I am trying to protect a route to be accessed by a user without a role. Then I went ahead and found passport-local-roles module and pasted it to my code. I have a MongoDB users collection with user, role, and password. Before voting down, please check my profile.
let passport = require('passport')
let LocalStrategy = require('passport-local').Strategy;
app.use(bodyParser.urlencoded({extended: true}))
passport.use(new LocalStrategy(
function(username, password, role, done) {
console.log('It doesnt reach this part of the code');
User.findOne({ username: 'Baud' }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
if (!user.verifyPassword('abr3alas')) { return done(null, false); }
return done(null, user);
});
}
));
passport.use(new LocalStrategy({
usernameField: 'email',
passwordField: 'passwd',
roleField: 'administrator',
passReqToCallback: false,
session: false
},
function(req, username, password, role, done) {
// request object is now first argument
console.log('It doesnt print any of the following information')
console.log('role is:' + role)
console.log('req is:' + req)
}
));
// create users collection
app.post('/users', passport.authenticate('local'),
function(req, res) {
console.log('even though I access this route, doesnt do nothing bellow');
console.log(res)
db.collection('users').find().toArray((err, result) => {
if (err) return console.log(err)
console.log(users);
});
if (req.user.role == "administrator") {
return res.send('you can see this content');
}
else {
console.log('you are not administrator')
res.send('you can not see this content');
}
(req, res) => {
names = db.collection('users').find({name: req.body.name});
console.log(names);
db.collection('users').insertOne(req.body,
(err, result) => {
if (err) return console.log(err)
console.log('User created with role ' + req.body.role);
res.redirect('/')
})
}
})
not a single console.log prints out anything.
I have a MongoDB users collection and a form I submit from /users and I have a working MongoDB query that prints out the users credentials.
users.ejs:
<form action="/users" method="POST">
<input type="text" placeholder="username" name="username">
<input type="text" placeholder="role" name="role">
<input type="password" placeholder="password" name="password">
<button type="submit" id="user" >Login</button>
</form>
"Bad Request"
How is this supposed to work if not a single console.log prints anything? Thank you
Because nobody helped, I had to quit