问题
I am trying to access a passport protected page of my Express.js app with a Phantom.js script.
How can I simulate a logged in user without knowing the passport?
I am using Passport.js as a auth library with LocalStrategy and MongoStore to safe the sessions in the mongo database. I am wondering if I can create a record in the sessions collection and set a generated cookie with Phantom.js (phantom.addCookie(...)) to simulate a specific logged in user without the password of the user?
Can I generate the content of the of the connect.sid cookie for a specific user in the backend and add it to phantom.js in order to simulate a logged in user?
Findings:
I figured out that Passport.js uses the Cookie-Signature node module to sign the cookie content and I assume Express.js uses the Connect cookie and session middleware to handle the cookie and session creation and insert them into the HTTP headers.
回答1:
using javascript, you should be able to fill in your login fields and submit. (simulating a user login, not trying to recreate a login cookie)
that would probably be your best bet.
for how to fill in forms, see: How to fill in form field, and submit, using javascript? Automatic form fill using javascript
来源:https://stackoverflow.com/questions/21982791/opening-password-protected-site-passport-js-with-phantom-js-by-setting-cookie