Search code examples
node.jsexpressnodemailerexpress-sessionsamesite

Passportjs signup works in localhost but doesn't work after deploying in Heroku. Error probably has something to do with cookies

I'm using nodemailer to send a random code to the user and then redirecting them to a verify page where they paste the code to verify their account. I'm using mongo Altas.

When I'm running it on localhost it works perfectly but when I deploy to my free version of Heroku the signup page redirects me to the same page as instructed to do for any errors.

Express-session middleware

app.use(session({
    secret: '9131848995',
    resave: false,
    saveUninitialized: false,
    store: new MongoStore({mongooseConnection: mongoose.connection}),
    cookie: { 
        maxAge: 8 * 180 * 60 * 1000,
    }
}));

config/passport.js**

    passport.use('local.signup', new localStrategy({
    usernameField: 'email',
    passwordField: 'password',
    passReqToCallback: true
}, (req, email, password, done) => {
    req.checkBody('email', 'Invalid email').notEmpty().isEmail();
    req.checkBody('password', 'Invalid password').notEmpty().isLength({min:6});
    let errors = req.validationErrors();
    if(errors){
        let messages = [];
        errors.forEach((error)=>{
            messages.push(error.msg);
        });
        return done(null, false, req.flash('error', messages))
    }
    User.findOne({'email': email}, (err, user)=> {
        if (err) {
            return done(err);
        }
        if (user) {
            return done(null, false, {message: 'Email is already in use.'});
        }
        transporter.sendMail(Mail(email), (error, info)=>{
            if(!error){
                let newUser = new User();
                newUser.email = email;
                newUser.password = newUser.encryptPassword(password);
                newUser.v_code = v_code; 
                if (!err) {
                    newUser.save((err, result)=>{
                        if (err) {
                            return done(err);
                        }
                        return done(null, newUser);
                    });
                }
            } else {
                return done(null, false, {message: error});
            }
        
        });
    })
}));

Signup route

router.get('/signup', (req, res)=> {
    let messages = req.flash('error');
    res.render('signup', {csrfToken: req.csrfToken(), messages: messages, hasError: messages.length > 0});
});

router.post('/signup', passport.authenticate('local.signup',{
    successRedirect: '/user/verify',
    failureRedirect: '/user/signup',
    failureFlash: true
}));

Thank you.

Solution

  • The Problem was solved; dotenv caused the issue. Removing the dotenv values and directly putting in the nodemailer auth values solved the problem.

    As dotenv FAQ page says,

    Should I commit my .env file?

    No. We strongly recommend against committing your .env file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.