护照+防爆press4没有得到使用Ajax时进行身份验证护照、身份验证、Ajax
我哈瓦问题尤斯护照:我不能够调用我的自定义端点时,检查是否有用户进行身份验证
I hava an issue ussing Passport: I'm not being able to check if a user is authenticated when calling my custom endpoints.
我在下面的方式配置我的前press4应用:
I have configured my Express4 application in the following way:
app.use(morgan('dev')); // log every request to the console
app.use(cookieParser()); // read cookies (needed for auth)
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
// required for passport
app.use(session({ secret: 'secretphrase' })); // session secret
app.use(passport.initialize());
app.use(passport.session()); // persistent login sessions
app.use(checkAuth); // CHECK SESSION
app.use(flash()); // use connect-flash for flash messages stored in session
app.use(prepareRequests);
在checkAuth()中间件具有以下code:
The checkAuth() middleware has the following code:
var checkAuth = function(request, response, next) {
console.log("------------");
console.log("checkAuth user: " + request.session.passport.user);
console.log("checkAuth isAuthenticated: " + request.isAuthenticated());
next();
}
我第一次尝试登录与护照,isAuthenticated是假的。当我登录,每次打电话我做我的服务器,通过thorugh我的中间件时,isAuthenticated是假的太多!但是,奇怪的是,如果我尝试重新登录,isAuthenticated是真实的。
The first time I try to login with passport, isAuthenticated is false. Once I'm logged in, every call I do to my server, when passing thorugh my middleware, isAuthenticated is false too!!! But, the strange thing is that if I try to login again, isAuthenticated is true.
这意味着,只有我的AJAX调用返回isAuthenticated =假的,但是当我做好了这部表单POST或点击链接到API,它返回true!则会话被存储,但不为AJAX请求
That means that only my AJAX calls return isAuthenticated = false, but when I maka a form post or click on a link to the API, it return true! Then the session is stored, but not for the AJAX request.
我在做什么错了?是饼干不是被传递?
What I'm doing wrong? Are the cookies not being passed?
推荐答案
看来,说话Dropped.on.Caprica帮助我找到解决办法......
Seems that talking to Dropped.on.Caprica helps me to find the solution....
在登录并成功地保存会话的服务器。但是,那么,您必须通过该cookie( withCredentials = TRUE )由前preSS以下AJAX请求创建。 如果正在使用JQuery,以下列方式:
The server was logged in and saving the session succesfully. But, then, you must pass the cookie (withCredentials = true)created by Express in the following AJAX request. If you are using JQuery, in the following way:
$.ajax({
url: 'http://127.0.0.1:3003/users/me',
type: 'GET',
xhrFields: {
withCredentials: true
}}).done(function() {
alert( "done" );
});
如果你是不是:
var request = window.XDomainRequest ? new XDomainRequest() : new XMLHttpRequest();
var pda;
request.withCredentials = true;
然后,在每一个电话,在你的Node.js服务器,请求request.isAuthenticated()将返回正确的价值!
Then, on every call, in your Node.JS server, asking for request.isAuthenticated() will return the right value!!!
其他提示: 不要忘了修改响应头的防爆preSS响应,使凭据并指定原点,使其在铬工作:
Other tip: Don't forget to modify your response headers in the Express response to allow credentials and specify the origin to make it work in Chrome:
response.header("Access-Control-Allow-Credentials", "true");
response.header("Access-Control-Allow-Origin", "http://127.0.0.1:3008");
