PassportJS 会话不适用于自定义回调

PassportJS Session doesn't working with custom callback

下面针对 passport.js 的自定义回调似乎不起作用,无论我做什么。

app.post('/login', function(req, res, next) {
  passport.authenticate('local', function(err, users, info) {
    console.log(users);
    if (user === false) {
      console.log('Failed!');
    } else {
      res.redirect('/');
    }
  })(req, res, next);
});

如果我将其更改为“喜欢”,则结果与预期的一样。

app.post("/login" 
    ,passport.authenticate('local',{
        successRedirect : "/",
        failureRedirect : "/login",
    })
);

我还注意到,在使用自定义回调时,甚至 passport.serializeUserpassport.deserializeUser 也不会被 passport.js 调用。

这是什么错误还是我做错了什么??

我的本地策略:

    passport.use('local-sigin',new LocalStrategy({
    // by default, local strategy uses username and password, we will override with email
    usernameField : 'email',
    passwordField : 'password',
    passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form
    console.log('Passport Strategy Sign in:');
    // find a user whose email is the same as the forms email
    // we are checking to see if the user trying to login already exists
    User.findOne({ 'email' : email }, function(err, user) {
        // if there are any errors, return the error before anything else
        if (err)
            return done({status:'ERROR',message:'Something went wrong!'});

        // if no user is found, return the message
        if (!user)
            return done({status:'ERROR',message:'No user found.'}, false);

        // if the user is found but the password is wrong
        if (!user.validPassword(password))
            return done({status:'ERROR',message:'Oops! Wrong password.'}, false);

        // all is well, return successful user
        return done({status:'OK',message:'Login success.'}, user);
    });
}));

我猜测“不起作用”是指用户从未登录过。

首先,您的本地策略被命名为 'local-sigin',但是在 POST 到“/login”时,您正在调用 'local' 策略,该策略可能不存在:

passport.use('local', new LocalStrategy({

将您的策略​​名称更改为一致(反之亦然!):

passport.authenticate('local'

其次,您的 'local' 身份验证回调有一个参数 users(复数),但您正试图在其主体内访问 user(单数),这意味着 user未定义且 user === false 在严格相等的情况下为假:

app.post('/login', function(req, res, next) {
  passport.authenticate('local', function(err, user, info) {
                                            // ^^^^
    console.log(user);
    if (!user) {
      console.log('Failed!');
    } else {
      res.redirect('/');
    }
  })(req, res, next);
});

最后,当身份验证成功时,您永远不会让用户登录。为用户创建会话不是自动的,您必须调用 req#login:

Passport exposes a login() function on req (also aliased as logIn()) that can be used to establish a login session.

让我们将其添加到您的身份验证回调中:

app.post('/login', function(req, res, next) {
  passport.authenticate('local', function(err, user, info) {
    console.log(user);
    if (!user) {
      console.log('Failed!');
    } else {
      req.login(user, function (err) {
          if(err) {
            console.log(err);
            return;
          }
          res.redirect('/');
      });
    }
  })(req, res, next);
});

看看 Passport docs,他们详细解释了这些过程如何工作以及如何实施它们。