search

jfromaniello / passport.socketio

access passport.js authenticated user information from socket.io connection
655 stars 81 forks source link

Express.io socket.io - inflating req passport information after successful authentication #90

Open joelhoward0 opened 9 years ago

joelhoward0 commented 9 years ago

I'm trying to set up Passport socket authentication alongside http authentication, using express.io's built in support for joined socket/http sessions. (express-io uses socket 0.9.16)

I'm not actually sure what I should expect here - after authenticating my socket connection, on subsequent messages, should I expect req[session] to be populated? Should I expect req to have the same passport-added members that http's req has (req.isAuthenticated, req.logout)? If so, I'm not sure what I'm doing wrong. If not, do you have any suggestions on how to make this 'inflation' happen?

Code below. Thanks!

 var express = require('express.io'),
       app = express(),
       passport = require('passport'),
       store = new express.session.MemoryStore(),
       LocalStrategy = require('passport-local').Strategy,
       passportSocketIo = require('passport.socketio');
app.http().io();

...

app.use(express.cookieParser());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(express.session({store: store, secret: 'never tell aynone this deathly surprise'}));
app.use(passport.initialize());
app.use(passport.session({store: store, secret: 'tellnever tell aynone this deathly surprise'}));

app.io.configure(function() {
  app.io.set('authorization', passportSocketIo.authorize({
    cookieParser: express.cookieParser,
    key: 'connect.sid',
    secret: 'never tell aynone this deathly surprise',
    passport: passport,
    store: store,
    success: function(data, accept) {
      -- this is being called correctly after the user has logged in and attemped a socket connection. data looks correct, has the user data from passport
      console.log('success');
      accept(null, data);
    }
  }));
});

...

app.post('/login', passport.authenticate('local'), function(req, res) {
  console.log('authenticated successfully');
  res.send('authenticated successfully');
});

app.get('/check', function(req, res) {
  -- here, req.session is populated and req has the methods that Passport adds (such as isAuthenticated, logout)
  console.log('checking http');
});

app.io.route('check', function(req) {
  -- here, req.session is null. req.sessionID is correct, and I can see the session object serialized in my store, but it's not populated on req.
  console.log('checking socket');
});

(I don't see any errors)

jfromaniello commented 9 years ago

I'm not familiar with express-io and I don't understand this code:

app.io.route('check', function(req) {
  -- here, req.session is null. req.sessionID is correct, and I can see the session object serialized in my store, but it's not populated on req.
  console.log('checking socket');
});

What you should expect after succesful authentication is that the browser can send events to the server, and that the server is listening to those events.