Search code examples
node.jsexpresspassport.jsexpress-session

Passport authentication not persisting between endpoints

I'm writing an Express application that uses passport.js for authentication and I'd like to utilise express-session so that the user stays logged in if I call another endpoint. passport.authenticate and req.logIn both work, but when I call another endpoint, req.isAuthenticated() returns false and req.user is undefined

Here's my setup code for passport:

passport.use(new LocalStrategy(
    function(username, password, done) {
        db.all("SELECT * from users WHERE username='" + username +"'", function(err, rows) {
     if (err != null) {
        return done(err);
     }
     if (rows.length == 0) {
        return done(null, false, {message: "No user found"});
     }
     var row = rows[0]
     bcrypt.compare(password, row.password, function(err, res) {
        if (err) {
            return done(err)
        }
        if (res) {
            return done(null, username)
        } else {
            return done(null, false, {message: "Incorrect password"})
        }
     })
   })
  }
))

passport.serializeUser((username, done) => {
    done(null, username);
});

passport.deserializeUser(function(id, done) {
   db.all("SELECT * from users WHERE username='" + id + "'", function(err, rows){
       if (err != null) {
           return done(err)
       }
       if (rows.length == 0) {
           return done(null, false)
       }
       return done(null, id)
    })
})

// add & configure middleware
app.use(session({
    store: new SQLiteStore,
    secret: my-secret
    resave: false,
    saveUninitialized: true
}))
app.use(passport.initialize());
app.use(passport.session());

This is my login endpoint

app.post('/login', function(req, res) {
    passport.authenticate('local', function(err, user, info) {
        if (err) { 
           return res.status(500).json({ err })
        }
        if (!user) { 
            return res.status(400).json({
                err: info.message
            })
        }
        req.logIn(user, function(err) {
            if (err) { 
                console.log(err)
                return res.status(500).json({ err })
            }
            res.status(200).json({
                msg: 'Success'
            })
        });
    })(req, res)
})

Everything is fine at that point. It outputs the correct user ID.

I then call this endpoint:

app.post('/check-log-in', function(req, res, next) {
    console.log(req.user)
    console.log(req.isAuthenticated())
    if (req.user) {
        res.status(200).json({
            loggedIn: true
        })
    } else {
        res.status(200).json({
            loggedIn: false
        })
    }
})

req.user is undefined and req.isAuthenicated() returns false.

I'm sure I've set up passport somewhere incorrectly but I've looked over examples and even some of code from another project that has worked but nothing seems to be doing the trick. Any advice?

Solution

  • This answer fixed my issue. It was a problem with fetch, so I switched to axios