Develop Reference

How to use the session from passportjs

I am able to login using passport-local. I want to test if the session created by passport is valid. I am logging in from Angular. When the user logs in, i dont create any manual cookie but see a connect.sid cookie is created. Now from Angular I'm sending another req:
$scope.test = function(){
$http.get('\test').then(function(response){
if(response){
console.log(response);
} else {
console.log("Nothing Returned!");
}
});
}
And in node :
app.use(session({
secret: 'mysecret',
resave: true,
saveUninitialized: true
}));
//Passport Init
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
app.get('\test', function(req, res){
//Tried the following (one at a time) :
var user = req.user;
var user = req[user];
var user = req["user"];
var user = req.session;
console.log(user);
res.send(user);
});
None of the above works. I get res code 200 but nothing in response.data in Angular and nothing in undefined in node console.
Im doing this cause I think :
After user logs in, Passportjs creates session is persisted until its destroyed by logout.
After user logs in, there is no need to create a cookie and send it to Angular. Passport does this automatically.
When Angular sends any request, node can access the session of req and verify with it's own session.
Am I correct with all these 3 points?
Many thanks!
EDIT
My mongoose schema:
var UserSchema = mongoose.Schema({
id : {type:String, default:"abc123"},
username: {type:String, index: true},
password: String,
email: {type:String, unique:true}
});
module.exports = mongoose.model('User', UserSchema);
EDIT 2
Adding output that i get when placed the express session before passport session
EDIT 3
My strategy :
passport.use(new LocalStrategy(
function(username, password, done){
User.findOne({username: username}, function(err, doc){
if(err) {
// console.log(err);
return done(err);
}
return done(null, doc);
});
}
));

You need to change the order, put 'express session' before 'passport session'. It should work this way:
app.use(session({
secret: 'mysecret',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
http://passportjs.org/docs/configure

Are you calling passport.initialize() and passport.session() ?
passport.session is the call that reads the cookie and stores user in req object.
Check this answer for more details: What does passport.session() middleware do?

Passport session disappears after oauth callback

Making a hybrid app with Ionic, Angular, nodejs, etc.
User logs in with email and password and then wants to add 3rd party authentication to their account.
They are serialized into session.
We check, using passport, if they are authorized with 3rd party and if not send them to do so.
When the user comes back to the callback url we don't know who they are anymore because req.session is undefined.
Edit: I've been trying to simplify the code to get to the route of the problem.
// require everything and app.use them
// this is what I'm using for the session config
app.use(session({
secret: 'thisIsASecret',
resave: false,
saveUninitialized: false,
cookie: {secure: true, maxAge: (4*60*60*1000)}
}));
var user = { // simple user model for testing
id: 1,
username: 'username',
password: 'password',
oauthId: null
};
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
done(err, user);
});
// Local Passport
passport.use(new LocalStrategy(function(username, password, done) {
return done(null, user);
}));
app.post('/login', passport.authenticate('local'), function(req, res) {
console.log(req.session); // Prints out session object with passport.user = 1
res.end();
});
// oauth Passport
passport.use(new oauthStrategy({
clientID: ****,
clientSecret: ****,
callbackURL: 'http://localhost:3000/auth/oauth/callback',
passReqToCallback: true
}, function(req, accessToken, refreshToken, profile, done) {
console.log(req.session); // no passport object in session anymore
return done(null, profile);
}));
app.get('/auth/oauth', passport.authorize('oauth'));
app.get('/auth/oauth/callback', passport.authorize('oauth'), function(req, res) {
console.log(req.session); // no passport object in session here either
res.end();
});
On the client side after logging in I use this because the regular http request method doesn't work.
window.location.href = 'http://localhost:3000/auth/oauth';
Edit 2: Ionic doesn't allow sessions apparently. So I found that you can use the state parameter to send a token with the oauth request which comes back to the callback and use that to link the oauth details to the user's account.
app.get('auth/oauth/:token', function(req, res) {
passport.authorize('oauth', {state: req.params.token});
});
The only problem is now it won't redirect to the 3rd party to authorize with them. Just times out...

The solution was to use the route like this, where token is used to identify the user.
app.get('auth/oauth/:token', function(req, res, next) {
passport.authorize('oauth', {state: req.params.token})(req, res, next);
});
Then the token was available in the callback (req.query.state) and we can add the new details to our existing user details.

Create account with social login (facebook) and authenticate it angular-fullstack generator

