Logo Questions Linux Laravel Mysql Ubuntu Git Menu

NodeJs Passport isAuthenticated() returning false even after login

I'm new to Angular.js and trying to build local authentication for a website. I have gone through various sources and Authentication in Single Page Applications was very helpful. When I tried build the same in my localhost my code went in to a loop.

app.post('/login',.....) is returning user in the response but after that while loading the admin page it is checking whether the user is logged in by calling app.get('/loggedin',... ) and req.isAuthenticated() is returning false even after login and it goes to a loop. I can't understand why this is happening please help me.

Server Side code

var express = require('express');
var http = require('http');
var path = require('path');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;

// Define the strategy to be used by PassportJS
passport.use(new LocalStrategy(
  function(username, password, done) {
    if (username === "admin" && password === "admin") // stupid example
      return done(null, {name: "admin"});

    return done(null, false, { message: 'Incorrect username.' });

// Serialized and deserialized methods when got from session
passport.serializeUser(function(user, done) {
    done(null, user);

passport.deserializeUser(function(user, done) {
    done(null, user);

// Define a middleware function to be used for every secured routes
var auth = function(req, res, next){
  if (!req.isAuthenticated()) 

// Start express application
var app = express();

// all environments
app.set('port', process.env.PORT || 3000);
app.use(express.session({ secret: 'securedsession' }));
app.use(passport.initialize()); // Add passport initialization
app.use(passport.session());    // Add passport initialization

app.all('*', function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

// development only
if ('development' == app.get('env')) {

// routes
app.get('/', function(req, res){
  res.render('index', { title: 'Express' });

app.get('/users', auth, function(req, res){
  res.send([{name: "user1"}, {name: "user2"}]);

// route to test if the user is logged in or not
app.get('/loggedin', function(req, res) {
  res.send(req.isAuthenticated() ? req.user : '0');

// route to log in
app.post('/login', passport.authenticate('local'), function(req, res) {

// route to log out
app.post('/logout', function(req, res){

http.createServer(app).listen(app.get('port'), function(){
  console.log('Express server listening on port ' + app.get('port'));

Client Side Js file

'use strict';

 * Angular Application
var app = angular.module('app', ['ngResource','ngRoute'])
  .config(function($routeProvider, $locationProvider, $httpProvider) {
    // Check if the user is connected
    var checkLoggedin = function($q, $timeout, $http, $location, $rootScope){
      // Initialize a new promise
      var deferred = $q.defer();

      // Make an AJAX call to check if the user is logged in
        // Authenticated
        if (user !== '0')
          $timeout(deferred.resolve, 0);

        // Not Authenticated
        else {
          $rootScope.message = 'You need to log in.';
          $timeout(function(){deferred.reject();}, 0);

      return deferred.promise;

    // Add an interceptor for AJAX errors
    $httpProvider.responseInterceptors.push(function($q, $location) {
      return function(promise) {
        return promise.then(
          // Success: just return the response
            return response;
          // Error: check the error status to get only the 401
          function(response) {
            if (response.status === 401)
            return $q.reject(response);

    // Define all the routes
      .when('/', {
        templateUrl: 'views/main.html'
      .when('/admin', {
        templateUrl: 'views/admin.html',
        controller: 'AdminCtrl',
        resolve: {
          loggedin: checkLoggedin
      .when('/login', {
        templateUrl: 'views/login.html',
        controller: 'LoginCtrl'
        redirectTo: '/login'

  }) // end of config()
  .run(function($rootScope, $http){
    $rootScope.message = '';

    // Logout function is available in any pages
    $rootScope.logout = function(){
      $rootScope.message = 'Logged out.';

 * Login controller
app.controller('LoginCtrl', function($scope, $rootScope, $http, $location) {
  // This object will be filled by the form
  $scope.user = {};

  // Register the login() function
  $scope.login = function(){
    $http.post('http://localhost:3000/login', {
      username: $scope.user.username,
      password: $scope.user.password,
      // No error: authentication OK
      $rootScope.message = 'Authentication successful!';
      // Error: authentication failed
      $rootScope.message = 'Authentication failed.';

 * Admin controller
app.controller('AdminCtrl', function($scope, $http) {
  // List of users got from the server
  $scope.users = [];

  // Fill the array to display it in the page
    for (var i in users)
like image 231
Kumar teja Avatar asked Oct 28 '14 07:10

Kumar teja

1 Answers

You need to allow cookies to be set in cross domain

In express

 res.header('Access-Control-Allow-Credentials', true);

And in ajax setup

 xhrFields: {
     withCredentials: true

You can find relevant answers here and here

like image 55
Sami Avatar answered Oct 07 '22 01:10
