I've been looking for authentication in nodeJs. I've looked at PassportJs and Everyauth. Both of them had old documentation and old version of express used. Things that depreciated in express 4+.
app.use(express.cookieParser());
app.use(express.bodyParser());
I had a look at this question, which had nice answers. But had no success implementing them on PassportJs or Everyauth. So does anyone know an method to implement this ? or can anyone give me an authentication tutorial for express 4+ nodeJs authentication ?
Should work like this:
var bodyParser = require('body-parser'),
cookieParser = require('cookie-parser'),
express = require('express'),
session = require('express-session'),
passport = require('passport');
var app = express();
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
secret: 'secrit cat',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
Scotch.io has updated its tutorial series "Easy node authentication" :
These are the changes regarding passport :
• Easy node authentication with ExpressJS 4.0
Related
I am developing a website heavily embedded with user authentication (using passport). I also have nodemon reloading the server after each server change. However it is quite tedious to have to log in as a user each time to test a new change. Is there a way to avoid having to constantly log in as a user to test every single new server change? I can not find any npm modules that fake a persistent user or solve the problem. Thanks!
The Answer - If you are in a similar situation use this code.
Came back with a solution that works, so for anyone who sees this post in the future. This is how you get simple persistent user authentication. With passport. This assumes you have strategies in place already, and as just tring to make the users stay after server restarts.
var bodyParser = require('body-parser')
var mongoose = require('mongoose');
var session = require('express-session');
var cookieParser = require('cookie-parser');
const MongoStore = require('connect-mongo')(session);
app.use(session({
resave: true,
saveUninitialized: true,
secret: 'add-secret',
store: new MongoStore({
url: process.env.MONGODB_URI || "mongodb://localhost/add-url",
autoReconnect: true,
clear_interval: 3600
})
}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
Yup - it sounds like that's EXACTLY what you want: a "mock authentication" module (for testing purposes only).
Here are two possibilities; you might also consider writing your own:
passport-stub
passport-mocked
This is giving me a huge headache, the CSRF cookie is working correctly but I've seemed to have broken something and cannot get the sessions to start. Any help would be appreciated.
EDIT: I forgot to mention, I am using Nginx as a reverse proxy server which is forwarding to my Node server which is accepting all requests from Nginx with HTTPS, as I heard you need to in order to have secure sessions.
var express = require('express'),
path = require('path'),
cookieParser = require('cookie-parser'),
session = require('cookie-session'),
csrf = require('csurf'),
bodyParser = require('body-parser');
var app = express();
app.enable('trust proxy', 1);
app.use(session({
secret: 'supersecret!',
name: 'session_id'
}));
app.use(cookieParser('supersecret!'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
I fixed the issue just so everyone knows, very simple actually.
I switched to express-session and set it up as it says in the docs and now everything is working perfectly! Thanks for the help everyone!
I am using NodeJS, Express 4 with PassportJS for authentication.
Earlier when I was using Express 3 I could access the authenticated users email (which is used by PassportJS for signup) by doing:
req.user.local.email
With Express 3 I used the following structure:
app.configure(function() {
// set up our express application
app.use(express.logger('dev')); // log every request to the console
app.use(express.cookieParser()); // read cookies (needed for auth)
app.use(express.bodyParser()); // get information from html forms
...
});
This is now deprecated in Express 4 and I not sure how to access the authenticated users registered email now.
I tried req.body.email but it's 'undefined'.
I have body-parser installed.
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
Could somebody please help me with how to get this information from the request.
Also, I would appreciate if someone can direct me to a reference as to how Passport.js stores this information.
Here is the official documentation: http://passportjs.org/docs/configure
Here you can find a very detailed tutorial, working with Express 4: Scotch.io Tutorial
And here, there is some porting instructions from Express 3 to Express 4, by the same authors from above: Porting to Express 4
Good luck!
I'm trying Express 4.0 with passport for a simple Facebook login.
app.route('/auth/facebook')
.get(function(req, res, next){
console.log('Authentication start');
var aut = passport.authenticate('facebook',
{
scope: ['read_stream',
'publish_actions']
}, function(err) {
});
})
This route is supposed to redirect the browser to the Facebook page authentication, but instead nothing happens and the request goes timeout.
I'm trying to understand what changed in Express, because in the previous version everything worked.
1) You probably using passport.session, which has a dependency upon express.session being loaded. If so, you have a block that looks like this someplace:
app.configure(function() {
app.use(express.static('public'));
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
});
2) express.session is no longer part of the express core app. To get sessions with Express v4, you can use the 'new' express-session to keep things relatively continuous.
In a v4 app, you'll need to require the new express-session module and then use it in place of the original express.session. The modified code would look a little like this:
var express = require('express')
var session = require('express-session')
var app = express()
app.use(session({secret: 'keyboard cat'}))
The express-session page (linked above) includes additional information on how to work with the module.
The bottom line: if you are building an Express v4 app while using examples that were written in Express v3, you'll want to carefully read the docs about the differences between Express versions and how to upgrade. Most examples/docs out there assume Express v3, so you'll need to really understand these:
Migrating from 3.x to 4.x
New features in 4.x
Maybe you send query with ajax, try follow link:
FB
I use:
router.get('/facebook', function authenticate(req, res, next) {},
passport.authenticate('facebook'));
I am giving a look at the node.js web framework Locomotive. Since it is built on top of Express, I suppose Connect middleware should be easily accessible, but I can't find out how.
I added 2 lines to config/environments/all.js:
this.use(express.cookieParser());
this.use(express.session({ secret: 'keyboard cat'}));
Where is the session object now?
I found out by myself. It was quite easy:
var express = require('express');
var sess = express.session;