I'm facing a problema with social signup because its not logging after its created as in local signup. When redirects, api/users/me is not accessible..is unauthorized (401), different from what i get in local signup, that redirects with user information.
in facebook/index.js I have default gets
.get('/', passport.authenticate('facebook', {
scope: ['email', 'user_about_me'],
failureRedirect: '/signup',
session: false
}))
.get('/callback', passport.authenticate('facebook', {
failureRedirect: '/signup',
session: false
}), auth.setTokenCookie);
and in auth.service.js I have the default functions
function isAuthenticated() {
return compose()
// Validate jwt
.use(function(req, res, next) {
// allow access_token to be passed through query parameter as well
if (req.query && req.query.hasOwnProperty('access_token')) {
req.headers.authorization = 'Bearer ' + req.query.access_token;
}
validateJwt(req, res, next);
})
// Attach user to request
.use(function(req, res, next) {
User.findByIdAsync(req.user._id)
.then(function(user) {
//user here is undefined, it shouldn't be. i want to find out why.
if (!user) {
return res.status(401).end();
}
req.user = user;
next();
})
.catch(function(err) {
return next(err);
});
});
}
function signToken(id, role) {
return jwt.sign({ _id: id, role: role }, config.secrets.session, {
expiresInMinutes: 60 * 5
});
}
/**
* Set token cookie directly for oAuth strategies
*/
function setTokenCookie(req, res) {
if (!req.user) {
return res.status(404).send('Something went wrong, please try again.');
}
var token = signToken(req.user._id, req.user.role);
res.cookie('token', token);
res.redirect('/');
}
Could anyone help me with this...Am I missing something?
Thanks in advance.

I had the similar issue. I had modified Angular full-stack code with a customizable backend URL.
https://github.com/kannach/AFSPhonegap/blob/master/client/components/services/config.service.js
I was testing the facebook login in localhost, whereas my backend url was pointing to my production server. Once I chanded the backed url to localhost, then everything worked as expected

Trouble with getting data from nodejs/express because of CORS

Solution here: Trouble with getting data from nodejs/express because of CORS
So i have a problem with getting data from nodejs/express because of CORS.
I'm getting error something like this (sorry, error i translated with google):
Query from an external source is blocked: one source of policy prohibits reading remote resource on http://localhost:8080/api/login. (Cause: Failed to query CORS).
I'm trying to send query with angular $http.post
$http.post($rootScope.api + 'login', {
email: form.email.$viewValue,
password: form.password.$viewValue
}).then(function(data) {
console.log(data.data);
});
Here is my server code (i cut some code, because i think it not important):
/* some nodejs requires */
var cors = require('express-cors');
mongoose.connect('mongodb://localhost:27017/batarindashboard');
require('./config/passport')(passport);
/* some express settings */
app.use(cors({
allowedOrigins: [
'localhost:*', '127.0.0.1:*'
]
}));
var port = process.env.PORT || 8080;
var router = express.Router();
router.use(function(req, res, next) {
console.log('Something is happening');
next();
});
/* sign up api */
router.post('/login', passport.authenticate('local-login', {
failureRedirect : '/api/passport_message',
failureFlash : true
}), function(req, res) {
res.json({
'message': 'You successfully signed in!'
});
});
/* passport_message api */
/* is_logged_in api */
/* logout api */
app.use('/api', router);
app.listen(port);
console.log('Magic happens on port ' + port);
And passport file (maybe problem is here. Why not?)
var LocalStrategy = require('passport-local').Strategy;
var User = require('./../app/models/user');
module.exports = function(passport) {
/* some serialize deserialize code */
/* sign up strategy */
passport.use('local-login', new LocalStrategy({
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true
}, function(req, email, password, done) {
User.findOne({
'local.email':email
}, function(err, user) {
if(err) return done(err);
if(!user) {
return done(null, false, req.flash('message', 'No user found.'));
}
if(!user.validPassword(password)) {
return done(null, false, req.flash('message', 'Oops! Wrong password.'));
}
return done(null, user);
})
}))
};

passportjs and backbone: authenticating users

Currently I been using a chrome app called Postman to test my services from nodejs/express/passportjs.
Currently I'm having trouble wrapping my head around how I should grab the user info and authenticate it with backbone.
I would try to authenticate the user like so:
$.post("http://localhost:3000/login", { username: "joe", password: "pass" })
.done(function(data) {
console.log(data)
//try to pull a service that's protected by passport
})
.fail(function(data) {
console.log(data)
})
Which is not working at all when it's successful. Its giving the 500 error I set for when someone isn't logged in.
Any particular direction I should be going in to manage authentication with passportjs in backbone?

The 500 error means some part of the code in the server is not working properly.
You can send the logged in user from express using passport. You can follow the following example.
var app = express();
var login = require('./routes/login');
app.post('/login',
passport.authenticate('local', { successRedirect: '/',
failureRedirect: '/login',
failureFlash: true }),
login.login);
where your login.js file may look like this
exports.login = function (req, res) {
res.json(req.user);
}
the authenticate process of passport populates user variable in request (req) with the logged in user.
Please note, you have to use cookie parser and session of express to make the passport session working. e.g.,
app.use(express.cookieParser());
app.use(express.session({ secret: 'keyboard cat' }));
your local authentication may look like the following (say you have a function that finds user by username (findByUsername)).
passport.use(new LocalStrategy({
usernameField: 'username',
passwordField: 'password'
},
function(username, password, done) {
// asynchronous verification, for effect...
process.nextTick(function () {
// Find the user by username. If there is no user with the given
// username, or the password is not correct, set the user to `false` to
// indicate failure and set a flash message. Otherwise, return the
// authenticated `user`.
findByUsername(username, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
if (user.password != password) { return done(null, false, { message: 'Invalid password' }); }
return done(null, user);
})
});
}
));