The req.isAuthenticated() function of api.js always returns false regardless whether the user is logged in or not. This particular function doesn't seem to work.
I don't know what to do. I am stuck on this for a long time.
Any help is highly appreciated.
I am testing my code on advanced rest client.
app.js (main file):
var http_errors = require('http-errors');
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var passport = require('passport');
var session = require('express-session');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var api = require('./routes/api');
var authenticate = require('./routes/authenticate')(passport);
var app = express();
app.use(cookieParser('super duper secret'));
app.use(session({
secret: 'super duper secret',
resave: true,
saveUninitialized: true
}));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public')));
app.use(passport.initialize());
app.use(passport.session());
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use('/api', api);
app.use('/auth', authenticate);
var initPassport = require('./passport-init');
initPassport(passport);
module.exports = app;
Routing files:-
api.js:
var express = require('express');
var router = express.Router();
router.use(function(req, res, next){
if(req.method === "GET"){
return next();
}
if (!req.isAuthenticated()){
return res.redirect('/#login');
}
return next();
});
router.route('/posts')
.get(function(req, res){
res.send({message: 'TODO return all posts'});
})
.post(function(req, res){
res.send({message: 'TODO create a new post'});
})
module.exports = router;
authenticate.js:
var express = require('express');
var router = express.Router();
module.exports = function(passport){
router.get('/success', function(req, res){
res.send({state: 'success', user: req.user ? req.user : null});
})
router.get('/failure', function(req, res){
res.send({state: 'failure', user: null, message: "Invalid username or password"});
})
router.post('/login', passport.authenticate('login', {
successRedirect: '/auth/success',
failureRedirect: '/auth/failure'
}))
router.post('/signup', passport.authenticate('signup', {
successRedirect: '/auth/success',
failureRedirect: '/auth/failure'
}))
router.get('/signout', function(req, res) {
req.logout();
res.redirect('/');
});
return router;
}
passport-init.js (file that exploits passport module):
var LocalStrategy = require('passport-local').Strategy;
var bCrypt = require('bcrypt-nodejs');
var users = {};
module.exports = function(passport){
passport.serializeUser(function(user, done) {
console.log('serializing user:',user.username)
return done(null, user.username);
})
passport.deserializeUser(function(username, done) {
User.findById(username, function(err, user){
return done(err,users[username]);
})
})
passport.use('login', new LocalStrategy({
passReqToCallback : true
},
function(req, username, password, done) {
if(!users[username]){
return done('user not found',false);
}
if(!isValidPassword (users[username],password)){
return done('invalid password', false);
}
console.log('sucessfully logged in')
return done(null, users[username]);
}
))
passport.use('signup', new LocalStrategy({
passReqToCallback : true
},
function(req, username, password, done) {
if(users[username]){
return done('username already taken', false);
}
users[username] = {
username: username,
password: createHash(password)
}
console.log('sucessfully signed in')
console.log(users[username])
return done(null, users[username]);
}
))
var isValidPassword = function(user, password){
return bCrypt.compareSync(password, user.password);
}
var createHash = function(password){
return bCrypt.hashSync(password, bCrypt.genSaltSync(10), null);
}
};
What I have tried:
I tried many solutions like adding cookies (which as far as I gathered from other forums is the reason why req.isAuthenticated() doesn't work), explicitly calling logIn (though passport.authenticate in authenticate.js calls it by default) and some other small remedies like changing the order of my middlewares but nothing is working.