javascript – PassportJS和Express 4无法正确保存cookie /会话

我有一个使用Express 4和Passport 0.3.2的应用程序.我已经设置了一个护照本地策略,在/ session端点发送用户名和密码时获取正确的用户信息.

但是,用户信息永远不会正确保存.因此,req.user总是在所有侦听器中都未定义,而req.isAuthenticated()始终返回false.

我已经看到其他帖子经常发现中间件设置的顺序问题,但是我已经以正确的方式订购它们,所以我不知道从哪里开始.

这是我的/ session会话监听器:

app.post("/session",
    passport.authenticate('local'),
    (req: any, res: any) => {
        // if we reach this point, we authenticated correctly
        res.sendStatus(201);
    }
);

这是我的LocalStrategy设置:

passport.use(new LocalStrategy(
    (username, password, done) => {
        let users = userRepository.getAll();

        let usernameFilter = users.filter(u => u.getUsername() === username);
        if (!usernameFilter || usernameFilter.length !== 1) {
            return done(null, false, { message: 'Incorrect username.' });
        }

        if (!password || password !== "correct") {
            return done(null, false, { message: 'Incorrect password.' });
        }

        return done(null, usernameFilter[0]);
    }
));

这是我的应用设置:

let app = express();
app.use(cookieParser());
app.use(bodyParser.json());
app.use(expressSession({
    secret: 'my secret key',
    resave: true,
    saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());

我使用以下依赖版本:

"body-parser": "^1.15.1",
"cookie-parser": "^1.4.3",
"express": "^4.13.4",
"express-session": "^1.13.0",
"passport": "^0.3.2",
"passport-local": "^1.0.0"

我已经为我的POST /会话添加了回调,但是会引发错误.这是我的回调:

app.post("/session",
    passport.authenticate('local', {
      session: false
    }),
    (req: express.Request, res: express.Response) => {
        req.logIn(req.user, (err: any) => {
            if (err)
                throw err;
        });

        // if we reach this point, we authenticated correctly
        res.sendStatus(201);
    }
);

我抛出以下错误:

Error: Failed to serialize user into session

最佳答案 来自护照文件:

Note that when using a custom callback, it becomes the application’s responsibility to establish a session (by calling req.login()) and send a response.

啊,好,我们正在取得进展.您必须配置通行证以序列化和反序列化用户信息.有关信息,请参见this.应该注意,您将使用您自己的数据库访问对象替换User.

点赞