Menu
I'm trying to establish a login mechanism using node.js, express and passport.js. The Login itself works quite nice, also sessions are stored nicely with redis but I do have some troubles with redirecting the user to where he started from before being prompted to authenticate.
e.g. User follows link http://localhost:3000/hidden is then redirected to http://localhost:3000/login but then I want him to be redirected again back to http://localhost:3000/hidden.
The purpose of this is, if the user access randomly a page he needs to be logged in first, he shall be redirected to the /login site providing his credentials and then being redirected back to the site he previously tried to access.
Here is my login post
app.post('/login', function (req, res, next) { passport.authenticate('local', function (err, user, info) { if (err) { return next(err) } else if (!user) { console.log('message: ' + info.message); return res.redirect('/login') } else { req.logIn(user, function (err) { if (err) { return next(err); } return next(); // <-? Is this line right? }); } })(req, res, next); }); and here my ensureAuthenticated Method
function ensureAuthenticated (req, res, next) { if (req.isAuthenticated()) { return next(); } res.redirect('/login'); } which hooks into the /hidden page
app.get('/hidden', ensureAuthenticated, function(req, res){ res.render('hidden', { title: 'hidden page' }); }); The html output for the login site is quite simple
<form method="post" action="/login"> <div id="username"> <label>Username:</label> <input type="text" value="bob" name="username"> </div> <div id="password"> <label>Password:</label> <input type="password" value="secret" name="password"> </div> <div id="info"></div> <div id="submit"> <input type="submit" value="submit"> </div> </form> 
655
session. user = o; res. redirect('/home'); } else{ res. render('/login', { title: 'Hello - Please Login To Your Account' }); } }); } });
Authorization is performed by calling passport. authorize() . If authorization is granted, the result provided by the strategy's verify callback will be assigned to req.account . The existing login session and req.
In this route, passport. authenticate() is middleware which will authenticate the request. By default, when authentication succeeds, the req. user property is set to the authenticated user, a login session is established, and the next function in the stack is called.
In your ensureAuthenticated method save the return url in the session like this:
... req.session.returnTo = req.originalUrl; res.redirect('/login'); ... Then you can update your passport.authenticate route to something like:
app.get('/auth/google/return', passport.authenticate('google'), function(req, res) { res.redirect(req.session.returnTo || '/'); delete req.session.returnTo; }); I don't know about passport, but here's how I do it:
I have a middleware I use with app.get('/account', auth.restrict, routes.account) that sets redirectTo in the session...then I redirect to /login
auth.restrict = function(req, res, next){ if (!req.session.userid) { req.session.redirectTo = '/account'; res.redirect('/login'); } else { next(); } }; Then in routes.login.post I do the following:
var redirectTo = req.session.redirectTo || '/'; delete req.session.redirectTo; // is authenticated ? res.redirect(redirectTo); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
