Passport authentication not working in sails.js application

Question

I have a Sails JS application. I am trying to setup authentication using Passport.js authentication layer sails-generate-auth. I have configured my app by following the step

Answer 1

The above answer provides useful information. I want to elaborare on that.

sails-generate-auth, by default doesn't deny access to controllers if the user is not logged in. For that, you can create another policy in api/policies/. For example: create sessionAuth policy as follows:

module.exports = function(req, res, next) {
  if (req.user) {
    return next();
  }

  return res.forbidden('You are not permitted to perform this action.');
};

Instead of showing forbidden page, you can also render login page. For that you need access to AuthController.login. So, add the policies in config/policies as follows:

'*': ['passport', 'sessionAuth'],

'auth': {
  '*': ['passport']
}

This helps to restrict access all the controllers except auth controllers such as login, logout and register, if the user is not logged in.

Answer 2

Passport doesn't have a policy to deny access to a controller. For this, you have to create another policy.

See this link for more details.