Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PassportJS - how to get session object

I have implemented passportJS in my node application. After logging in I get an object which I place in the session. This is the object:

{ loginStatus: 'SUCCESS',
  orgRoles: { '7': 'ALL' },
  orgNames: { '7': '[email protected]' },
  loginId: 4,
  message: 'Success',
  success: true }

This is the passport configuration (in coffeescript):

passport.serializeUser (user, done) -> 
    console.log 'serializing', user
    done null, user

passport.deserializeUser (user, done) ->
    console.log 'deserializing', user
    done null, user

#passport LocalStrategy
passport.use new LocalStrategy
    usernameField: 'email'
    passwordField: 'password'
    ,
    (username, password, done) ->
        validateUser username, password, done



validateUser = (username, password, done) ->

    console.log 'loginName is --> ' + username + ' password --> ' + password
    options = 
        protocol: API_PROTOCOL
        host: API_HOST
        pathname: '/appservices/login'

    reqURL = url.format options
    requestOptions =
        headers:
            'Content-type': 'application/json; charset=utf-8' 
        body: JSON.stringify 
            loginName: username
            password: password
        method: 'POST'

    request reqURL, requestOptions, (error, response, body) ->
        console.log 'body is --> ' + body
        resObj = JSON.parse body.toString()

        console.log 'loginStatus is --> ' + resObj.loginStatus

        if resObj.loginStatus is 'FAIL' or resObj.loginStatus is 'INVALID_PASSWORD' or resObj.loginStatus is 'LOGIN_NOT_FOUND'
            return done null, false, 
                message: 'We couldn\'t find that email/password, please try again.'
        if resObj.loginStatus is 'ACCOUNT_LOCKED'
            return done null, false, 
                message: 'The user has been locked out due to too many unsuccessful login attempts or the admin has locked the account. Please contact admin or customer support.' 
        if resObj.loginStatus is 'NO_LOGIN_DOMAIN_AVAILABLE'
            return done null, false, 
                message: 'The login attempt is valid but there is no registered domain that the login can access. Please contact admin or customer support.' 
        if resObj.loginStatus isnt 'SUCCESS'
            return done null, false, 
                message: 'The login attempt has failed. If you feel this is an error please try again or contact admin/customer support.' 

        done null, resObj

app.configure ->
    #app.use express.logger()
    app.use express.static(__dirname + '/public')
    app.use express.cookieParser()
    app.use express.bodyParser()
    app.use express.methodOverride()
    app.use express.session
        secret: '###########'
        store: new RedisStore()
        cookie:
            maxAge: 3600000
    app.use flash()
    app.use passport.initialize()
    app.use passport.session()
    app.set 'view engine', 'jade'
    app.set 'views', __dirname + '/views'
    app.use app.router

The output I see:

serializing { loginStatus: 'SUCCESS',
  orgRoles: { '7': 'ALL' },
  orgNames: { '7': '[email protected]' },
  loginId: 4,
  message: 'Success',
  success: true }
deserializing { loginStatus: 'SUCCESS',
  orgRoles: { '7': 'ALL' },
  orgNames: { '7': '[email protected]' },
  loginId: 4,
  message: 'Success',
  success: true }

I would like to be able to access that I placed in the session and get values out of it. For example, when I make a GET request, I would like to be able do the following:

app.get '/threatStatus', (res, req) ->
    #I would like to retrieve the loginId for the user that I placed in the session

Any help is greatly appreciated!!

Cheers,

Kianosh

Update: I was able to get the data I needed by making the following call:

app.get '/threatStatus', (res, req) ->
    console.log req.req.user

Which outputs the following:

{ loginStatus: 'SUCCESS',
  orgRoles: { '7': 'ALL' },
  orgNames: { '7': '[email protected]' },
  loginId: 4,
  message: 'Success',
  success: true }

Which begs the question, is this correct? Should I have to dive deep into the request object in order to get this data? Is 'req.req.user' correct?

like image 948
Kianosh Avatar asked Oct 05 '22 09:10

Kianosh


1 Answers

The user object should be retrieved via req.user.

You may verify if a user has logged in via req.isAuthenticated() to avoid handling an undefined req.user.

like image 82
irok Avatar answered Oct 10 '22 21:10

irok