如何向用户显示Passport.js故障消息
我正在尝试设置本地策略并使用FailureMessages向用户显示身份验证错误,但我不确定正确的方法。
每次发生故障时,会话 每次发生故障,但会话永远不会清除。这是结果:
显然,最后一条消息是最新消息,但是我如何知道这些消息是来自当前失败还是过去发生的消息,因为我只想显示错误消息如果是当前故障。
auth.js
passport.use(new LocalStrategy(
function(username, password, done) {
myDatabase.findOne({ username: username }, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false, { message: 'Incorrect username or password.' }); }
if (!bcrypt.compareSync(password, user.password)) {
return done(null, false, { message: 'Incorrect username or password.' });
}
return done(null, user);
});
}
));
routes.js
app.route('/login').post(passport.authenticate('local', { failureRedirect: '/', failureMessage: true }),
(req, res) => {
res.redirect('/profile');
});
server.js
app.use(session({
secret: process.env.SESSION_SECRET,
resave: true,
saveUninitialized: true,
cookie: { secure: false },
key: 'express.sid',
store: store
}));
app.use(passport.initialize());
app.use(passport.session());
I'm trying to setup a Local Strategy and use failureMessages display authentication errors to the user but I'm unsure the correct way to do this.
The failureMessages are added to the req.session.messages each time a failure occurs but the session.messages are never cleared. Here is the result:
Obviously, the last message is the most recent, but how do I know if the messages are from a current failure or a one that occurred in the past because I only want to display an error message if it is a current failure.
auth.js
passport.use(new LocalStrategy(
function(username, password, done) {
myDatabase.findOne({ username: username }, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false, { message: 'Incorrect username or password.' }); }
if (!bcrypt.compareSync(password, user.password)) {
return done(null, false, { message: 'Incorrect username or password.' });
}
return done(null, user);
});
}
));
routes.js
app.route('/login').post(passport.authenticate('local', { failureRedirect: '/', failureMessage: true }),
(req, res) => {
res.redirect('/profile');
});
server.js
app.use(session({
secret: process.env.SESSION_SECRET,
resave: true,
saveUninitialized: true,
cookie: { secure: false },
key: 'express.sid',
store: store
}));
app.use(passport.initialize());
app.use(passport.session());
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我仍然是新手表达的新手,但是在尝试了许多不同的方式之后,当您想处理失败登录并想要发送错误消息或仅发送您的自定义消息并将其渲染时,我提出了此解决方案。您的登录页面(例如,使用EJS时):
I'm still new to express but after trying many different ways, I came out with this solution when you want to be able to handle the failure logging in and want to send the error message generated or just send your custom message and render it in your login page (when using EJS for example):
我能够通过设置
passreqtocallback选项来清理req.session.messages。这样,我们知道req.session.messages中包含的任何消息都是新的失败。I was able to clear the
req.session.messagesbefore sending a new failureMessage by setting thepassReqToCallbackoption. This way we know that any message contained in req.session.messages is a new failure.在您的
/登录请求中,您可以重新分配req.session.messages在发送响应后清除错误:In the GET request for your
/loginroute you can re-assignreq.session.messagesto clear the error after the response has been sent: