I am using NodeJS, Express 4 with PassportJS for authentication.
Earlier when I was using Express 3 I could access the authenticated users email (which is used by PassportJS for signup) by doing:
req.user.local.email
With Express 3 I used the following structure:
app.configure(function() {
// set up our express application
app.use(express.logger('dev')); // log every request to the console
app.use(express.cookieParser()); // read cookies (needed for auth)
app.use(express.bodyParser()); // get information from html forms
...
});
This is now deprecated in Express 4 and I not sure how to access the authenticated users registered email now.
I tried req.body.email but it's 'undefined'.
I have body-parser installed.
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
Could somebody please help me with how to get this information from the request.
Also, I would appreciate if someone can direct me to a reference as to how Passport.js stores this information.
Here is the official documentation: http://passportjs.org/docs/configure
Here you can find a very detailed tutorial, working with Express 4: Scotch.io Tutorial
And here, there is some porting instructions from Express 3 to Express 4, by the same authors from above: Porting to Express 4
Good luck!
Related
I have a super simple NodeJS Express site setup with the following Folder Structure:
Views just contains a singe file index.ejs and public just a few .css and .js files required to make my site work (bootstrap, jquery etc.).
Using this on my local machine works great, however, the moment I put it on my live server (Shared Hosting on A2 Hosting), trying to open the page gives me Error 403, any ideas of what I'm missing?
Here is my servers.js file:
var express = require('express'),
path = require('path'),
nodeMailer = require('nodemailer'),
bodyParser = require('body-parser');
var app = express();
app.set('view engine', 'ejs');
app.use(express.static('public'));
app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());
app.get('/', function (req, res) {
res.render('index');
});
Have you tried all steps in their tutorial?
https://www.a2hosting.com/kb/installable-applications/manual-installations/installing-node-js-on-managed-hosting-accounts
Found it on StackOverflow:
https://stackoverflow.com/a/32535632
PS: I would prefer to write this as a comment, but I don't have enough reputation yet.
This is giving me a huge headache, the CSRF cookie is working correctly but I've seemed to have broken something and cannot get the sessions to start. Any help would be appreciated.
EDIT: I forgot to mention, I am using Nginx as a reverse proxy server which is forwarding to my Node server which is accepting all requests from Nginx with HTTPS, as I heard you need to in order to have secure sessions.
var express = require('express'),
path = require('path'),
cookieParser = require('cookie-parser'),
session = require('cookie-session'),
csrf = require('csurf'),
bodyParser = require('body-parser');
var app = express();
app.enable('trust proxy', 1);
app.use(session({
secret: 'supersecret!',
name: 'session_id'
}));
app.use(cookieParser('supersecret!'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
I fixed the issue just so everyone knows, very simple actually.
I switched to express-session and set it up as it says in the docs and now everything is working perfectly! Thanks for the help everyone!
I've been looking for authentication in nodeJs. I've looked at PassportJs and Everyauth. Both of them had old documentation and old version of express used. Things that depreciated in express 4+.
app.use(express.cookieParser());
app.use(express.bodyParser());
I had a look at this question, which had nice answers. But had no success implementing them on PassportJs or Everyauth. So does anyone know an method to implement this ? or can anyone give me an authentication tutorial for express 4+ nodeJs authentication ?
Should work like this:
var bodyParser = require('body-parser'),
cookieParser = require('cookie-parser'),
express = require('express'),
session = require('express-session'),
passport = require('passport');
var app = express();
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
secret: 'secrit cat',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
Scotch.io has updated its tutorial series "Easy node authentication" :
These are the changes regarding passport :
• Easy node authentication with ExpressJS 4.0
I'm trying Express 4.0 with passport for a simple Facebook login.
app.route('/auth/facebook')
.get(function(req, res, next){
console.log('Authentication start');
var aut = passport.authenticate('facebook',
{
scope: ['read_stream',
'publish_actions']
}, function(err) {
});
})
This route is supposed to redirect the browser to the Facebook page authentication, but instead nothing happens and the request goes timeout.
I'm trying to understand what changed in Express, because in the previous version everything worked.
1) You probably using passport.session, which has a dependency upon express.session being loaded. If so, you have a block that looks like this someplace:
app.configure(function() {
app.use(express.static('public'));
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
});
2) express.session is no longer part of the express core app. To get sessions with Express v4, you can use the 'new' express-session to keep things relatively continuous.
In a v4 app, you'll need to require the new express-session module and then use it in place of the original express.session. The modified code would look a little like this:
var express = require('express')
var session = require('express-session')
var app = express()
app.use(session({secret: 'keyboard cat'}))
The express-session page (linked above) includes additional information on how to work with the module.
The bottom line: if you are building an Express v4 app while using examples that were written in Express v3, you'll want to carefully read the docs about the differences between Express versions and how to upgrade. Most examples/docs out there assume Express v3, so you'll need to really understand these:
Migrating from 3.x to 4.x
New features in 4.x
Maybe you send query with ajax, try follow link:
FB
I use:
router.get('/facebook', function authenticate(req, res, next) {},
passport.authenticate('facebook'));
I have a REST API application, implemented using Express on NodeJs. I wanted to add authentication, and decided to use everyauth, as we need authentication through social network sites in future. I copy & pasted everyauth example for password from https://github.com/bnoguchi/everyauth (Password Authentication section). When I use the connect to implement REST API, a post to
http://localhost:3000/login
enters the everyauth.password.authenticate method. The connect code is as given below.
var connect = require('connect');
connect(
connect.bodyParser()
, connect.cookieParser()
, connect.session({secret: 'whodunnit'})
, everyauth.middleware()
).listen(3000);
However, when I switch the code to express, as shown below, post to
http://localhost:3000/login
gives 404 - "Cannot POST /login". I am not sure why everyauth is not adding the path "login" to express.
var express = require('express');
var http = require('http');
var everyauth = require('everyauth');
var app = express();
app.configure (function () {
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({"secret": "0123456789"}));
app.use(everyauth.middleware(app));
});
app.listen(3000);
Can someone please help to resolve this.
I figured out what the issue is. It is where app/connect is configured. The app.configure or connect configuration should come after the everyauth.password.authenticate. In my case in connect, I had it after everyauth, and in express I had the configure before everyauth. Hope this helps someone.