i'm using passportjs authenticate express app. did similar tutorial code, authenticating session messes me up.
in main workflow authenticate user using local strategy
passport.authenticate('local', function (err, user, info) { if (err) { req.flash('error', { msg: err.message }); return res.redirect('back'); } if (!user) { // punish abuser... }) .catch( function (err) { req.flash('error', { msg: err.message }); return res.redirect('back'); }); } else { // log user in debug('info: ' + 'logging in'.green.bold); req.login(user, function (err) { if (err) { debug('info: ' + 'error occured '.red.bold); req.flash('error', { msg: err.message }); res.redirect('back'); } // req.session.passport.user = user.id; // <-- tried hack, didn't work // send user on merry way res.redirect('/homepage'); }); } }) then req /homepage force them verify if user authenticated
app.all('/api*', passportconf.isauthenticated); where isauthenticated() defined as
exports.isauthenticated = function (req, res, next) { // user authenticated? if (req.isauthenticated()) { debug('info: ' + '----authentication verified'); return next(); } else { debug('info: ' + '----authentication verification failed'); // flash error message etc... return res.redirect('/login'); } }; the result shows:
info: --->> password matched! <<--- +0ms info: logging in +0ms info: serializing user +0ms ... post /login 302 295.015 ms - 64 ... executing (default): update "sessions" set "data"='{"cookie":{"//cookie"},"passport":{"user":37}}' ... info: ----authentication verification failed +0ms .... /api 302 19.094 ms - 68 executing (default): update "sessions" set "data"='{"cookie":{"//cookie"},"passport":{}, "attemptedurl":"/api"} ... info: de-serializing user +20ms ... executing (default): select "//fields" "users" "user" "user"."id" = 37 limit 1; error: 500 [object sequelizeinstance:user] +5ms the request passes password check , makes way until right before redirect , dies after being redirected.
there 3 potential causes observed:
- the 2 session update write identical except first 1 has user.id serialized in, after redirect, user gone.
- de-serializing user , select operation user happens after request sentenced death. there might ordering/async problem code (i looked @ everywhere , can't find anything..)
- the 500 [object sequelizeinstance:user] black box error, have no idea implies..
stuck in many nights... appreciated...
500 [object sequelizeinstance:user] seems indicate passing sequelize instance somewhere thinks error. perhaps calling callback expects err, user user:
fn(user) // should have been fn(null, user) 
Comments
Post a Comment