如果密码错误,则登录时,想要使用 passport-local-mongoose 呈现 login.ejs 而不是显示 "unauthorized" 的页面
While Login if password is wrong, want to render login.ejs instead of page that says "unauthorized" using passport-local-mongoose
我正在尝试学习如何使用 passport、passport-local、passport-local-mongoose、express-session。
我想要的是当密码不正确时,应该呈现 login.ejs 。但是,它显示一条消息“未授权”而不是呈现 login.ejs。我无法弄清楚我哪里出错了或者我应该在哪里进行更改以便页面呈现 login.ejs .
login.ejs
(我使用 bootstrap v5.0 进行表单验证)
<%-include("partials/header.ejs")%>
<div class="sign-heading"><h1>Login</h1></div>
<div class="sign">
<form action="/login" method="POST" class="needs-validation" novalidate>
<div class="mb-3">
<label for="InputUsername" class="form-label">Username</label>
<% if (!exists) { %>
<input type="text" class="form-control is-invalid" id="InputUsername" name="username" required>
<div class="invalid-feedback">
Wrong username and password.
</div>
<% }else{ %>
<input type="text" class="form-control" id="InputUsername" name="username" required>
<% } %>
</div>
<div class="mb-3">
<label for="InputPassword" class="form-label" >Password</label>
<input type="password" class="form-control" id="InputPassword" name="password" required>
</div>
<div class="pb-3"></div>
<button type="submit" class="btn btn-primary">Register</button>
</form>
</div>
<%-include("partials/footer.ejs")%>
app.js
const bodyParser = require("body-parser");
const mongoose = require("mongoose");
const session=require("express-session");
const passport= require("passport");
const passportLocalMongoose=require("passport-local-mongoose");
const app=express();
app.use(bodyParser.urlencoded({extended:true}));
app.use(express.static(__dirname+"/public"));
app.set('view engine', 'ejs');
app.use(session({
secret: 'This is my personal diary.',
resave: false,
saveUninitialized: false,
}));
app.use(passport.initialize());
app.use(passport.session());
mongoose.connect("mongodb://localhost:27017/diaryDB",{useNewUrlParser:true, useUnifiedTopology: true });
mongoose.set("useCreateIndex",true);
const entrySchema=new mongoose.Schema({
title: String,
body: String
});
const diarySchema=new mongoose.Schema({
username:String,
password:String,
entry: [entrySchema]
});
diarySchema.plugin(passportLocalMongoose);
const Entry=mongoose.model("Entry",entrySchema);
const Diary=mongoose.model("Diary",diarySchema);
passport.use(Diary.createStrategy());
passport.serializeUser(Diary.serializeUser());
passport.deserializeUser(Diary.deserializeUser());
app.get("/",function(req, res){
res.render("home",{});
});
app.get("/register",function(req, res){
res.render("register",{exists:false});
});
app.post("/register", function(req, res){
let username=req.body.username;
let password=req.body.password;
Diary.register({username:username},password,function(err,diary){
if(err){
res.render("register",{exists:true});
}
else{
passport.authenticate("local")(req,res,function(){
res.redirect("/diary/"+username);
});
}
});
});
app.get("/login",function(req, res){
res.render("login",{exists:true});
});
app.post("/login",function(req,res){
let username=req.body.username;
let password=req.body.password;
Diary.findOne({username:username},function(err,diary){
if(diary){
req.login(diary,function(err){
if(err){
console.log(err);
res.redirect("login",{exists:false});
}
else{
passport.authenticate("local")(req,res,function(){
res.redirect("/diary/"+diary.username);
});
}
});
}else{
res.render("login",{exists:false});
}
});
});
app.get("/diary/:customName",function(req, res){
let customName=req.params.customName;
if(req.isAuthenticated()){
res.render("diary",{username:customName});
}else{
res.redirect("/login");
}
});
app.get("/write",function(req, res){
res.render("write",{});
});
app.get("/entry",function(req, res){
res.render("entry",{});
});
app.get("/delete",function(req, res){});
app.get("/logout",function(req,res){
req.logout();
res.redirect("/");
});
app.listen(3000,function(){
console.log("Server has started.");
});
只是“/login”
app.get("/login",function(req, res){
res.render("login",{exists:true});
});
app.post("/login",function(req,res){
let username=req.body.username;
let password=req.body.password;
Diary.findOne({username:username},function(err,diary){
if(diary){
req.login(diary,function(err){
if(err){
console.log(err);
res.redirect("login",{exists:false});
}
else{
passport.authenticate("local")(req,res,function(){
res.redirect("/diary/"+diary.username);
});
}
});
}else{
res.render("login",{exists:false});
}
});
});
您需要检查用户凭据是否正确,如果是,则继续,如果不正确,则使用适当的消息重新呈现登录屏幕
这是我在我的一个项目中所做的,比如 practo
router.post("/emailsignin", (req, res, next) => {
let errors = [];
USer.findOne({ email: req.body.email })
.then((user) => {
if (!user) {
req.flash("error_msg", "email is not registered please signup");
res.redirect("/users/signup");
}
if (user) {
bcrypt.compare(req.body.password, user.password, function (err, res) {
if (res) {
} else {
errors.push({ msg: "Wrong Password" });
}
});
if (user.role === "doctor") {
return passport.authenticate("local", {
successRedirect: "/users/doctorDetails",
failureRedirect: "/users/emailsignin",
success_msg: req.flash("success_msg", "successfully logged in"),
failureFlash: true,
successFlash: true,
})(req, res, next);
}
if (user.role === "admin") {
return passport.authenticate("local", {
successRedirect: "/users/admin",
failureRedirect: "/users/emailsignin",
success_msg: req.flash("success_msg", "successfully logged in"),
failureFlash: true,
successFlash: true,
})(req, res, next);
} else {
req.session.name = user.name;
return passport.authenticate("local", {
successRedirect: "/",
success_msg: req.flash("success_msg", "successfully logged in"),
failureRedirect: "/users/emailsignin",
error_msg: req.flash("error_msg", "password or email is wrong"),
failureFlash: true,
// successFlash: "Welcome!",
})(req, res, next);
}
} else {
console.log("error");
}
})
.catch((err) => console.log(err));
});
这里先检查数据库中是否存在邮箱id
如果是,则检查密码是否正确,如果不正确,则使用闪现消息推送错误消息
如果一切顺利,则相应地登录
我正在尝试学习如何使用 passport、passport-local、passport-local-mongoose、express-session。 我想要的是当密码不正确时,应该呈现 login.ejs 。但是,它显示一条消息“未授权”而不是呈现 login.ejs。我无法弄清楚我哪里出错了或者我应该在哪里进行更改以便页面呈现 login.ejs .
login.ejs (我使用 bootstrap v5.0 进行表单验证)
<%-include("partials/header.ejs")%>
<div class="sign-heading"><h1>Login</h1></div>
<div class="sign">
<form action="/login" method="POST" class="needs-validation" novalidate>
<div class="mb-3">
<label for="InputUsername" class="form-label">Username</label>
<% if (!exists) { %>
<input type="text" class="form-control is-invalid" id="InputUsername" name="username" required>
<div class="invalid-feedback">
Wrong username and password.
