1

I am trying to pass a variable a middleware and be usable following successful authentication using facebook-passport.

// route for facebook authentication and login
router.get('/connect/facebook', rentalinfo, passport.authenticate('facebook', { scope : 'email' }));

// handle the callback after facebook has authenticated the user
router.get('/connect/facebook/callback', passport.authenticate('facebook', {
    //successRedirect : '../../../protected',
    failureRedirect : '/'
}),
function(req, res) {
    // successful auth, user is set at req.user.  redirect as necessary.
    //Get the redirect location from the response
    //console.log(req.body);
    console.log(req.bookingarray);
    res.redirect('/protected'); 
});

My Middleware:

//Rent item middleware - carries rental info through signup/login process
function rentalinfo(req, res, next){
    //console.log('MIDDLEWARE VARIABLE: '+ bookingarray);
    req.bookingarray = 'SOMETHING';
    //return bookingarray;
    //if (something(res)) redirect('http://google.com'); // no access to your site
    next(); // go to routes
};

I then attempt to access it in my facebook passport strategy.

passport.use(new FacebookStrategy({
    // pull in our app id and secret from our auth.js file
    clientID        : configAuth.facebookAuth.clientID,
    clientSecret    : configAuth.facebookAuth.clientSecret,
    callbackURL     : configAuth.facebookAuth.callbackURL,
    profileFields   : ["emails", "displayName"],
    // this allows us to pass in the req from our route (lets us check if a user is logged in or not)
    passReqToCallback : true
},
// facebook will send back the token and profile
function(req, token, refreshToken, profile, done) {
    console.log(req.bookingarray);

    // asynchronous
    process.nextTick(function() {
        // check if the user is already logged in
        if (!req.user) {
            ...
        }
    }
}));

However it just returns as undefined. I have tried, what am I missing? The purpose is to keep the state of the user before and after authentication.

Antti29
  • 2,953
  • 12
  • 34
  • 36
Cookiejest
  • 653
  • 6
  • 17
  • Your code looks alright. Are you sure you don't have any typo in there or the value you assign to *bookingarray* is defined? Isn't there any other code that could affect *req.bookingarray*? – Molda Dec 18 '15 at 20:41
  • ive updated with both facebook routes /connect/facebook/ and /connect/facebook/callback. I know authorises correctly without the variable. Thanks so much for your help ive been banging head against the wall – Cookiejest Dec 18 '15 at 21:15

1 Answers1

1

You'll want to store this in the user session not the request which has a one request lifetime. Your 2nd route is the FB callback which is called by Facebook so the rentalinfo middleware does not get called and therefore does not have your variable.

If you do not want to use sessions (i.e. a stateless REST api thingy) then you would need to modify your middleware to check if the user is authed and go from there. Whether that works for you will depend on your scenario.

cyberwombat
  • 38,105
  • 35
  • 175
  • 251
  • Thanks for your reply. I did read about sessions, is it possible to use them if the user isn't authenticated yet though? – Cookiejest Dec 18 '15 at 23:41
  • After further reading, I think using the state parameter will let me store the details in a table and retrieve them using the state ID back from facebook. Has anyone seen an example of this? http://stackoverflow.com/questions/6463152/facebook-oauth-custom-callback-uri-parameters – Cookiejest Dec 18 '15 at 23:45
  • I ended up using res.cookie to temporarily store an id that i use to look up a row in the database to get the details. – Cookiejest Dec 19 '15 at 08:32
  • @Cookiejest - sessions do not need auth. It's like cookies (it usually uses a cookie behind the scene). You can use https://github.com/expressjs/session and just add/retrieve from req.session. Cookies as you are using them is just fine though a bit more work since you have to manually create it. You'd use cookies if you wanted your data to live longer than the user session/visit. – cyberwombat Dec 19 '15 at 15:35