Node.js use passport with LocalStrategy in Authentication Part 2

Custom callback for passport.authenticate

        In previous post (part 1), the passport module has default response. Now, this post will show how to override the default response. Instead of redirecting to other routes, we can send the client back the result immediately. It is useful in Backend API service design.

         We override passport module default callback by providing our callback function as the 3rd argument in the function passport.authenticate(). If we move the mouse pointer to hover the name of function authenticate(), it will pull up a description about this function (I use Visual Studio Code). This description comes from the source code of passport module. We could provide our callback to override the default manner in authentication. It also provides an example of applying the custom callback.

description of the authticate() function is pull up on screen

        Modify the app.post("/login) code as below.  Noted that passport.authenticate() is placed inside the body of the app.post() handler function, instead of 2nd argument of app.post() function. 

app.post(
"/login", function(req, res, next){
passport.authenticate(
"local",
{
successRedirect: "/secrets",
failureRedirect: "/login",
session:false
},
function(err, user, info, status){
if(err)
return res.send(err);
if(!user)
return res.send(info);

return res.send(user);

}
)(req, res, next);
}
);

        The arguments of the callback function (err, user, info, status) is referring to the arguments we passed to cb function of Strategy verify function. 

argument of customer callback refer to that of cb function in Strategy verify function

        Now we test it with Postman. We pass a string of "intend error" as 1st argument of the cb function in Strategy verify function if the password is not match. Now the postman only receive the same message as we code our callback function as the 3rd argument in passport.authenticate()

Postman return "intend error" string
        If we post the correct username and password, the server return the username to us instead of the message in GET /secrets route. This means the passport will no longer redirect to another route as we stated in the 2nd argument of passport.authenticate() function. It is because we override the default callback function.

Postman receive a object {name: Tom}
        We can call res.redirect() function to redirect another route if need.

app.post(
"/login", function(req, res, next){
passport.authenticate(
"local",
{
successRedirect: "/secrets",
failureRedirect: "/login",
session:false
},
function(err, user, info, status){
if(err)
return res.send(err);
if(!user)
return res.send(info);

//return res.send(user);
return res.redirect("/secrets");

}
)(req, res, next);
}
);

        The server now return the message as we access the route GET  /secrets after we login successfully.
Postman receive route "GET /secrets" message

We can now redirect other routes if login fails or error occurs in the Strategy verify function.

Now, we can handle how server respond for all situation in authentication with the custom callback.

The source code(v1.2) of this part is uploaded to github.

Next part, we will add Session so that the server can remember the client. You can find the function of Session in post Cookie and Session.

Comments

Post a Comment

Popular posts from this blog

Use okhttp to download file and show progress bar

Image
  Okhttp also can be used to download files from the internet to the app-specific storage . In this post, download progress is shown by the progress bar. The outcome can be viewed in this link . First, Internet permission is required in the manifest file <uses-permission android :name = "android.permission.INTERNET" /> Then we add the dependency of Okhttp in the module’s build.gradle file. The download process is done in coroutines so kotlinx-coroutines dependency also is required implementation 'com.squareup.okhttp3:okhttp:4.9.3' implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3' The developer of okhttp library has provided the example for download and get the progress in https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/Progress.java After studying the code, I implemented it in Kotlin and modified it a bit. A class is created to handle the download. The constructor has CoroutineScope and Prog...
Read more

Download File into app specific storage with Retrofit

Image
  In the previous post , DownloadManager is used to download files into the device’s public directory. If the file contains sensitive data, we hope the file can be saved into the app-specific storage rather than public directory. Therefore, we need another method to download. Retrofit is a type-safe  HTTP client which help us transfer information and data over a network. Dependency Add below dependency into module build.gradle file. implementation( "com.squareup.retrofit2:retrofit:2.9.0" ) implementation( "com.squareup.retrofit2:converter-gson:2.9.0" ) We add codes on the same module of DownloadManager. A button is added next to the DownLoadManager Button. When it is clicked, it will start to download the file using Retrofit. Implementation We first create a interface so that Retrofit can translate the java/Kotlin function to HTTP API.  The notation @Streaming is used for downloading large file so that it would not write too large data into memory at once. The do...
Read more

Unzipp file with Zip4j library

Image
  Java library has a built-in class java.util.zip.ZipFile and java.util.zip.ZipInputSteam. However, those class only can unzip files without a password.  For those zip files with password protected, we use 3rd party library Zip4j I have created a password protected zip file for testing. Structure like this. The name with ‘/’ is a directory. All files are photo in jpg format. Photo2/ 20190314_103435_HDR.jpg 20190314_112925_HDR.jpg 20190314_103702_HDR.jpg primary/ 20190316_121528_HDR.jpg secondary1/ 20190422_155924_HDR.jpg seconday2/ 20190314_103252_HDR.jpg  Test zip file download link: https://drive.google.com/uc?export=download&id=1XDMUGuvOPkTR2TH_Ikb5-2SIR7nXQ6yk Unzip password: aB3d Add dependency in the module gradle. implementation 'net.lingala.zip4j:zip4j:2.11.5' I have created a new module for this practice and copied the code used in the previous practice download file with Okhttp . Three ...
Read more