passport.deserializeUser 从不调用
Posted
技术标签:
【中文标题】passport.deserializeUser 从不调用【英文标题】:passport.deserializeUser never call 【发布时间】:2017-12-06 20:57:51 【问题描述】:请帮助我制定护照本地策略。当我尝试登录时,我的护照流程是:序列化、成功验证并重定向到 req.user 未定义的“/”。在护照流程中,每次序列化后都会调用反序列化,但在我从来没有。不知道bug在哪里,谢谢帮助。
要求:
var express = require('express');
var bodyParser = require('body-parser');
var objection = require('objection');
var Model = objection.Model;
var Knex = require('knex');
var bcrypt = require('bcrypt');
var expressValidator = require('express-validator');
var passport = require('passport');
var cookieParser = require('cookie-parser');
var session = require('express-session');
var LocalStrategy = require('passport-local').Strategy;
var api = express();
策略中间件:
passport.use(new LocalStrategy(
async function (username, password, done)
var user = await User.findOne(username);
if (!user)
return done(null, false, message: 'Incorrect username.');
if (!bcrypt.compareSync(password, user.password))
return done(null, false, message: 'Incorrect password.');
else
return done(null, user);
));
序列化一个反序列化方法:
passport.serializeUser(function (user, done)
console.log("serialialize");
done(null,user.id);
);
passport.deserializeUser(async function (id, done)
console.log("deserialialize");
let user = await User.findById(id);
if (user)
done(null, user);
);
中间件:
api.use((req, res, next) =>
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
);
api.use(bodyParser.json());
api.use(expressValidator());
api.use(cookieParser()); // required before session.
api.use(session(secret: 'keyboard cat', resave: false, saveUninitialized: false));
api.use(passport.initialize());
api.use(passport.session());
数据库配置:
var knex = Knex(
client: 'pg',
connection:
user: 'marossmrek',
password: '12345',
database: 'ita-js'
);
Model.knex(knex);
class Base extends Model
static get tableName()
return this.name.toLowerCase();
static async findById(id)
return await this.query().where(id: id).limit(1).first();
class User extends Base
static async findOne(username)
return await this.query().where(username: username).limit(1).first();
用户登录路径:
api.post('/login',
passport.authenticate('local', failureRedirect: '/login' ),
function(req, res)
console.log('Success auth');
res.redirect('/');
);
api.get('/logout', (req, res) =>
req.logout();
res.end();
);
api.get('/', (req,res)=>
console.log("After redirect: " +req.user);
res.end();
);
api.listen(5000, () =>
console.log("I listen on port 5000");
);
【问题讨论】:
【参考方案1】:如果您序列化整个用户,则反序列化整个用户对象而不仅仅是 id。
passport.serializeUser(function (user, done)
done(null, user);
);
passport.deserializeUser(function (user, done)
done(null, user);
);
【讨论】:
它与 passport.deserializeUser never call 问题有什么关系?以上是关于passport.deserializeUser 从不调用的主要内容,如果未能解决你的问题,请参考以下文章
护照身份验证不起作用。从未调用过的 Passport.serializeUser 和 passport.deserializeUser 会被调用