Open Evalife opened 2 years ago
Having the same problem since updating from v0.5.3. I believe this is down to change a77271f55f045bd4fd2578a953256406b3621721 - authentice.js
uses req.session.returnTo
to redirect back to whatever page the user was visiting. But now sessionmanager.js
is using req.session.regenerate
- resulting in the returnTo
property being lost, hence no redirect.
A workaround is to use options.keepSessionInfo
to retain the session info:
passport.authenticate('oauth2', {
successReturnToOrRedirect: '/home',
failureRedirect: '/sign-in',
keepSessionInfo: true
})
though this feels like it defeats the purpose of regenerating the session, when all we want to keep is the returnTo
value.
Plus, if you are using Typescript keepSessionInfo
isn't included in @types/passport
We tried moving to 0.6.0 to receive vulnerability fixes but hit with this issue. Since the PR is all ready can we expect a release
@Evalife @ashishth09 Did this solve your issue? i added keepsessioninfo to the config and its still having the same behavior
@sbsamaro no it didn't solve for me either
Same problem. Hope https://github.com/jaredhanson/passport/pull/941 could fix this.
const router = require('express').Router() const User = require('../models/user.model') const { body, validationResult } = require('express-validator') const passport = require('passport')
router.get('/login', ensureNotAuthenticated, async(req, res, next) => { res.render('login') }) router.post('/login', ensureNotAuthenticated, passport.authenticate('local', { successReturnToOrRedirect: '/', failureRedirect: "/auth/login", failureFlash: true }))
if for example a user tries to access a protected route, say 'auth/profile', he gets redirected to the log in page, but on successfully logging in, he gets redirected to the route specified in 'successReturnToOrRedirect'. I was using passport 0.4.1 and there, it redirected back to the previous protected route after the user has successfully logged in