Node.js use passport with LocalStrategy in Authentication Part 5

Establish a session with custom callback of passport.authenticate()

         In post part 2, we have provide custom callback function into passport.authenticate() function. As the description of authenticate() function stated, we have to establish a session by ourself. This post demonstrate to establish a session. 

        We modify the code(v1.2) in part 2. First, import and setup session.

import express from "express";
import bodyParser from "body-parser";
import passport from "passport";
import {Strategy} from "passport-local";
import session from "express-session";


const app = express();

const PORT = 6000;

app.use(bodyParser.urlencoded({extends:false}));
app.use(bodyParser.json());
 
app.use(session({
secret: 'you should keep this in secret',
resave: false,
saveUninitialized: false,
}));

app.use(passport.authenticate('session'));

        Second, assign the argument user to a property user of an object and pass this object of req.session[passport] inside the body of custom callback. We imitate what the default manner of passport done to save user data into Session. Then we check the content of req.session and req.isAuthenticate() in the GET /secrets route.

app.post(
"/login", function(req, res, next){
passport.authenticate(
"local",
{
// successRedirect: "/secrets",
// failureRedirect: "/login",
session:true
},
function(err, user, info, status){
if(err){
return res.send(err);
//return res.redirect("/login");
}
if(!user){
return res.send(info);
//return res.redirect("/login");
}
//return res.send(user);
console.log("inside authenticate callback");
console.log(req.session);
req.session["passport"] = {user:user};

return res.redirect("/secrets");

}
)(req, res, next);
}
);

app.get("/secrets", (req, res) =>{
console.log("inside /secrets");
console.log(req.isAuthenticated());
console.log(req.session);
return res.send("This is secrets page. Access this page after login");
});

 Now we test with Postman. It received error message "Fail to deserialize user out of session". Same error message also printed on the terminal. 

Then we add the passport.deserializeUser() method at the end of file.


passport.deserializeUser(function(user, cb) {
process.nextTick(function() {
return cb(null, user);
});
});

We use Postman to test again. Now it get /secrets message. The terminal of server shows the content of req.session before we assign user to it and after redirect to "/secrets". We also note that the result of req.isAuthenticated() is true. Therefore, we now can use req.isAuthenticated() to restrict client access like part 3.

Postman invoke POST /login and receive secrets page message

 For additional test, if we change the property name assigned to req.session["passport"], the result of req.isAuthenticated() becomes false.

req.session["passport"] = {usered:user};

return res.redirect("/secrets");

terminal message on server

         We change back the property name assigned to req.session["passport"]. The next thing is to pass the user information stored in session to req.user when the client access the api service. We add a line console.log(req.user) inside GET /secrets route to see the content.

app.get("/secrets", (req, res) =>{
console.log("inside /secrets");
console.log(req.isAuthenticated());
console.log(req.session);
console.log(req.user);
return res.send("This is secrets page. Access this page after login");
});

         Use postman to login and we see there is user information in req.user. Passport has retrieved the content of user in Session and passed it to req.user automatically as default manner.

terminal message on server

        By assigning the user information to Session in the format of Passport default way in our custom callback function, Passport will operate normally as using the default manner of default callback. The code(v2.4) used in this post is uploaded to github.

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

Use okhttp to download file and show progress bar

Image
  Okhttp also can be used to download files from the internet to the app-specific storage . In this post, download progress is shown by the progress bar. The outcome can be viewed in this link . First, Internet permission is required in the manifest file <uses-permission android :name = "android.permission.INTERNET" /> Then we add the dependency of Okhttp in the module’s build.gradle file. The download process is done in coroutines so kotlinx-coroutines dependency also is required implementation 'com.squareup.okhttp3:okhttp:4.9.3' implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3' The developer of okhttp library has provided the example for download and get the progress in https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/Progress.java After studying the code, I implemented it in Kotlin and modified it a bit. A class is created to handle the download. The constructor has CoroutineScope and Prog...
Read more

Download File into app specific storage with Retrofit

Image
  In the previous post , DownloadManager is used to download files into the device’s public directory. If the file contains sensitive data, we hope the file can be saved into the app-specific storage rather than public directory. Therefore, we need another method to download. Retrofit is a type-safe  HTTP client which help us transfer information and data over a network. Dependency Add below dependency into module build.gradle file. implementation( "com.squareup.retrofit2:retrofit:2.9.0" ) implementation( "com.squareup.retrofit2:converter-gson:2.9.0" ) We add codes on the same module of DownloadManager. A button is added next to the DownLoadManager Button. When it is clicked, it will start to download the file using Retrofit. Implementation We first create a interface so that Retrofit can translate the java/Kotlin function to HTTP API.  The notation @Streaming is used for downloading large file so that it would not write too large data into memory at once. The do...
Read more

Unzipp file with Zip4j library

Image
  Java library has a built-in class java.util.zip.ZipFile and java.util.zip.ZipInputSteam. However, those class only can unzip files without a password.  For those zip files with password protected, we use 3rd party library Zip4j I have created a password protected zip file for testing. Structure like this. The name with ‘/’ is a directory. All files are photo in jpg format. Photo2/ 20190314_103435_HDR.jpg 20190314_112925_HDR.jpg 20190314_103702_HDR.jpg primary/ 20190316_121528_HDR.jpg secondary1/ 20190422_155924_HDR.jpg seconday2/ 20190314_103252_HDR.jpg  Test zip file download link: https://drive.google.com/uc?export=download&id=1XDMUGuvOPkTR2TH_Ikb5-2SIR7nXQ6yk Unzip password: aB3d Add dependency in the module gradle. implementation 'net.lingala.zip4j:zip4j:2.11.5' I have created a new module for this practice and copied the code used in the previous practice download file with Okhttp . Three ...
Read more