如何显示(flash?)消息有关护照本地策略身份验证的成功/失败/错误类型
我关注了关于节点,Express,Passport,Mongo,EJS和其他一些支持库和概念的教程。它可以引导您浏览该应用程序,路线,身份验证和策略。最终,您可以将API的所有CRUD操作和一些谦虚的HTML页面注册,登录和查看DB的条目。以下是两个合作的片段:(
```authRouter.route('/signin')
.post(passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/auth/signin'
}));```
符合文档)在本地策略中的代码:
```if(user) {
done(null, user);
} else {
done(null, false)
}
} catch (error) {
done(error, false);```
...几乎没有比定义本地策略可以产生的三个州的作用更多:成功,失败和错误。这实际上有效。我测试了它。如果用户在数据库中(并且在此处未显示的密码检查)...或者没有...或出现例外,请调试或开发人员工具显示这3个状态中的每一个。但是,您看到的唯一区别是重定向是从身份验证的第二个参数中的选项/设置发生的。
但是,用户需要比他/她更了解刚刚回到主页或留在登录页面。是的,其中一些签名具有覆盖,甚至是开放式的。您可以将想要的消息传递给用户查看或可能是这些消息的饲料的整个对象。本地策略摘要看起来像这样:
```if ( user ) {
done(null, user, { message: `You are logged in. Welcome back ${user.name}.` } );
} else {
done(null, false, { message: 'Invalid username/password combination.' } );
}
} catch (error) {
done(error, false, { message: error } );```
authrouter可以像:(
```authRouter.route('/signin')
.post(
passport.authenticate(
'local',
{
successRedirect: '/',
successMessage: true,
successFlash: true,
failureRedirect: '/auth/signin',
failureMessage: true,
failureFlash: true
},
function (err, user, msg) {
try {
if (err) {
//?
} else {
if (user) {
//?
}```
额外的选项似乎没有效果并且没有很好地记录在Passport,Passport或Blog/help网站和自定义回调的情况下),但是我仍然留下了如何处理那些“ //?”的难题。据我所知,通常这是您放入res.render或res的位置,并将额外的信息传递给可以通过有条件的EJS<%...%...%> s拾取的视图。但是没有RES或REQ可以或下一个()s。有些站点甚至希望您安装Express-Flash。这应该使您的<%...%&gt中显示“ sakess.error”;检查,但事实并非如此。
我只想提出一点注意,最终是基于本地策略的决策/回报值,以便能够通过路由器燃烧并以某种方式进入HTML页面。如果我包含了我记录的所有搜索和示例/示例/教程阅读,我将这篇文章长度三倍。但这是一个基本的样板功能,对吗?所有(基本或好的)网站都有以下内容:很少的消息让您知道您是否已成功登录,或者您是否需要出于某种原因继续尝试?请聪明地拥有Stackoverflow的人,您是我唯一的希望!
I am following a tutorial on node, express, passport, mongo, EJS, and a few other supporting libraries and concepts. It walks you through the app, the routes, authentication, and strategies. You end up with all the CRUD operations of an API and a few unassuming HTML pages to sign up, login, and view entries from the DB. Here are two snippets that work together:
```authRouter.route('/signin')
.post(passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/auth/signin'
}));```
and (true to the documentation) code in the local strategy:
```if(user) {
done(null, user);
} else {
done(null, false)
}
} catch (error) {
done(error, false);```
...that almost literally doesn't do much more than defining the three states a local strategy can produce: success, failure, and error. This actually works. I tested it. If the user is in the database (and the password checking not shown here passes)...or not...or an exception arises, debugging or developer tools reveal that each of these 3 states occur. But the only difference you'd see is the redirection that occurs from the options/settings in the second parameter of authenticate.
But a user needs to know more than he/she has just been taken back to the home page or is staying at the login page. Yes, some of those signatures have overrides or are even open-ended. You could pass back messages you'd like to the user to see or whole objects that could be the fodder for those messages. The local strategy snippet could look like this:
```if ( user ) {
done(null, user, { message: `You are logged in. Welcome back ${user.name}.` } );
} else {
done(null, false, { message: 'Invalid username/password combination.' } );
}
} catch (error) {
done(error, false, { message: error } );```
and the authRouter could be as sophisticated as:
```authRouter.route('/signin')
.post(
passport.authenticate(
'local',
{
successRedirect: '/',
successMessage: true,
successFlash: true,
failureRedirect: '/auth/signin',
failureMessage: true,
failureFlash: true
},
function (err, user, msg) {
try {
if (err) {
//?
} else {
if (user) {
//?
}```
(extra options that don't seem to have an effect and aren't documented very well by passport or blogs/help sites AND a custom callback) but I am still left with the conundrum of what to do with those "//?"s up there. As far as I know, this is normally where you'd put your res.render or res.redirect and pass extra info to the view that can be picked up with conditional ejs <% ... %>s. But there is no res or reqs to be had or next()s. Some sites even want you to install express-flash. That is supposed to make "messages.error" show up in your <% ... %> checks, but it doesn't.
I just want a little note that ultimately is based on the decision/return values of the local strategy to be able to be bubbled up via the router and get to the HTML page somehow. I would triple this post length if I included all the googling and demo/example/tutorial reading I've logged. But this is a basic boilerplate function, right? All (basic or good) websites have this: little messages that let you know if you've logged in successfully or if you need to keep trying for some reason or another? Please smart people of StackOverflow, you're my only hope!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论