Passport.js LocalStrategy返回401,尽pipe成功的反序列化

我读了很多类似的话题,但没有发现像我的东西。 这是我在控制台中看到的:

85.114.2.255 - - [Thu, 10 Apr 2014 11:46:36 GMT] "GET /login HTTP/1.1" 200 >>>>>>>>>>>>>>>>>>>>>>>>>>> Local Authentication Executing (default): SELECT * FROM `phpfox_user` WHERE `phpfox_user`.`email`='zelibobla@gmail.com' LIMIT 1; <<<<<<<<<<<<<<<<<<<<<<<<<< SUCCESS ************************** SERIALIZING 13051 85.114.2.255 - - [Thu, 10 Apr 2014 11:46:37 GMT] "POST /login HTTP/1.1" 302 >>>>>>>>>>>>>>>>>>>>>>>>>>>>> DESERIALIZING 13051 Executing (default): SELECT * FROM `phpfox_user` WHERE `phpfox_user`.`user_id`=13051 LIMIT 1; <<<<<<<<<<<<<<<<<<<<<<<<<<<< DESERIALIZED: zelibobla@gmail.com [Function] 85.114.2.255 - - [Thu, 10 Apr 2014 11:46:37 GMT] "GET / HTTP/1.1" 401 

这里有点干扰,但是我们可以在这里看到login表单的请求是成功的。 Smubmitted表单接受并触发数据库search用户。 用户find并序列化到会话中。 之后,redirect到“/”路线。 在这个用户反序列化执行和(惊喜!)HTTP_401返回。 我花了两天的时间来弄清楚为什么我会得到这样一个奇怪的行为。 任何帮助是appeciated。

这是代表我的应用程序的简化代码。

 var express = require( 'express' ); var path = require( 'path' ); var passport = require( 'passport' ); core = express(); core.passport = require( 'passport' ); var LocalStrategy = require( 'passport-local' ).Strategy; core.passport.use( 'local', new LocalStrategy( function( email, password, done ){ console.log( '>>>>>>>>>>>>>>>>>>>>>>>>>>> Local Authentication' ); core.factories.user.find({ where: { email: email, }}) .success( function( user ){ if( null === user ){ return done( /* errorText = */ null, false, { message: 'User with specified email not found' } ); } var authService = core.services.authentication() hash = user.password, salt = user.password_salt; if( authService.isPasswordValid( password, hash, salt ) ){ console.log( "<<<<<<<<<<<<<<<<<<<<<<<<<< SUCCESS" ); return done( /* errorText = */ null, user ); } else { console.log( "<<< !!! <<<<<<<<<<<<<<<<<<<<<<< ERROR" ); return done( /* errorText = */ null, false, { message: 'Password invalid' }); } }) .error( function( errorText ){ return done( errorText ); }); }) ); core.passport.serializeUser( function( user, done ){ console.log( '************************** SERIALIZING ' + user.user_id ); done( /* errorText = */ null, user.user_id ); }); core.passport.deserializeUser( function( id, done ){ console.log( '>>>>>>>>>>>>>>>>>>>>>>>>>>>>> DESERIALIZING ' + id ); core.factories.user.find( id ) .success( function( user ){ console.log( '<<<<<<<<<<<<<<<<<<<<<<<<<<<< DESERIALIZED: ' + user.email ); console.log( done ); done( /* errorText = */ null, user ); }) .error( function( errorText ){ console.log( '<<<< !!! <<<<<<<<<<<<<<<<<<<<<<<<< error\n' + errorText ); done( errorText ); }); }); core.use( express.cookieParser() ); core.use( express.bodyParser() ); core.use( express.session({ secret: "GodBlessJaredHanson" }) ); core.use( passport.initialize() ); core.use( passport.session() ); core.use( express.methodOverride() ); core.use( core.router ); core.use( express.static( path.join( __dirname, 'public' ) ) ); core.use( express.errorHandler({ dumpExeptions: true, showStack: true }) ); core.set( 'views', __dirname + '/public' ); core.engine( 'html', require( 'ejs' ).renderFile ); core.get( '/', [ core.passport.authenticate( 'local' ), function( request, response ){ console.log( "****************** GOOD! I am rendering index.html ********************" ); return response.render( 'index.html' ); }, ] ); core.get( '/login', function( request, response ){ response.render( 'login.html', {errors:{}, email: ''} ); }, ); core.post( '/login', core.passport.authenticate( 'local', {successRedirect: '/', failureRedirect: '/login' } ) ); var instance = core.listen( '1339' ); module.exports = instance; 

更新:

那么,图书馆作者的例子帮助。 https://github.com/jaredhanson/passport-local/blob/master/examples/login/app.js

代替

 core.get( '/', [ core.passport.authenticate( 'local' ), function( request, response ){ console.log( "****************** GOOD! I am rendering index.html ********************" ); return response.render( 'index.html' ); }, ] ); 

访问控制应该这样执行:

 core.get( '/', [ function (req, res, next) { if (req.isAuthenticated()) { return next(); } res.redirect('/login'); }, function( request, response ){ console.log( "****************** GOOD! I am rendering index.html ********************" ); return response.render( 'index.html' ); }, ] ); 

误会的关键是像BearerStrategy这样的其他策略被用来对每个新的请求进行authentication处理。