req.session.passport和req.user空,serializeUser和deserializeUser都不会被调用
我正在使用Express(v4.11.2)与护照,以支持多个提供商(本地,脸谱,微博和谷歌)访问我正在build设的networking应用程序。 作为后端,我使用的是mysql。 现在我有两个本地策略:本地注册和本地login。 我遇到的问题是,req.session.passport和req.user总是空的,实际上,serializeUser和deserializeUser永远不会被调用。
这里是快递和护照的设置:
var bodyParser = require('body-parser'); var session = require('express-session'); var MemoryStore = session.MemoryStore; var _ = require('underscore'); var passport = require('passport'); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({extended: true})); app.use(session({ key: 'KEY', secret: 'SECRET331156%^!fafsdaasd', store: new MemoryStore({reapInterval: 60000 * 10}), saveUninitialized: true, resave: false })); app.use(passport.initialize()); app.use(passport.session()); require('./config/passport')(passport); // pass passport for configuration 这里是身份validation策略的护照文件:
module.exports = function (passport) { passport.serializeUser(function (user, done) { logger.info('SERIALIZE USER'); done(null, user.id); }); passport.deserializeUser(function (id, done) { logger.info('DESEIRALIZE USER!'); mysqllib.getConnection(function (err, connection) { if (err) { done(err); } var sql = "SELECT * FROM users WHERE idusers = ?"; logger.info('sql: ' + sql); connection.query(sql, [id], function (err, rows) { connection.release(); var user = {}; user.id = rows[0].idusers; done(err, user.id); }); }); }); passport.use('local-signup', new LocalStrategy({ usernameField: 'email', passwordField: 'password', passReqToCallback: true // allows us to pass back the entire request to the callback }, function (req, email, password, done) { logger.info('CALLING local-signup'); var firstname = req.body.firstname; var lastname = req.body.lastname; var role = req.body.role; mysqllib.getConnection(function (err, connection) { var sql = "INSERT INTO users VALUES(0, ?, ?, ?, ?, null, ?, 0, null, null, null, null, null, null, 0, 0)"; logger.info('sql: ' + sql); connection.query(sql, [email, password, firstname, lastname, role], function (err, rows) { connection.release(); if (err) { if (err.code == 'ER_DUP_ENTRY') { logger.info('er_dup_entry'); return done(err); } else { logger.info('general err'); return done(err); } } else { logger.info('everything is OK!'); var user = {}; user.id = rows.insertId; req.session.user_auth = user.id; return done(null, user); } }); }); })); passport.use( 'local-login', new LocalStrategy({ usernameField: 'email', passwordField: 'password', passReqToCallback: true // allows us to pass back the entire request to the callback }, function (req, email, password, done) { mysqllib.getConnection(function (err, connection) { if (err) { logger.info('getConnection: ' + err); return done(err); } var sql = "SELECT idusers, first_name, last_name, email, phone, dob, address, role, photo1, photo2, photo3, photo4, phonevalidated, uservalidated FROM users WHERE email = " + connection.escape(email) + " AND password = " + connection.escape(password); connection.query(sql, function (err, rows) { connection.release(); if (err) { logger.error("select user", err); return done(err); } else if (rows.length) { var user = rows[0]; user.id = rows[0].idusers; return done(null, user); } else { logger.warn('Incorrect Login credentials, username: ' + email + ' password: ' + password); return done(null, false, {message: 'unauthorized'}); } }); }); }) ); };
最后,这里是我如何使用快递路线的策略:
app.post('/login', function (req, res, next) { passport.authenticate('local-login', function (err, user, info) { if (err) { mysend(res, 500, 'Ups. Something broke!'); } else if (info) { mysend(res, 401, 'unauthorized'); } else { mysend(res, 200, JSON.stringify(user)); logger.info(req.user); logger.info(req.session); } })(req, res, next); });
一切工作正常,甚至在一个策略中,我可以在会话中设置用户ID的值如下:
req.session.user_id = user.id
并继续手动使用它,但我真的不明白为什么serializeUser和deserializeUser没有被调用。
您需要在自定义callback中调用req.login() ,然后调用serializeUser并将用户对象设置为会话:
app.post('/login', function (req, res, next) { passport.authenticate('local-login', function (err, user, info) { if (err) { mysend(res, 500, 'Ups. Something broke!'); } else if (info) { mysend(res, 401, 'unauthorized'); } else { req.login(user, function(err) { if (err) { mysend(res, 500, 'Ups.'); } else { mysend(res, 200, JSON.stringify(user)); } } } })(req, res, next); });