Issue
I'm trying to setup a Local Strategy and use failureMessages display authentication errors to the user but I'm unsure the correct way to do this.
The failureMessages are added to the req.session.messages each time a failure occurs but the session.messages are never cleared. Here is the result:
Obviously, the last message is the most recent, but how do I know if the messages are from a current failure or a one that occurred in the past because I only want to display an error message if it is a current failure.
auth.js
passport.use(new LocalStrategy(
function(username, password, done) {
myDatabase.findOne({ username: username }, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false, { message: 'Incorrect username or password.' }); }
if (!bcrypt.compareSync(password, user.password)) {
return done(null, false, { message: 'Incorrect username or password.' });
}
return done(null, user);
});
}
));
routes.js
app.route('/login').post(passport.authenticate('local', { failureRedirect: '/', failureMessage: true }),
(req, res) => {
res.redirect('/profile');
});
server.js
app.use(session({
secret: process.env.SESSION_SECRET,
resave: true,
saveUninitialized: true,
cookie: { secure: false },
key: 'express.sid',
store: store
}));
app.use(passport.initialize());
app.use(passport.session());
Solution
I was able to clear the req.session.messages before sending a new failureMessage by setting the passReqToCallback option. This way we know that any message contained in req.session.messages is a new failure.
passport.use(new LocalStrategy({ passReqToCallback: true },
function(req, username, password, done) {
myDatabase.findOne({ username: username }, function(err, user) {
if (err) { return done(err); }
if (!user) {
req.session.messages = [];
return done(null, false, { message: 'Incorrect username or password.' }); }
if (!bcrypt.compareSync(password, user.password)) {
return done(null, false, { message: 'Incorrect username or password.' });
}
return done(null, user);
});
}
));
Answered By - Ryan Dantzler Answer Checked By - Mary Flores (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.