PassportJS 对用户进行身份验证,但 returns 401 Unauthorized 后续请求
PassportJS authenticates user but returns 401 Unauthorized on subsequent requests
我正在用 NodeJS 编写我的第一个应用程序,所以请多多包涵。我已经成功地通过我们的 Active Directory 对用户进行身份验证,我可以看到 connect.sid cookie 被设置并用于后续请求。
通过转储 req 对象调试应用程序后,我还可以看到用户变量已成功设置。从我读过的文档来看,这似乎是成功会话匹配的标准?
但是,请求仍然收到 401 Unauthorized。
总结:
- 用户在发布凭据/登录后成功通过身份验证。
- 身份验证成功后,用户将重定向到“/”。
- “/”路径回复 401 Unauthorized。
非常感谢任何想法。下面的代码。
const express = require('express');
var bodyParser = require('body-parser');
var session = require('express-session');
var passport = require('passport')
var ActiveDirectoryStrategy = require('passport-activedirectory')
// Setup the authentication strategy
passport.use(new ActiveDirectoryStrategy({
integrated: false,
ldap: {
url: 'ldap://myad.company.com',
baseDN: 'DC=domain,DC=company,DC=com',
username: 'user',
password: 'password'
}
}, function (profile, ad, done) {
ad.isUserMemberOf(profile._json.dn, 'Group', function (err, isMember) {
if (err) return done(err)
return done(null, profile)
})
}));
passport.serializeUser(function(user, done) {
done(null, JSON.stringify(user));
});
passport.deserializeUser(function(user, done) {
done(null, JSON.parse(user));
});
const app = express();
app.use(bodyParser.urlencoded({extended: true}));
app.use(session(
{ secret: "password" }
));
app.use(passport.initialize());
app.use(passport.session());
// For debugging purposes
app.use(function (req, res, next) {
console.log(req)
next()
})
// The login page posts a form containing user and password
app.get("/login", (req, res) => {
res.sendFile(__dirname + '/public/index.html');
})
// Handler for the login page. Receives user and password and redirects the user to /
app.post('/login',
passport.authenticate('ActiveDirectory', {
failWithError: true,
successRedirect: "/",
failureRedirect: "/login"
}
), function(req, res) {
res.json(req.user)
}, function (err) {
res.status(401).send('Not Authenticated')
}
)
// This is where the issue happens. The page returns "Unauthorized".
// Using console.log(req) shows that the user property has been set to the req object.
// However, for some reason it still fails.
app.get('/',
passport.authenticate('ActiveDirectory', {
failWithError: true,
}
), function(req, res) {
res.send("test")
}, function (err) {
res.status(401).send('Not Authenticated')
})
发现我哪里做错了!
.authenticate 方法仅用于验证凭据,不用于验证会话。
所以这个:
app.get('/',
passport.authenticate('ActiveDirectory', {
failWithError: true,
}
), function(req, res) {
res.send("test")
}, function (err) {
res.status(401).send('Not Authenticated')
})
应该变成:
app.get('/', function(req, res, next) {
// This is verifying that the user part has been populated,
// which means that the user has been authenticated.
if (req.user) {
res.send('Returning with some text');
} else {
// If the user property does no exist, redirect to /login
res.redirect('/login');
}
});
我更改的另一件事是 serialize/deserialize 函数:
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
这会删除多余的 serializing/deserializing。
这些文章确实帮助我理解了流程:
- http://toon.io/understanding-passportjs-authentication-flow/
- https://www.airpair.com/express/posts/expressjs-and-passportjs-sessions-deep-dive
希望对其他人有所帮助!
/帕特里克
我正在用 NodeJS 编写我的第一个应用程序,所以请多多包涵。我已经成功地通过我们的 Active Directory 对用户进行身份验证,我可以看到 connect.sid cookie 被设置并用于后续请求。
通过转储 req 对象调试应用程序后,我还可以看到用户变量已成功设置。从我读过的文档来看,这似乎是成功会话匹配的标准?
但是,请求仍然收到 401 Unauthorized。
总结:
- 用户在发布凭据/登录后成功通过身份验证。
- 身份验证成功后,用户将重定向到“/”。
- “/”路径回复 401 Unauthorized。
非常感谢任何想法。下面的代码。
const express = require('express');
var bodyParser = require('body-parser');
var session = require('express-session');
var passport = require('passport')
var ActiveDirectoryStrategy = require('passport-activedirectory')
// Setup the authentication strategy
passport.use(new ActiveDirectoryStrategy({
integrated: false,
ldap: {
url: 'ldap://myad.company.com',
baseDN: 'DC=domain,DC=company,DC=com',
username: 'user',
password: 'password'
}
}, function (profile, ad, done) {
ad.isUserMemberOf(profile._json.dn, 'Group', function (err, isMember) {
if (err) return done(err)
return done(null, profile)
})
}));
passport.serializeUser(function(user, done) {
done(null, JSON.stringify(user));
});
passport.deserializeUser(function(user, done) {
done(null, JSON.parse(user));
});
const app = express();
app.use(bodyParser.urlencoded({extended: true}));
app.use(session(
{ secret: "password" }
));
app.use(passport.initialize());
app.use(passport.session());
// For debugging purposes
app.use(function (req, res, next) {
console.log(req)
next()
})
// The login page posts a form containing user and password
app.get("/login", (req, res) => {
res.sendFile(__dirname + '/public/index.html');
})
// Handler for the login page. Receives user and password and redirects the user to /
app.post('/login',
passport.authenticate('ActiveDirectory', {
failWithError: true,
successRedirect: "/",
failureRedirect: "/login"
}
), function(req, res) {
res.json(req.user)
}, function (err) {
res.status(401).send('Not Authenticated')
}
)
// This is where the issue happens. The page returns "Unauthorized".
// Using console.log(req) shows that the user property has been set to the req object.
// However, for some reason it still fails.
app.get('/',
passport.authenticate('ActiveDirectory', {
failWithError: true,
}
), function(req, res) {
res.send("test")
}, function (err) {
res.status(401).send('Not Authenticated')
})
发现我哪里做错了!
.authenticate 方法仅用于验证凭据,不用于验证会话。
所以这个:
app.get('/',
passport.authenticate('ActiveDirectory', {
failWithError: true,
}
), function(req, res) {
res.send("test")
}, function (err) {
res.status(401).send('Not Authenticated')
})
应该变成:
app.get('/', function(req, res, next) {
// This is verifying that the user part has been populated,
// which means that the user has been authenticated.
if (req.user) {
res.send('Returning with some text');
} else {
// If the user property does no exist, redirect to /login
res.redirect('/login');
}
});
我更改的另一件事是 serialize/deserialize 函数:
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
这会删除多余的 serializing/deserializing。
这些文章确实帮助我理解了流程:
- http://toon.io/understanding-passportjs-authentication-flow/
- https://www.airpair.com/express/posts/expressjs-and-passportjs-sessions-deep-dive
希望对其他人有所帮助!
/帕特里克