</div>
<% }else{ %>
<input type="text" class="form-control" id="InputUsername" name="username" required>
<% } %>
</div>
<div class="mb-3">
<label for="InputPassword" class="form-label" >Password</label>
<input type="password" class="form-control" id="InputPassword" name="password" required>
</div>
<div class="pb-3"></div>
<button type="submit" class="btn btn-primary">Register</button>
</form>
</div>
<%-include("partials/footer.ejs")%>
app.js
const bodyParser = require("body-parser");
const mongoose = require("mongoose");
const session=require("express-session");
const passport= require("passport");
const passportLocalMongoose=require("passport-local-mongoose");
const app=express();
app.use(bodyParser.urlencoded({extended:true}));
app.use(express.static(__dirname+"/public"));
app.set('view engine', 'ejs');
app.use(session({
secret: 'This is my personal diary.',
resave: false,
saveUninitialized: false,
}));
app.use(passport.initialize());
app.use(passport.session());
mongoose.connect("mongodb://localhost:27017/diaryDB",{useNewUrlParser:true, useUnifiedTopology: true });
mongoose.set("useCreateIndex",true);
const entrySchema=new mongoose.Schema({
title: String,
body: String
});
const diarySchema=new mongoose.Schema({
username:String,
password:String,
entry: [entrySchema]
});
diarySchema.plugin(passportLocalMongoose);
const Entry=mongoose.model("Entry",entrySchema);
const Diary=mongoose.model("Diary",diarySchema);
passport.use(Diary.createStrategy());
passport.serializeUser(Diary.serializeUser());
passport.deserializeUser(Diary.deserializeUser());
app.get("/",function(req, res){
res.render("home",{});
});
app.get("/register",function(req, res){
res.render("register",{exists:false});
});
app.post("/register", function(req, res){
let username=req.body.username;
let password=req.body.password;
Diary.register({username:username},password,function(err,diary){
if(err){
res.render("register",{exists:true});
}
else{
passport.authenticate("local")(req,res,function(){
res.redirect("/diary/"+username);
});
}
});
});
app.get("/login",function(req, res){
res.render("login",{exists:true});
});
app.post("/login",function(req,res){
let username=req.body.username;
let password=req.body.password;
Diary.findOne({username:username},function(err,diary){
if(diary){
req.login(diary,function(err){
if(err){
console.log(err);
res.redirect("login",{exists:false});
}
else{
passport.authenticate("local")(req,res,function(){
res.redirect("/diary/"+diary.username);
});
}
});
}else{
res.render("login",{exists:false});
}
});
});
app.get("/diary/:customName",function(req, res){
let customName=req.params.customName;
if(req.isAuthenticated()){
res.render("diary",{username:customName});
}else{
res.redirect("/login");
}
});
app.get("/write",function(req, res){
res.render("write",{});
});
app.get("/entry",function(req, res){
res.render("entry",{});
});
app.get("/delete",function(req, res){});
app.get("/logout",function(req,res){
req.logout();
res.redirect("/");
});
app.listen(3000,function(){
console.log("Server has started.");
});
只是“/login”
app.get("/login",function(req, res){
res.render("login",{exists:true});
});
app.post("/login",function(req,res){
let username=req.body.username;
let password=req.body.password;
Diary.findOne({username:username},function(err,diary){
if(diary){
req.login(diary,function(err){
if(err){
console.log(err);
res.redirect("login",{exists:false});
}
else{
passport.authenticate("local")(req,res,function(){
res.redirect("/diary/"+diary.username);
});
}
});
}else{
res.render("login",{exists:false});
}
});
});
您需要检查用户凭据是否正确,如果是,则继续,如果不正确,则使用适当的消息重新呈现登录屏幕
这是我在我的一个项目中所做的,比如 practo
router.post("/emailsignin", (req, res, next) => {
let errors = [];
USer.findOne({ email: req.body.email })
.then((user) => {
if (!user) {
req.flash("error_msg", "email is not registered please signup");
res.redirect("/users/signup");
}
if (user) {
bcrypt.compare(req.body.password, user.password, function (err, res) {
if (res) {
} else {
errors.push({ msg: "Wrong Password" });
}
});
if (user.role === "doctor") {
return passport.authenticate("local", {
successRedirect: "/users/doctorDetails",
failureRedirect: "/users/emailsignin",
success_msg: req.flash("success_msg", "successfully logged in"),
failureFlash: true,
successFlash: true,
})(req, res, next);
}
if (user.role === "admin") {
return passport.authenticate("local", {
successRedirect: "/users/admin",
failureRedirect: "/users/emailsignin",
success_msg: req.flash("success_msg", "successfully logged in"),
failureFlash: true,
successFlash: true,
})(req, res, next);
} else {
req.session.name = user.name;
return passport.authenticate("local", {
successRedirect: "/",
success_msg: req.flash("success_msg", "successfully logged in"),
failureRedirect: "/users/emailsignin",
error_msg: req.flash("error_msg", "password or email is wrong"),
failureFlash: true,
// successFlash: "Welcome!",
})(req, res, next);
}
} else {
console.log("error");
}
})
.catch((err) => console.log(err));
});
这里先检查数据库中是否存在邮箱id
如果是,则检查密码是否正确,如果不正确,则使用闪现消息推送错误消息
如果一切顺利,则相应地登录