For any request you can check if a user is authenticated or not using this method. app.get(‘/some_path’,checkAuthentication,function(req,res){ //do something only if user is authenticated }); function checkAuthentication(req,res,next){ if(req.isAuthenticated()){ //req.isAuthenticated() will return true if user is logged in next(); } else{ res.redirect(“/login”); } }
If user is logged in, passport.js will create user object in req for every request in express.js, which you can check for existence in any middleware: if (req.user) { // logged in } else { // not logged in } You can create simple express.js middleware for that, that will check if user is logged … Read more
As zeMirco points out, the underlying superagent module supports sessions, automatically maintaining cookies for you. However, it is possible to use the superagent.agent() functionality from supertest, through an undocumented feature. Simply use require(‘supertest’).agent(‘url’) instead of require(‘supertest’)(‘url’): var request = require(‘supertest’); var server = request.agent(‘http://localhost:3000’); describe(‘GET /api/getDir’, function(){ it(‘login’, loginUser()); it(‘uri that requires user to be … Read more
The toArray function exists on the Cursor class from the Native MongoDB NodeJS driver (reference). The find method in MongooseJS returns a Query object (reference). There are a few ways you can do searches and return results. As there are no synchronous calls in the NodeJS driver for MongoDB, you’ll need to use an asynchronous … Read more
My issue was not specifying to send cookies when using fetch on the client-side. It worked after including the credentials: ‘include’ field in the request. fetch(‘/api/foo’, {credentials: ‘include’})
You can name your local strategies to separate them. // use two LocalStrategies, registered under user and sponsor names // add other strategies for more authentication flexibility passport.use(‘user-local’, new LocalStrategy({ usernameField: ’email’, passwordField: ‘password’ // this is the virtual field on the model }, function(email, password, done) { User.findOne({ email: email }, function(err, user) { … Read more
There’s a passReqToCallback option that you can enable, like so: passport.use(new LocalStrategy( {usernameField: ’email’, passReqToCallback: true}, function(req, email, password, done) { // now you can check req.body.foo } )); When, set req becomes the first argument to the verify callback, and you can inspect it as you wish.
There are many questions asked here, and it seems that even though the questions are asked in the context of Node and passport.js the real questions are more about workflow than how to do this with a particular technology. Let’s use @Keith example setup, modified a bit for added security: Web server at https://example.com serves … Read more
Brice’s answer is great, but I still noticed an important distinction to make; the Passport guide suggests using .logout() (also aliased as .logOut()) as such: app.get(‘/logout’, function(req, res){ req.logout(); res.redirect(“https://stackoverflow.com/”); //Can fire before session is destroyed? }); But as mentioned above, this is unreliable. I found it behaved as expected when implementing Brice’s suggestion like … Read more
Follow the example to avoid the out-of-order middleware hell that express makes it so easy to enter. Straight from the docs. Note how yours does not match this exactly. var app = express(); app.use(require(‘serve-static’)(__dirname + ‘/../../public’)); app.use(require(‘cookie-parser’)()); app.use(require(‘body-parser’).urlencoded({ extended: true })); app.use(require(‘express-session’)({ secret: ‘keyboard cat’, resave: true, saveUninitialized: true })); app.use(passport.initialize()); app.use(passport.session()); Docs cookieParser session … Read more