Search code examples
node.jsexpresspassport.jspassport-local

NodeJS Express passport local login

I am trying to get passport to work for using passport-local. I go to login but for some reason when I try to go to protected page, it redirects me back to the login page. Here is the code I have

app.js

var passport = require('passport');
var routes = require('./routes/index');
var app = express();

app.use(passport.initialize());
app.use(passport.session());

app.use('/', routes);

routes/index.js

var passport = require('passport');
var Strategy = require('passport-local').Strategy;
var manager = require('connect-ensure-login');
var db = require('../db');

/* Authentication */

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(user, done) {
  done(null, user);
});

passport.use(new Strategy(function(username, password, done) {
    db.users.findByUsername(username, function(err, user) {
        if (err) { return done(err); }
        if (!user) { return done(null, false); }
        if (user.password != password) { return done(null, false); }
        return done(null, user);
    });
}));

/* Login Page */
router.get('/login', function(req, res) {
    res.render('login', { title: 'Login' });
});

router.post('/login', passport.authenticate('local', {
    successRedirect: '/',
    failureRedirect: '/login'
  })
);

/* Home Page */
router.get('/', manager.ensureLoggedIn(), function(req, res) {
    res.render('index', { title: 'Order Search' });
});

I think the problem maybe is I am not setting up the session correctly and I am losing it on page change. Thanks for any help

Update #1

So I added express session but still I am having the same issue

app.js

var passport = require('passport');
var session = require('express-session');
var routes = require('./routes/index');
var app = express();

app.use(passport.initialize());
app.use(passport.session());
app.use(session({ secret: 'keyboard cat', resave: true, saveUninitialized: true }));

app.use('/', routes);
Solution

  • You are right, it's all about the session. In connect-ensure-login you can read that "The URL will be saved in the session". And in passport-middleware you can see how express session is created. I don't see that in your code, so I'm guessing express doesn't use a session.

    If you haven't at all initialized express-session, use something like:

    app.use(require('express-session')({ secret: 'keyboard cat', resave: true, saveUninitialized: true }));

    The easiest thing to test is to see what's in your session store after login. Another thing to do is print information on each request and check if there is an user or not.