req.session.passport 和 req.user 为空,从不调用 serializeUser 和 deserializeUser

req.session.passport and req.user empty, serializeUser and deserializeUser are never called

我将 Express (v4.11.2) 与 Passport 结合使用,以支持多个提供商(本地、facebook、twitter 和 google)访问我正在构建的 Web 应用程序。作为后端,我使用 mysql。现在我有两个本地策略:local-signup 和 local-signin。我遇到的问题是 req.session.passport 和 req.user 总是空的,事实上,永远不会调用 serializeUser 和 deserializeUser。

这里是快递和护照的设置:

var bodyParser = require('body-parser');
var session = require('express-session');
var MemoryStore = session.MemoryStore;
var _ = require('underscore');
var passport = require('passport');

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
    key: 'KEY',
    secret: 'SECRET331156%^!fafsdaasd',
    store: new MemoryStore({reapInterval: 60000 * 10}),
    saveUninitialized: true,
    resave: false
}));
app.use(passport.initialize());
app.use(passport.session());
require('./config/passport')(passport); // pass passport for configuration

这是带有身份验证策略的护照文件:

module.exports = function (passport) {
    passport.serializeUser(function (user, done) {
        logger.info('SERIALIZE USER');
        done(null, user.id);
    });

    passport.deserializeUser(function (id, done) {
        logger.info('DESEIRALIZE USER!');
        mysqllib.getConnection(function (err, connection) {
            if (err) {
                done(err);
            }
            var sql = "SELECT * FROM users WHERE idusers = ?";
            logger.info('sql: ' + sql);
            connection.query(sql, [id], function (err, rows) {
                connection.release();
                var user = {};
                user.id = rows[0].idusers;
                done(err, user.id);
            });
        });
    });

    passport.use('local-signup', new LocalStrategy({
            usernameField: 'email',
            passwordField: 'password',
            passReqToCallback: true // allows us to pass back the entire request to the callback
        },
        function (req, email, password, done) {
            logger.info('CALLING local-signup');
            var firstname = req.body.firstname;
            var lastname = req.body.lastname;
            var role = req.body.role;
            mysqllib.getConnection(function (err, connection) {
                var sql = "INSERT INTO users VALUES(0, ?, ?, ?, ?, null, ?, 0, null, null, null, null, null, null, 0, 0)";
                logger.info('sql: ' + sql);
                connection.query(sql, [email, password, firstname, lastname, role], function (err, rows) {
                    connection.release();
                    if (err) {
                        if (err.code == 'ER_DUP_ENTRY') {
                            logger.info('er_dup_entry');
                            return done(err);
                        } else {
                            logger.info('general err');
                            return done(err);
                        }
                    } else {
                        logger.info('everything is OK!');
                        var user = {};
                        user.id = rows.insertId;
                        req.session.user_auth = user.id;
                        return done(null, user);
                    }
                });
            });
        }));

    passport.use(
        'local-login',
        new LocalStrategy({
                usernameField: 'email',
                passwordField: 'password',
                passReqToCallback: true // allows us to pass back the entire request to the callback
            },
            function (req, email, password, done) { 
                mysqllib.getConnection(function (err, connection) {
                    if (err) {
                        logger.info('getConnection: ' + err);
                        return done(err);
                    }
                    var sql = "SELECT idusers, first_name, last_name, email, phone, dob, address, role, photo1, photo2, photo3, photo4, phonevalidated, uservalidated FROM users WHERE email = " + connection.escape(email) + " AND password = " + connection.escape(password);
                    connection.query(sql, function (err, rows) {
                        connection.release();
                        if (err) {
                            logger.error("select user", err);
                            return done(err);
                        } else if (rows.length) {
                            var user = rows[0];
                            user.id = rows[0].idusers;
                            return done(null, user);
                        } else {
                            logger.warn('Incorrect Login credentials, username: ' + email + ' password: ' + password);
                            return done(null, false, {message: 'unauthorized'});
                        }
                    });
                });
            })
    );
};

最后,这是我在快速路线中使用这些策略的方式:

app.post('/login', function (req, res, next) {
    passport.authenticate('local-login', function (err, user, info) {
        if (err) {
            mysend(res, 500, 'Ups. Something broke!');
        } else if (info) {
            mysend(res, 401, 'unauthorized');
        } else {
            mysend(res, 200, JSON.stringify(user));
            logger.info(req.user);
            logger.info(req.session);
        }
    })(req, res, next);
});

一切正常,即使在策略中我也可以像这样在会话中设置用户 ID 的值:

req.session.user_id = user.id

并继续手动使用它,但我真的不明白为什么没有调用 serializeUser 和 deserializeUser。

您需要在 custom callback 中调用 req.login(),然后调用 serializeUser 并将用户对象设置为会话:

app.post('/login', function (req, res, next) {
    passport.authenticate('local-login', function (err, user, info) {
        if (err) {
            mysend(res, 500, 'Ups. Something broke!');
        } else if (info) {
            mysend(res, 401, 'unauthorized');
        } else {
            req.login(user, function(err) {
                if (err) {
                    mysend(res, 500, 'Ups.');
                } else {
                    mysend(res, 200, JSON.stringify(user));
                }
            }
        }
    })(req, res, next);
});