I have implemented a basic authentication system using NodeJS, Passport and Session. It is working properly, and I am testing it in heroku. However recently I discovered the following:
When I type: www.domainname.com/loginpage, it checks if the user is authenticated and redirects to homepage if not as it is supposed to.
However, when I type www.domainname.com/loginpage.html, it does not check if the user is authenticated and directly displays the home page.
I am relatively new so I am probably missing something quite basic. In short, how do I prevent server to return content when .../loginpage.html is called without authentication?
Here is my routes.js
module.exports = function(app, userModel, roomModel, bcrypt, sequelize, passport, passportLS){
passport.serializeUser(function(user, done) { done(null, user.id); });
passport.deserializeUser(function(id, done) {
idInput = id;
userModel.findOne({
where: {id: idInput}
}).then(function(user) {
done(null, user);
});
});
passport.use('login', new passportLS( {passReqToCallback : true},
function(request, usernameInput, passwordInput, done) {
userModel.findOne({
where: {username: usernameInput}
}).then(function(user) {
if(!user){ console.log('userNotFound'); return done(null,false, { message: 'User not found' }); } //, 'User not found'
bcrypt.compare(passwordInput, user.password, function(err, res){
if(res == false){ return done(null,false, { message: 'Wrong password' }); } //, 'Wrong password' { message: 'Incorrect password.' }
return done(null, user);
});
});
})
);
function isAuthenticated(request, response, next) {
console.log('isauthenticated:'+request.isAuthenticated());
if (request.isAuthenticated()){return next();}
else{response.redirect('/');}
}
app.post('/login',
function(request, response, next) {
//console.log(request.session)
passport.authenticate('login',
function(err, user, info) {
if(!user){ response.send(info.message);}
else{
request.login(user, function(error) {
if (error) return next(error);
console.log("Request Login supossedly successful.");
return response.send('Login successful');
});
//response.send('Login successful');
}
})(request, response, next);
}
);
app.use('/home', isAuthenticated, function(request, response){
response.render('home.html');
//response.send('if you are viewing this page it means you are logged in');
});
app.post('/logout', function(request, response) {
console.log('Logging out');
request.logout();
response.send('Logout successful');
//request.session.destroy(function (err){
//request.logout();
//response.clearCookie('connect.sid');
//response.send('Logout successful');
//});
});
and my server.js
var serverPort = process.env.PORT || 3000;
var isOnline = true;
//var appPort = 8080;
//var appPort = 3000;
var express = require('express');
var app = express();
//var app = require('express')();
var server = require('http').Server(app);
var io = require('socket.io')(server);
var cookieParser = require('cookie-parser');
var Sequelize = require('sequelize');
var pg = require('pg');
var bcrypt = require('bcrypt');
var bodyParser = require('body-parser');
var engines = require('consolidate');
var passport = require('passport');
var passportLS = require('passport-local').Strategy;
//cookie-session instead of express-session?
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cookieParser());
app.use(express.static('public'));
app.set('views', __dirname + '/public');
app.engine('html', engines.mustache);
app.set('view engine', 'html');
app.use(require('express-session')({
secret: 'blablaverysecureblabla',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
var config = require('./Database/config.js');
if(isOnline){
var sequelize = new Sequelize(process.env.DATABASE_URL, {
logging: false,
dialect: 'postgres',
dialectOptions: { ssl: true},
protocol: 'postgres' });
}else{
var sequelize = new Sequelize(config.databaseUrl, {
logging: false,
dialect: 'postgres',
dialectOptions: { ssl: false},
protocol: 'postgres' });
}
var userModel = require('./Database/Models/user.js')(sequelize, Sequelize);
var roomModel = require('./Database/Models/room.js')(sequelize, Sequelize, userModel);
sequelize.sync();
require('./routes.js')(app, userModel, roomModel, bcrypt, sequelize, passport, passportLS);
//app.listen(appPort); console.log('App is running on port: '+appPort);
server.listen(serverPort, function(){ console.log('Server is running on port: '+serverPort); });
via OE1
No comments:
Post a Comment