Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Passport deserializing multiple times on login

The issue is when I log in, passport will run its deserialize function a good number of times. While this isn't having any effect on things, that I know of. Having it do this could be problematic later on down the road. Here is the logs:

Bloodmorphed has been Serialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized
Bloodmorphed has been deserialized

Here is the passport:

/*jshint esversion: 6 */
const LocalStrategy = require('passport-local').Strategy;
const db = require('../config/db');
const bcrypt = require('bcryptjs');
let io = require('./io');

module.exports = (passport) => {

  // =========================================================================
  // passport session setup ==================================================
  // =========================================================================

  // used to serialize the user for the session
  passport.serializeUser((user, done) => {
    console.log(user.username + ' has been Serialized');
    done(null, user.id);
  });

  // used to deserialize the user
  passport.deserializeUser((id, done) => {
    let sql = 'SELECT * FROM users, users_meta WHERE users.id = ? AND users_meta.id =?';
    db.query(sql, [id, id]).then(results => {
      var userdata = results[0];
      console.log(userdata.username + ' has been deserialized');
      done(null, userdata);
    });
  });

  // Local Strategy login
  passport.use('local-login', new LocalStrategy({
    passReqToCallback: true,
  }, (req, username, password, done) => {
    // Match Username
    let sql = 'SELECT * FROM users WHERE username = ?';
    db.query(sql, [username]).then(results => {
      if (!results.length) {
        return done(null, false, {
          type: 'loginMessage',
          message: 'Wrong Login',
        });
      }

      //  Match Password
      bcrypt.compare(password, results[0].password, (err, isMatch) => {
        if (isMatch) {
          var userData = results[0];
          sql = 'SELECT * FROM users_meta WHERE id = ?';
          db.query(sql, userData.id).then(results => {
            Object.assign(userData, results[0]);
            return done(null, userData);
          });

        } else {
          return done(null, false, {
            type: 'loginMessage',
            message: 'Wrong Login',
          });
        }
      });
    });
  }));
};

While this is not a high priority issue as of now, I would like to get it fixed, or if it is indeed normal for the to happen.

like image 651
William Avatar asked Nov 17 '22 09:11

William


1 Answers

Please refer to https://github.com/jaredhanson/passport/issues/14#issuecomment-4863459

The serving of static files should be done before passport.session.

For instance, according to the refereed source:

app.configure(function() {
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  // passport session is triggered, causing deserializeUser to be invoked
  app.use(passport.session());
  // but request was for a static asset, for which authentication is not
  // necessary
  app.use(express.static(__dirname + '/../../public'));
});

Should be changed to:

app.configure(function() {
  app.use(express.logger())
  // requests for static assets will be handled immediately and will not continue
  // down the middleware stack
  app.use(express.static(__dirname + '/../../public'));
  // any request that gets here is a dynamic page, and benefits from session
  // support
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
});
like image 87
RedDragon Avatar answered Dec 05 '22 00:12

RedDragon