The issue is when I log in, passport will run its deserialize function a good number of times. While this isn't having any effect on things, that I know of. Having it do this could be problematic later on down the road. Here is the logs:
Bloodmorphed has been Serialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Here is the passport:
/*jshint esversion: 6 */
const LocalStrategy = require('passport-local').Strategy;
const db = require('../config/db');
const bcrypt = require('bcryptjs');
let io = require('./io');
module.exports = (passport) => {
// =========================================================================
// passport session setup ==================================================
// =========================================================================
// used to serialize the user for the session
passport.serializeUser((user, done) => {
console.log(user.username + ' has been Serialized');
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser((id, done) => {
let sql = 'SELECT * FROM users, users_meta WHERE users.id = ? AND users_meta.id =?';
db.query(sql, [id, id]).then(results => {
var userdata = results[0];
console.log(userdata.username + ' has been deserialized');
done(null, userdata);
});
});
// Local Strategy login
passport.use('local-login', new LocalStrategy({
passReqToCallback: true,
}, (req, username, password, done) => {
// Match Username
let sql = 'SELECT * FROM users WHERE username = ?';
db.query(sql, [username]).then(results => {
if (!results.length) {
return done(null, false, {
type: 'loginMessage',
message: 'Wrong Login',
});
}
// Match Password
bcrypt.compare(password, results[0].password, (err, isMatch) => {
if (isMatch) {
var userData = results[0];
sql = 'SELECT * FROM users_meta WHERE id = ?';
db.query(sql, userData.id).then(results => {
Object.assign(userData, results[0]);
return done(null, userData);
});
} else {
return done(null, false, {
type: 'loginMessage',
message: 'Wrong Login',
});
}
});
});
}));
};
While this is not a high priority issue as of now, I would like to get it fixed, or if it is indeed normal for the to happen.
Please refer to https://github.com/jaredhanson/passport/issues/14#issuecomment-4863459
The serving of static files should be done before passport.session
.
For instance, according to the refereed source:
app.configure(function() {
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
// passport session is triggered, causing deserializeUser to be invoked
app.use(passport.session());
// but request was for a static asset, for which authentication is not
// necessary
app.use(express.static(__dirname + '/../../public'));
});
Should be changed to:
app.configure(function() {
app.use(express.logger())
// requests for static assets will be handled immediately and will not continue
// down the middleware stack
app.use(express.static(__dirname + '/../../public'));
// any request that gets here is a dynamic page, and benefits from session
// support
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With