Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to handle unauthorized requests with nodejs/passport

Tags:

node.js

passport.js

passport-local

As per the documentation, if I was handling authentication requests like so, I would be able to capture successful attempts.

app.post('/login',
  passport.authenticate('local'),
  function(req, res) {
    // If this function gets called, authentication was successful.
    // `req.user` contains the authenticated user.
    res.redirect('/users/' + req.user.username);
  });

But, like the documentation says:

By default, if authentication fails, Passport will respond with a 401 Unauthorized status, and any additional route handlers will not be invoked. If authentication succeeds, the next handler will be invoked and the req.user property will be set to the authenticated user.

How can I handle the unauthorized login attempt?

I know I can handle it with custom middleware but is there a better way?

like image 907
Adam K Dean Avatar asked Oct 07 '14 12:10

Adam K Dean

1 Answers

You should have a look at the Custom Callback section in passport docs which explains about how to override the built in behavior of handling an authentication request. You can write a custom callback which will serve as the done function that you are invoking from the Strategy.

app.get('/login', function(req, res, next) {
  /* look at the 2nd parameter to the below call */
  passport.authenticate('local', function(err, user, info) {
    if (err) { return next(err); }
    if (!user) { return res.redirect('/login'); }
    req.logIn(user, function(err) {
      if (err) { return next(err); }
      return res.redirect('/users/' + user.username);
    });
  })(req, res, next);
});

Look at the second parameter to the passport.authenticate call, which will serve as the done function that you invoke from the local strategy.

See the done function invoked in the code below, which is the local strategy that you define for passport. You can call the done function with various available parameters like err, user, info set from the strategy according to the response from API call or db operation. These parameters will be processed by the above function definition in the passport.authenticate call.

passport.use(new LocalStrategy(
  function(username, password, done) {
    /* see done being invoked with different paramters
       according to different situations */
    User.findOne({ username: username }, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      if (!user.verifyPassword(password)) { return done(null, false); }
      return done(null, user);
    });
  }
));
like image 155
Mithun Satheesh Avatar answered Oct 11 '22 22:10

Mithun Satheesh
Sign in to Comment

Related questions

Why am I getting weird result using parseInt in node.js? (different result from chrome js console)
POST to PHP from Node.js
iterate over an array of objects in jade/pugjs
Run function/code after certain time with nodejs
What app.set function does (express.js)?
req.headers.origin is undefined
How promisifyAll works, or what are the requirements for it work?
Authenticating node API with passport-jwt
How to upload file using multer or body-parser
How to update an item in Dynamodb of type String Set (SS)?
Handle 404 error with Express 4
How to get Map as an object in javascript ES6?
Sequelize 'Dialect needs to be explicitly supplied as of v4.0.0'
Upgraded node and npm via nvm, but old node is still used for global packages
npm to install packages from local position rather than from web?
DerbyJS and Authentication
Encrypting and Decrypting with python and nodejs
Mongoose update without callback
Which database engine is best for node.js apps? [closed]
nodejs: Check if variable is readable stream

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!