Open jslhcl opened 4 years ago
Hi, I am not sure whether this is an issue, details as follows, the following code always fails the authentication (i.e., 'Verification function is called' is never shown in console):
const express = require('express') const path = require('path') const passport = require('passport') const Strategy = require('passport-local').Strategy const port = 30000 passport.use(new Strategy( function(username, password, cb) { console.log('Verification function is called'); return cb(null, {username, id: '1'}); } )); var app = express(); app.use(passport.initialize()); app.use(passport.session()); app.get('/', (req, res) => res.send('Hello world!')); app.get('/login.html', (req, res) => res.sendFile(path.join(__dirname, '/login.html'))); app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login.html' })); app.listen(port, () => console.log(`Example app listening on port ${port}`));
here is the static file 'login.html':
<html> <head> <title>login</title> </head> <body> <form action="/login" method="post"> <div> <label>Username:</label> <input type="text" name="username"/> </div> <div> <label>Password:</label> <input type="password" name="password"/> </div> <div> <input type="submit" value="Log In"/> </div> </form> </body> </html>
After debug, I found the problem is in Strategy.prototype.authenticate, passport-local/lib/strategy.js, specially, this line:
return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);
And I add a log before this return such as:
console.log('here!!! body:' + req.body + ' query: ' + req.query + ' usernameField: ' + this._usernameField + ' passwordField:' + this._passwordField);
and here is the result:
here!!! body:undefined query: [object Object] usernameField: username passwordField:password
But actually, from fiddler, the request body is not null:
POST http://xxx:30000/login HTTP/1.1 Host: xxx:30000 Connection: keep-alive Content-Length: 25 Cache-Control: max-age=0 Origin: http://xxx:30000 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://xxx:30000/login.html Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,ar;q=0.8,zh-CN;q=0.7,zh;q=0.6 Cookie: connect.sid=s%3AU9HkxMCRQJutHorlDOveMi91T8CngKVs.MNuCBvMhY7KAb%2Fmvn0oMbga8GFfYWrMeUeL8Bu1RMiw username=adf&password=adf
Looks the request body is never populated to the passport library. Could you please take a look? Thanks!
Hi, I am not sure whether this is an issue, details as follows, the following code always fails the authentication (i.e., 'Verification function is called' is never shown in console):
here is the static file 'login.html':
After debug, I found the problem is in Strategy.prototype.authenticate, passport-local/lib/strategy.js, specially, this line:
return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);And I add a log before this return such as:
console.log('here!!! body:' + req.body + ' query: ' + req.query + ' usernameField: ' + this._usernameField + ' passwordField:' + this._passwordField);and here is the result:
here!!! body:undefined query: [object Object] usernameField: username passwordField:password
But actually, from fiddler, the request body is not null:
Looks the request body is never populated to the passport library. Could you please take a look? Thanks!