I hope someone can shed some light on my situation. The req.isAuthenticated() always returns false, after being called in an app.router endpoint, via fetch API. It appears, the connect.sid was not successfully passed on req arg when I do req.isAuthenticated()
Here is my current setup.
Login Route, which authenticates username and password, and returns connect.sid via cøøkíé value.
At this point, my Users Route should be able to access the protected route. which simply returns all users on the database.
My auth.PassportLocal.js which checks the value of req.isAuthenticated()
Now, when I call /dashboard/users the via fetch API
this returns isAuthenticated false, I tried to view the headers received from, /dashboard/users, however, I do not see any cøøkíés passed on my request.
Here is my index.js
What bothers me most, these current setup works on Postman without this type of challenge. It just I can not see what went wrong, why fetch API cannot pass the cøøkíé value from connect.sid
Any help or guide where to isolate this behavior better are highly appreciated.
Update:
Ito yung fetch API request, made in (You do not have permission to view the full content of this post. Log in or register now.')
Sa Postman (You do not have permission to view the full content of this post. Log in or register now.'):
TA
Here is my current setup.
Login Route, which authenticates username and password, and returns connect.sid via cøøkíé value.
JavaScript:
const express = require('express')
const router = express.Router()
const passport = require('passport')
...
router.post( '/authenticate', passport.authenticate('local'), ( req, res, next ) => {
res.status( 200 ).json({
'response': 'Welcome User',
'redirect' : '/dashboard'
})
})
...
module.exports = router
At this point, my Users Route should be able to access the protected route. which simply returns all users on the database.
JavaScript:
const express = require('express')
const router = express.Router()
const SimpleCmsUsers = require('../models/Users.models.js')
const authPassportLocal = require('../passport/auth.PassportLocal.js')
...
router.get( '/', authPassportLocal ,( req, res, next ) => {
console.log( req.headers )
console.log( req.body )
SimpleCmsUsers
.find({})
.then(( users ) => {
return res.status( 200 ).json( users )
})
.catch(( error ) => {
return res.status( 403 ).json( error )
})
})
...
module.exports = router
My auth.PassportLocal.js which checks the value of req.isAuthenticated()
JavaScript:
const authPassportLocal = ( req, res, next ) => {
console.log( req.headers ) // I do not see session has been passed on my request
console.log( req.body ) // empty
console.log('isAuthenticated', req.isAuthenticated() ) // log if isAuthenticated returns true.
if ( req.isAuthenticated() ) {
return next()
}
return res.redirect('/dashboard/login/index')
}
....
module.exports = authPassportLocal
JavaScript:
fetch( '/dashboard/users' , {
headers :{
'Content-Type' : 'application/x-www-form-urlencoded'
},
credentials: 'include',
})
.then(( response ) => response.json())
.then(( users ) => console.log( users ))
.catch(( error ) => console.log( error ))
Here is my index.js
JavaScript:
const express = require('express')
const session = require('express-session')
const flash = require('express-flash')
const cors = require('cors')
const passport = require('passport')
const LocalStrategy = require('passport-local').Strategy
const Users = require('./routes/Users.routes.js')
const Login = require('./routes/Login.routes')
const SimpleCmsUsers = require('./models/Users.models.js')
const app = express()
app.use( express.json() )
app.use( express.urlencoded({ extended: true }) )
app.use( cors({
origin: ['http://localhost:3001', 'http://localhost:3000'],
credentials: true
}) )
app.use( flash() )
app.use( session({
secret: 'EUE7J3lUE01xhmCGQt04S8PbsMpUE5JDcQj0fyS0cy73PQVDLM',
resave: true,
saveUninitialized: true
}))
app.use( passport.initialize() )
app.use( passport.session() )
passport.use( new LocalStrategy(
{
// passport-local option here ...
},
( username, password, done ) => {
try {
SimpleCmsUsers.find({ user_username : username, user_password : password }, function ( err, docs ) {
if ( !docs.length ) {
return done( null, false, { message: "User not found!" } )
}
return done( null, username )
})
}
catch( error ) {
return done( null, false, { message: error } )
}
}
))
passport.serializeUser(function( user, done ) {
done( null, user );
})
passport.deserializeUser(function( user, done ) {
done( null, user );
})
app.use('/dashboard/users', Users)
app.use('/dashboard/login', Login)
app.listen( PORT, () => console.log("Express JS is on port " + PORT) )
What bothers me most, these current setup works on Postman without this type of challenge. It just I can not see what went wrong, why fetch API cannot pass the cøøkíé value from connect.sid
Any help or guide where to isolate this behavior better are highly appreciated.
Update:
JavaScript:
npm run start // for react dev server running in port 3000
nodemon api/v1/index.js // for express api running in port 3001
Ito yung fetch API request, made in (You do not have permission to view the full content of this post. Log in or register now.')
JavaScript:
:
url /
headers {
host: 'localhost:3001',
connection: 'keep-alive',
pragma: 'no-cache',
'cache-control': 'no-cache',
'sec-fetch-dest': 'empty',
'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36',
dnt: '1',
'content-type': 'application/x-www-form-urlencoded',
accept: '*/*',
origin: 'http://localhost:3000',
'sec-fetch-site': 'same-site',
'sec-fetch-mode': 'cors',
referer: 'http://localhost:3000/dashboard/users',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-US,en;q=0.9,fil;q=0.8',
cøøkíé: 'connect.sid=s%3AJEG3MNSqtl33KqmHR2DhGlslnlkMKIPT.xsI%2F%2B82%2F1x8zTlq%2BkRN6aJVVbrauH8qv8jDhsrvNlbY'
}
body {}
user undefined
session Session {
cøøkíé: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true }
}
isAuthenticated false
Sa Postman (You do not have permission to view the full content of this post. Log in or register now.'):
JavaScript:
url /
headers {
'content-type': 'application/x-www-form-urlencoded',
'user-agent': 'PostmanRuntime/7.22.0',
accept: '*/*',
'cache-control': 'no-cache',
'postman-token': '443a064e-7909-43db-9783-79a6ba8bd4c5',
host: 'localhost:3001',
'accept-encoding': 'gzip, deflate, br',
cøøkíé: 'connect.sid=s%3AsvbYi_oxm4yqXTTa7S-N-3qAT6BdW5-u.QYFAXzayArpV1%2BDbjnwJ3fMMjpLzkM%2Fr9kIUCUCYscY',
connection: 'keep-alive'
}
body {}
user username
session Session {
cøøkíé: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true },
passport: { user: 'username' }
}
isAuthenticated true
TA
Last edited: