So I'm stuck as to why this isn't working. Whenever I use the cookie for maxAge, it just doesn't allow me to login. It redirects me to /, so the callback is working but the session data is lost for some reason. Can anybody assist me?
Thanks in advance.
/**
* Module dependencies.
*/
var express = require('express');
var routes = require('./routes');
var login = require('./routes/login');
var register = require('./routes/register');
var http = require('http');
var path = require('path');
var MongoClient = require('mongodb');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var app = express();
// all environments
app.set('port', process.env.PORT || 3001);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.cookieParser());
app.use(express.session({
secret: '1234567890QWERT',
cookie: {maxAge: 30}
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
var dbc;
var User;
MongoClient.connect('mongodb://127.0.0.1:27017/redacted', function(err, db) {
dbc = db;
User = dbc.collection('users');
});
passport.use(new LocalStrategy(
function(username, password, done) {
User.findOne({ email: username }, function(err, user) {
if (password == user.password) {
console.log("Login success!");
// Allows us to keep a log of when the user logs in in:
// user['loggedin'][]
// db.users.update({email: ""}, { $push : {loggedin: new Date()} } )
if(!err) done(null, user );
}
else done(err, null)
});
}
));
passport.serializeUser(function(user, done) {
done(null, {
id: user["_id"],
name: user["name"],
email: user["email"],
registered: user["registered"],
password: user["password"]
});
});
passport.deserializeUser(function(id, done) {
console.log(id);
User.find({_id: id._id}, function(err, user) {
done(err, user);
});
});
// development only
if ('development' == app.get('env')) {
app.use(express.errorHandler());
}
app.get('/', routes.index);
// User stuff
app.get('/login', login.get);
app.post('/login',
passport.authenticate('local', { successRedirect: '/',
failureRedirect: '/login?m=fail'
})
);
app.get('/register', register.get);
app.post('/register', register.post);
app.get('/logout', function(req, res){
req.logout();
res.redirect('/');
});
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});
Your session cookie is set to last 30ms.
Per Express documentation, maxAge sets the expiration date of the cookie in ms.
Change cookie: {maxAge: 30} to something like cookie: {maxAge: 24*60*60*1000} for a longer-lasting session cookie.
Related
I am using PassportJS to authenticate users in my application. After a user logs in, the session is created, but soon after being redirected, the session appears to become undefined once again because it hasn't been saved. I found online that often times with redirects, the redirect completes before the session is saved, and so it's as if authentication never happened. The apparent solution is to use the req.session.save function so that redirects will only happen after the session is saved. However, I am getting an error log of "TypeError: req.session.save is not a function." Can somebody please help?
Here is my code for app.js.
var express = require('express'),
passport = require('passport'),
session = require('express-session'),
bodyParser = require('body-parser'),
RedisStore = require('connect-redis')(session),
redis = require('redis'),
logger = require('morgan'),
errorHandler = require('express-error-handler'),
site = require('./site'),
oauth2 = require('./oauth2'),
port = process.env.PORT || 8080;
var app = express();
var redisClient = redis.createClient(8080, 'localhost');
// use sessions for tracking logins
app.use(session({
secret: 'keyboard cat',
resave: true,
saveUninitialized: true,
store: new RedisStore({
client: redisClient,
host: "pub-redis-14280.us-central1-1-1.gce.garantiadata.com",
port: 12543,
ttl: 260
})
}));
app.use(logger('dev'));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json({ type: 'application/json' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(errorHandler({ dumpExceptions: true, showStack: true }));
// use ejs as file extension for views
app.set('view engine', 'ejs');
app.use(express.static(__dirname + '/views'));
// use passport
require('./auth');
// Account linking
app.get('/', site.index);
app.get('/login', site.loginForm);
app.post('/login', site.login);
app.get('/logout', site.logout);
app.get('/authorize', oauth2.authorization);
app.post('/authorize/decision', oauth2.decision);
// set up local server
if (module === require.main) {
// [START server]
// Start the server
var server = app.listen(process.env.PORT || 8080, function () {
var port = server.address().port;
console.log('App listening on port %s', port);
});
// [END server]
}
module.exports = app;
site.js:
var passport = require('passport');
var login = require('connect-ensure-login');
// get layout
exports.index = function (req, res) {
console.log("layout loaded");
res.render('layout');
}
// get login form
exports.loginForm = function (req, res) {
console.log("login page loaded");
res.render('login');
}
// post login form
exports.login = [
passport.authenticate('local'),
function (req, res) {
req.session.save(function (err) {
res.redirect('/');
});
}
]
// logout
exports.logout = function (req, res) {
req.logout();
res.redirect('/');
}
Passport serialize/deserialize user:
passport.serializeUser(function(id, done) {
console.log("serializing user");
done(null, id);
});
passport.deserializeUser(function(id, done) {
console.log("deserializing user");
done(null, id);
});
In my passport authentication, I return the user id for simplicity, since that's all I need to represent users in my system.
In case anybody else is still having this issue (like me), try following Nathan's comment above and debug your connection to your redis/mongo/etc store.
What worked for me was I had my redis host set to http://localhost so I swapped it to 127.0.0.1 (local development of course) and everything immediately worked.
I've read similar questions, but I couldn't find a solution.
In my server.js file:
var express = require('express');
var app = express();
var bodyParser = require('body-parser');
var passport = require('passport');
var cookieParser = require('cookie-parser');
var expressSession = require('express-session');
var passportHelp = require('./config/passport');
var flash = require('connect-flash');
app.use(express.static(__dirname + '/public'));
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: true
}));
app.set('view engine', '.hbs');
app.set('views', path.join(__dirname, './app/views'))
app.use(expressSession({
secret: 'secret',
saveUninitialized: true,
resave: true
}));
passportHelp(passport);
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
app.use(require('./app/controllers'));
app.listen(3000);
In ./app/controllers
var express = require('express');
var router = express.Router();
router.use(require('./signup'));
module.exports = router;
In ./controllers/signup
var express = require('express');
var passport = require('passport');
var router = express.Router();
router.get('/signup', function(req, res) {
res.render('signup');
});
router.post('/signup', passport.authenticate('local-signup', {
successRedirect: '/profile',
failureRedirect: '/signup',
failureFlash: true,
}));
module.exports = router;
Finally, in ./config/passport
var LocalStrategy = require('passport-local').Strategy;
var User = require('../app/models/user');
module.exports = function(passport) {
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
passport.use('local-signup', new LocalStrategy({
passReqToCallback : true
},
function(req, username, password, done) {
console.log(req.body.username);
console.log(req.body.password); //successfully logs all of these 3
console.log(req.body.email);
process.nextTick(function() {
User.findOne({ 'username' : username }, function(err, user) {
if (err) {
return done(err);
}
if (user) {
return done(null, false, req.flash('signupMessage', 'That email is already taken.'));
}
else {
var newUser = new User;
//filling new user data here
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}));
I end up with strange behavior. Sometimes POST has no problem, sometimes I get cannot POST /signup, but the result is still saved into the database.
I've tried switching some lines in server.js file, but without result. As I've read, when I require passport in controller/signup, it should be the same 'passport' object which I 'initialized' in server.js, so I dont end up working with a fresh passport object. Am I right?
In case someone faces the same problem.
The reason I got the error, but the save into the database was successful was that I have commented that line: successRedirect
I'm currently working on a project where a User logs in with Facebook, sees a map with their location pinpointed, and then can see their friends who have also logged in on the map (with the distance).
The next step is to store this data in a database.
As I'm fairly new to using MongoDB, I would like some guidance on how to approach taking the Facebook login/Geolocation data and inserting it into the database. I'm comfortable with inputting BSON objects into the database manually from the command line, but I cannot seem to find the best way of doing this in my code.
The code is below - it would really help to have some guidance on first steps to getting the post data and putting it into the MongoDB database. Thank you!
var express = require('express')
var passport = require('passport')
var util = require('util')
var FacebookStrategy = require('passport-facebook').Strategy
var logger = require('morgan')
var session = require('express-session')
var sessionStore = require('sessionstore');
var bodyParser = require("body-parser")
var cookieParser = require("cookie-parser")
var methodOverride = require('method-override');
var port = process.env.PORT || 3000
var io = require('socket.io')(http);
var http = require('http').Server(app);
var markers = [];
var server = require('http').createServer(app);
var passportStrategy = require('../utils/passport-strategy');
var MongoClient = require('mongodb').MongoClient;
var assert = require('assert');
var FACEBOOK_APP_ID = "*";
var FACEBOOK_APP_SECRET = "*";
passport.use(passportStrategy.facebook);
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
var sessionData = session({
store: sessionStore.createSessionStore(),
secret: "your_secret",
cookie: { maxAge: 2628000000 },
resave: true,
saveUninitialized: true
});
passport.use(new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "http://localhost:3000/auth/facebook/callback"
},
function(accessToken, refreshToken, profile, done) {
process.nextTick(function () {
return done(null, profile);
});
}
));
var app = express();
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(sessionData);
app.use(logger("combined"));
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: true
}));
app.use(methodOverride());
app.use(session({
secret: "keyboard cat",
saveUninitialized: true, // (default: true)
resave: true, // (default: true)
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.static(__dirname + '/public'));
app.get('/', function(req, res){
res.render('index', { user: req.user });
});
app.get('/account', ensureAuthenticated, function(req, res){
res.render('account', { user: req.user });
});
app.get('/login', function(req, res){
res.render('login', { user: req.user });
});
app.get('/auth/facebook',
passport.authenticate('facebook'),
function(req, res){
});
app.get('/auth/facebook/callback',
passport.authenticate('facebook', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});
app.get('/logout', function(req, res){
req.logout();
res.redirect('/');
});
app.get('/mapjs', function(req, res){
res.sendFile(__dirname + '/public/map.js');
});
// Socket markers start
io.on('connection', function(socket) {
console.log('a user connected');
socket.on('marker', function(data) {
data.socketId = socket.id;
markers[socket.id] = data;
console.log('marker latitude: ' + data.lat + ', marker longitude:' + data.lng);
socket.broadcast.emit('show-marker', data);
});
// socket.on('show-marker', )
socket.on('show-user-location', function(data) {
socket.broadcast.emit('show-user-location', data);
});
});
app.listen(port, function(){
console.log('five minute catch up is on port 3000');
});
// socket markers end
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}
module.exports = server;
can you strip this down so that you are doing only the insertion of some static data before connecting it up to facebook and having sockets in there. Every extra bit of code will get in the way of knowing whether what change you try is actually doing what you want.
Regarding the best way to insert data programmatically in mongodb, I believe this is the relevant part of the documentation:
http://docs.mongodb.org/manual/core/write-operations-introduction/
db.users.insert(
{
name: "sue",
age: 26,
status: "A"
}
)
Short summary of the problem: I'm using a new version of express (4.9.0) on a Node.js website which has a few public pages and a few private pages, which I'm putting behind a Google OAuth2 login, using PassportJS. When I request a page behind the sign-in, the user keeps being asked to sign-in; req.isAuthenticated() isn't "sticky". I've seen some comments online that there are can be problems with cookie parser versions being incompatible, so that could be the issue here.
Here is my (rather long) app.js:
var express = require('express');
var http = require('http');
var path = require('path');
var passport = require('passport');
var googleStrategy = require('passport-google-oauth').OAuth2Strategy;
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var session = require('express-session');
var app = express();
app.use(cookieParser());
app.use(bodyParser());
app.use(session({ secret: 'mysecret' }));
app.set('view engine', 'html');
app.set('views', path.join(__dirname, 'views'));
app.engine('html', require('ejs').renderFile);
app.set('port', process.env.PORT || 3000);
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
passport.use(new googleStrategy({
clientID: clientId,
clientSecret: secret,
callbackURL: "http://127.0.0.1:3000/auth/google/callback"
},
function (accessToken, refreshToken, profile, done) {
process.nextTick(function () {
return done(null, profile);
});
}
));
app.get('/auth/google',
passport.authenticate('google', { scope: ['https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email'] }),
function(req, res){
});
app.get('/auth/google/callback',
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
console.log("successfully authenticated with google");
res.redirect('/');
});
app.get('/login', function(req, res){
res.redirect('/auth/google');
});
app.get('/privatepage', ensureAuthenticated, function(req, res) {
var dostuff = module.listThings(function(rows) {
res.render('somepage.html', {
title : "some page",
data : rows
});
});
});
function ensureAuthenticated(req, res, next) {
console.log("in ensureAuth", req.isAuthenticated());
console.log("session data", req.session);
console.log("user data", req.user);
if (req.isAuthenticated()) { return next(); }
res.redirect('/login');
}
var server = app.listen(3000, function() {
var host = server.address().address
var port = server.address().port
console.log('App listening at http://%s:%s', host, port)
})
After the first login, if I visit the /privatepage URL, I get re-directed through Google and land on the homepage again. This is what's in the log from those console.log lines:
in ensureAuth false
session data { cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true },
passport: {} }
user data undefined
I assume this is some session issue where it doesn't store the user's logged in state, but I'm a node newbie & am a little stuck on how to fix this. I'm running on a single computer, so it's not a multiple machines issue. Any debugging suggestions, or ideas on the conflict causing the logged-in state not to be stored?
I would like to test my node.js + express + passport.js test application (RESTful) with CURL. My code:
var express = require('express');
var routes = require('./routes');
var http = require('http');
var path = require('path');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
// Define the strategy to be used by PassportJS
passport.use(new LocalStrategy(
function(username, password, done) {
if (username === "admin" && password === "admin") // stupid example
return done(null, {name: "admin"});
return done(null, false, { message: 'Incorrect username.' });
}
));
// Serialized and deserialized methods when got from session
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
// Define a middleware function to be used for every secured routes
var auth = function(req, res, next){
if (!req.isAuthenticated())
res.send(401);
else
next();
};
var app = express();
// all environments
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.json());
app.use(express.urlencoded());
app.use(express.methodOverride());
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
// development only
if ('development' == app.get('env')) {
app.use(express.errorHandler());
}
app.get('/test', auth, function(req, res){
res.send([{name: "user1"}, {name: "user2"}]);
});
app.post('/login', passport.authenticate('local'), function(req, res) {
res.send(req.user);
});
Calling /test with curl and
curl "http://localhost:3000/test"
returns "Unauthorized" (this is correct so far).
Calling /login (POST) with curl and
curl --data "username=admin&password=admin" http://localhost:3000/login
works. But at the next request my login was "forgotten".
Is this because curl can't handle sessions? Is there any workaround?
Is my procedure correct for a RESTful application?
First, make curl save cookies when you log in with
curl --cookie-jar jarfile --data "username=admin&password=admin" http://localhost:3000/login
Read the stored cookies when accessing /test:
curl --cookie jarfile "http://localhost:3000/test"
Some modifications to the app itself were needed before it worked on my machine (Ubuntu 12.04) with Node.js v0.10.26 and Express 3.5.0. I generated a new Express app with express --sessions nodetest and edited the code in app.js to be as you see below. Once I had the dependencies installed I ran the app and it worked with the curl commands.
app.js
var express = require('express');
var routes = require('./routes');
var user = require('./routes/user');
var http = require('http');
var path = require('path');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var app = express();
// Define the strategy to be used by PassportJS
passport.use(new LocalStrategy(
function(username, password, done) {
if (username === "admin" && password === "admin") // stupid example
return done(null, {name: "admin"});
return done(null, false, { message: 'Incorrect username.' });
}
));
// Serialized and deserialized methods when got from session
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
// Define a middleware function to be used for every secured routes
var auth = function(req, res, next){
if (!req.isAuthenticated())
res.send(401);
else
next();
};
// all environments
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.json());
app.use(express.urlencoded());
app.use(express.methodOverride());
app.use(express.cookieParser('your secret here'));
app.use(express.session());
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
// development only
if ('development' == app.get('env')) {
app.use(express.errorHandler());
}
app.get('/test', auth, function(req, res){
res.send([{name: "user1"}, {name: "user2"}]);
});
app.post('/login', passport.authenticate('local'), function(req, res) {
res.send(req.user);
});
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});
curl script
#!/bin/sh
# curl-login.sh
rm jarfile
echo --- login
curl --cookie-jar jarfile --data "username=admin&password=admin" http://localhost:3000/login
echo --- test
curl --cookie jarfile "http://localhost:3000/test"
Console log with curl output
$ node app &
$ sh curl-login.sh
--- login
POST /login 200 2ms - 21b
{
"name": "admin"
}--- test
GET /test 200 1ms - 60b
[
{
"name": "user1"
},
{
"name": "user2"
}
]
Note the use of
app.use(express.cookieParser('your secret here'));
app.use(express.session());
in app.js. Sessions did not work without the above two lines.
The code in your question also lacks the part where you create an HTTP server but I assume that's just a copy-paste issue; I'm referring to
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});