isAuthenticated() false after login using Express 4

[fagnercarvalho]

package.json:

"passport" : "*",     
"passport-local" : "*",  
"connect-flash" : "*",   
"bcrypt-nodejs" : "*"

app.js

var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var passport = require('passport');
var session = require('express-session')
var flash = require('connect-flash');

app.use(cookieParser());
app.use(session({ secret: 'okthxbye', key: 'user', cookie: { maxAge: 60000, secure: false }}));
app.use(passport.initialize());
app.use(passport.session()); 
app.use(flash());

/config/passport.js

passport.serializeUser(function(user, done) {
    done(null, user.email);
});

passport.deserializeUser(function(email, done) {
    var db = req.db;
    var collection = db.get('users');

    collection.find({
        'email': email
    }, {}, function(err, user) {
        if (err)
            return done(err);
        done(err, user);
    });
});

passport.use('local-login', new LocalStrategy({
    usernameField : 'email',
    passwordField : 'password',
    passReqToCallback : true
},
function(req, email, password, done) { 
    var db = req.db;
    var collection = db.get('users');

    collection.findOne({ 'email' :  email }, {}, function(err, user) {

        if (err)
            return done(err);
        if (!user)
            return done(null, false, req.flash('loginMessage', User not found.')); 

        if (validPassword(password, user.password))
            return done(null, false, req.flash('loginMessage', 'Wrong password.')); 

        return done(null, user);
    });

}));

routes/index.js

app.post('/login', passport.authenticate('local-login', {
    successRedirect : '/', 
    failureRedirect : '/login', 
    failureFlash : true
}));

app.get('/', function(req, res) {
    res.render('index.html', {});
});

request

POST http://localhost:3000/login Header: Content-type: application/json Body: {"email": "test@test.com", "password":"123"}

The screenshot above show the redirect to index.html (after login success) and then suddenly redirect to login.html again.

What I need to do?

Thanks!

[fagnercarvalho]

Ok, this was entirely my mistake... I dont pass the created cookie to the next request and then of course its get isAuthenticated() === false.

Thanks for the help anyways and sorry for this!

[kylejeske]

Can you provide a snippet about passing the cookie?

[fagnercarvalho]

Of course Kyle. First I got the value from the attribute 'Set-Cookie' from the login success response header. Then I just had to add the cookie to future request headers, like this: Cookie: <cookie>

Example: Cookie: 7DDA97B960ADA6DA9157DBB8F63F9A71416B097CBFD531369A7659A6AEA5953650BA312B18F83974091FC079019B4AF06DA32B6BB99F17126AFA3650706A08EF651EE4F5730CE252851B1427C152D4BB

After that my code worked fine!

[wxmerkt]

What is the corresponding snippet to achieve this?

[fagnercarvalho]

@iamwolf Hello! Like I said before you just need to pass the cookie along the requests. The snippet is in my last post. I was using Fiddle to test my requests. If this is not enough to solve your problem please post your code here or open another issue.

Thanks!

[wxmerkt]

@fagnercarvalho Thank you very much -- the issue was in trying to invoke SSL

[martleim]

I'm having the same problem, I managed to make sure the cookie is being sent (req.cookies contains it), but isAuthenticated is still returning false, is there a way to know where that is failing?

By the way, im using cors 2.7.1 to fix cors, the site is a REST service to be accessed via an app, the cookie is now not being sent from another domain, that i checked, still managed to get it send from the same server and isAuthenticated returns false..

removed cors.. still same problem

Thanks

[martleim]

Found the problem.. I wasnt calling request.login after passport authenticated