Node.js use passport with LocalStrategy in Authentication Part 4

 Display failure message 

         From the previous post, we redirect to GET /login route when the authentication fails without telling any reason. However, we usually need to explain to the client about what's wrong. 

        That's means we need to return the addition message we stated in Strategy verify function. Beside we use custom callback to return those message in part 2. We can also get the message by Passport default manner.

passport.use(
"local",
new Strategy(
{usernameField: "username", passwordField:"password"},
function verify(username, password, cb){
try{
const userCredentials = getUserInfo(username);
if(!userCredentials)
return cb(null, false, { message:"User does not exist"});
if(password === userCredentials.password){
const userInfo = {};
userInfo.name = userCredentials.name;
userInfo.id = userCredentials.id;
return cb(null, userInfo, {message: "login sucess"});
}

return cb(null, false, {message: "incorrect password"});

}catch(err){
return cb(null, false, {message: "exception error ocurred when access database"});
}
}
)
);

         According to the description in passport website,  we add a property failureMessage: true in the 2nd argument of passport.authenticate() function. The message will add to req.session.messages. Let's try on this. We modified the code(v2.2) in part 3. Add failureMessage:true and 

app.post(
"/login",
passport.authenticate(
"local",
{
successRedirect: "/secrets",
failureRedirect: "/login",
failureMessage: true
}
)
);

retrieve req.session.messages in GET "/login" handler.

app.get("/login", (req, res) =>{

let msg;

console.log(req.session);
if(req.session.messages){
msg = req.session.messages;
}

if(msg)
return res.send(msg);

return res.send("this is login page. Don't need authentication");
});

         We submit wrong password to POST "/login" route and Postman receive message "incorrect password". 

Postman received a message "incorrect password"

         We submit again but this time with wrong username. Postman has received 2 messages. The 1st one is we got in previous trial (incorrect password). The 2nd is failure message of this trial (user does not exist);

Postman receives 2 message
If we look at the terminal in server side, req.session.messages is an array of string. The failure messages accumulates.
console.log on server side
Once we login successfully, 

the failure message will be cleared.

Then if we fail login again, req.session.messages starts to accumulates

Printing message on the terminal of server.

            If we don't want the req.session.messages accumulates, we can clear it manually after retrieved the message. Here is the modified code.

app.get("/login", (req, res) =>{

let msg;

console.log(req.session);
if(req.session.messages?.length > 0){
//msg = req.session.messages;
msg = req.session.messages[0];
//clear the messages in session. Otherwise, the messages will accumulate.
req.session.messages = [];
}

if(msg)
return res.send(msg);

return res.send("this is login page. Don't need authentication");
});

Now we submit wrong username and wrong password and look at the result.

Postman receive 1 message for 1st trial
Postman receive 1 message for 2nd trial
        Now we can see 2nd trial receive 1 message only. And the server also only store 1 message.

console message of server

        Now, we can retrieve the login failure message after redirect and get only 1 message of failure caused by that trial. The completed code(v2.3)  can be found github.

 

Can retrieve failure message even we do not store userinfo in Session

         At least, we need to import and setup Session module in order to retrieve the failure message since Passport pass the message into Session storage. We modified the code(v1.1) in post part 1 as what we does in this post. Set failureMessage:true, call req.session.messages in GET /login route.

        The Modified code(v1.3) stored in github.

 

 

 

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

Use okhttp to download file and show progress bar

Image
  Okhttp also can be used to download files from the internet to the app-specific storage . In this post, download progress is shown by the progress bar. The outcome can be viewed in this link . First, Internet permission is required in the manifest file <uses-permission android :name = "android.permission.INTERNET" /> Then we add the dependency of Okhttp in the module’s build.gradle file. The download process is done in coroutines so kotlinx-coroutines dependency also is required implementation 'com.squareup.okhttp3:okhttp:4.9.3' implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3' The developer of okhttp library has provided the example for download and get the progress in https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/Progress.java After studying the code, I implemented it in Kotlin and modified it a bit. A class is created to handle the download. The constructor has CoroutineScope and Prog...
Read more

Download File into app specific storage with Retrofit

Image
  In the previous post , DownloadManager is used to download files into the device’s public directory. If the file contains sensitive data, we hope the file can be saved into the app-specific storage rather than public directory. Therefore, we need another method to download. Retrofit is a type-safe  HTTP client which help us transfer information and data over a network. Dependency Add below dependency into module build.gradle file. implementation( "com.squareup.retrofit2:retrofit:2.9.0" ) implementation( "com.squareup.retrofit2:converter-gson:2.9.0" ) We add codes on the same module of DownloadManager. A button is added next to the DownLoadManager Button. When it is clicked, it will start to download the file using Retrofit. Implementation We first create a interface so that Retrofit can translate the java/Kotlin function to HTTP API.  The notation @Streaming is used for downloading large file so that it would not write too large data into memory at once. The do...
Read more

Unzipp file with Zip4j library

Image
  Java library has a built-in class java.util.zip.ZipFile and java.util.zip.ZipInputSteam. However, those class only can unzip files without a password.  For those zip files with password protected, we use 3rd party library Zip4j I have created a password protected zip file for testing. Structure like this. The name with ‘/’ is a directory. All files are photo in jpg format. Photo2/ 20190314_103435_HDR.jpg 20190314_112925_HDR.jpg 20190314_103702_HDR.jpg primary/ 20190316_121528_HDR.jpg secondary1/ 20190422_155924_HDR.jpg seconday2/ 20190314_103252_HDR.jpg  Test zip file download link: https://drive.google.com/uc?export=download&id=1XDMUGuvOPkTR2TH_Ikb5-2SIR7nXQ6yk Unzip password: aB3d Add dependency in the module gradle. implementation 'net.lingala.zip4j:zip4j:2.11.5' I have created a new module for this practice and copied the code used in the previous practice download file with Okhttp . Three ...
Read more