passport.js

问题 I am using passport.js + passport-facebook-token to secure my API build with Strongloop's Loopback Framework. Why is passport serializing the deserialized user again after it has successfully been deserialized? Also the passport.authenticate method is called on every request! What am I doing wrong? Here is node's log: deserializeUser, id: XXXXXXXXXXXXXXXX User found. serializeUser, id: XXXXXXXXXXXXXXXX GET /api/events?access_token

问题 In my app I am only using app.use(express.json()); app.use(express.urlencoded()); and not app.use(express.bodyParser()); so that I can manually parse file uploads. It seems that this line app.use(passport.session()); stops formidable from triggering file events: form.on('file', function(name, file) { //never called }); How can I use passport session and not clash with formidable file event? 回答1: Looks like they've added a way to fix this. Using app.use(passport.session({pauseStream: true}));

问题 My app use Express and AngularJS. I'm using express to handle basic web seving of the angular code via static. The angular code uses services that hit API endpoints hosted by express. I only want the API endpoints to be accessible after a user has authenticated. How can I accomplish this via PassportJS? 回答1: I have uploaded an Angular-Express project on github that I have been working on. It is still work in progress. I hope it helps. It uses PassportJs for user authentication and is a basic

问题 I use Passport.js in Node.js to create a login system. Everything is ok, but I do not know how to reset user password when they forget their password or they want to change it. User model in MongoDB var UserSchema = new Schema({ email: String, username: String, provider: String, hashed_password: String, salt: String, }); 回答1: Didn't really like the idea of hitting my database to store tokens, especially when you want to be creating and verifying tokens for many actions. Instead I decided to

问题 Background I have a MEAN application with CRUD capabilities fully tested with postman. I have been trying to persist login for quite some time now with no luck. I have read and tried the following passport docs toon io's blog about login Express session Scotch io, node auth made easy Plus a buch of other light reading materials (Lots of SO questions) But I have only been able to register and log a user in, not persist login with a session. My App Here is a link to the full github repo (if you

问题 I'm building a Node application in which the users must register or login, then when they drag and drop some elements (the front end is all working) I store on the database their action with their corresponding userId. My understanding is that once they are registered/logged in, I can use the req.user to access their id and correctly store their actions, however it isn't working. Here is the section of my server.js file that deals with Passport. Also, I'm using Sequelize as an ORM, but

问题 Is there any way to directly access the req object in supertest , while/after the request is being tested? I want to test my passport strategies, so I want to check req.user , req.session , and perhaps others. I know I can test page redirects or flash, as those are what my strategies do, but it seems useful to see if there is a user on the req object, as well. If I do this, I can also check how many users there are at any one time. I will sign users up with the "local-signup" strategy, which

问题 Is there any way to directly access the req object in supertest , while/after the request is being tested? I want to test my passport strategies, so I want to check req.user , req.session , and perhaps others. I know I can test page redirects or flash, as those are what my strategies do, but it seems useful to see if there is a user on the req object, as well. If I do this, I can also check how many users there are at any one time. I will sign users up with the "local-signup" strategy, which

问题 I have a route that needs to be used by authenticated and unauthenticated users. I use @UseGuards(AuthGuard('jwt')) to enable authentication but it prevents any unauthenticated user to access the route (normal). How can I allow unauthenticated users to also access the route ? It seems that there's no options that I can pass to AuthGuard in order to retrieve them in my passport strategy. 回答1: You can just create your own AuthGuard for example by extending the existing one: export class

问题 I'm trying to do this since a lot of days but all my tests fails... Users on my platform connect them by using passportjs strategies (paypal, facebook, google...). When the user is connected I write his nickname on the right in the header. The html code of the header is generated from a handlebars template, and when this partial is served by expressjs, I send the req.user session object to the template in order to write nickname and other informations... By the way, this works great but I