3

I am using passport to login and display '/home'.The login works and redirects to '/home'.But this end point is not protected and can be accessed by typing in the browser.I tried using req.isAuthenticated() (and went through multiple questions here) to no avail.

Routes//index.js

var express = require('express');
var router = express.Router();
var User = require('../models/user');
var passport = require('passport');
var session = require('express-session');
const LocalStrategy = require('passport-local').Strategy;




passport.use(new LocalStrategy(
  function(username, password, done) {
      User.findOne({
        username: username
      }, function(err, user) {
        if (err) {
          return done(err);
        }

        if (!user) {
          return done(null, false);
        }

        if (user.password != password) {
          return done(null, false);
        }
        return done(null, user);        
      });
  }
));





router.get('/', function(req, res, next) {
  res.render('index', { title: 'Express' });
});

router.get('/login', function(req, res, next) {
  res.render('login');
});

router.post('/login', passport.authenticate('local', { failureRedirect : '/', successRedirect : '/home'}))

router.get('/register', function(req, res, next) {
  res.render('register');
});



router.get('/logout', function(req, res){
  req.logout();
  res.redirect('/');
});

router.get('/home', ensureLocalAuthenticated, function(req, res){
  res.render('home', { user: req.user });
});



function ensureLocalAuthenticated(req, res, next) {
  console.log(req.isAuthenticated());
  if (req.isAuthenticated()) { return next(); }
  res.redirect('/login');
}



module.exports = router;

on my app.js file i have configued passport like this:

//passportconfig
app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser(function(user, done){
  done(null, user.id)
})

passport.deserializeUser(function(id, done){
  User.findById(id, function(err, user){
    done(err, user)
  })
})

app.use('/', indexRouter);
app.use('/users', usersRouter);

isAuthenticated is always returning false,cant login with that middleware.If i remove it,i can login fine but then the '/home' is accessible by all users

dan brown
  • 323
  • 5
  • 14
  • what does `req.user` give you? Try putting it in `ensureLocalAuthenticated` – Dushyant Bangal Jul 13 '18 at 10:41
  • I added `console.log(req.user)` in `ensureLocalAuthenticated` .it returns undefined.after i try to log in – dan brown Jul 13 '18 at 10:50
  • That means passport is not able to load the user. In `passport.serializeUser` see whats the value of `user` and `req.cookies` – Dushyant Bangal Jul 13 '18 at 10:53
  • Also, are you using `cookie-parser`? Because that will load parse and load the cookie, passport will use the cookie to load the user. – Dushyant Bangal Jul 13 '18 at 10:54
  • 1
    Hey I figured it out.This was missing in app.js.Thanks `app.use(require('express-session')({ secret: 'keyboard cat', resave: false, saveUninitialized: false }));` – dan brown Jul 13 '18 at 13:48
  • Aah! that was going to be my next suggestion. You should post it as an answer so it will be helpful for others. – Dushyant Bangal Jul 13 '18 at 14:08
  • Maybe this is the answer you were looking for. https://stackoverflow.com/questions/18739725/how-to-know-if-user-is-logged-in-with-passport-js – Phyo Kyaw San Dec 14 '20 at 15:38

1 Answers1

0

Adding the following lines to app.js worked for me:

app.use(require('express-session')({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: false
}));

So passport is configured as follows:

var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var passport = require('passport');
var mongoose = require('mongoose');
var User = require('./models/user')
const LocalStrategy = require('passport-local').Strategy;

Using them:

app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());

app.use(require('express-session')({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: false
}));

// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }))
app.use(bodyParser.json())
app.use(express.static(path.join(__dirname, 'public')));

//passportconfig
app.use(passport.initialize());
app.use(passport.session());

// used to serialize the user for the session
passport.serializeUser(function(user, done) {
  done(null, user.id); 
 // 
});

// used to deserialize the user
passport.deserializeUser(function(id, done) {
  User.findById(id, function(err, user) {
      done(err, user);
  });
});
dan brown
  • 323
  • 5
  • 14