Passportjs 防止注册后自动登录
Passportjs PREVENT auto-login after signing up
使用 passportjs 进行身份验证。当用户注册时,我希望出现一条消息,让他们知道他们现在可以使用他们的帐户登录。截至目前,注册还会记录它们,从而关闭我的通知:
- "You may now sign up"
- "You are already logged in"
和
- "welcome new user"
我该如何防止这种情况发生?我在 verifySignup() 结束时尝试了 req.logout(),但没有骰子。
我的路由器:
router.route('/login')
.get(function(req, res){
// If the user is already logged in, redirect them to the dashboard
if(req.isAuthenticated()) {
req.flash('alert', 'You are already logged in');
res.redirect('/');
} else {
// Otherwise, allow them to login
// Redirect them to the login pages
res.render('login',
{ host: req.baseUrl,
error: req.flash('error'),
success: req.flash('success'),
alert: req.flash('alert')
});
}
}).post(passport.authenticate('local-login', {
successRedirect: '/',
failureRedirect: '/login',
badRequestMessage: "You need to enter your username and password",
failureFlash: true // allow flash
})
);
router.route('/signup')
.get(function(req, res){
// If the user is already logged in, redirect them to the dashboard
if(req.isAuthenticated()) {
req.flash('alert', 'You must first log out before signing up for a new account');
res.redirect('/');
} else {
// Otherwise, allow them to signup
// Redirect them to the signup pages
res.render('signup',
{ host: req.baseUrl,
error: req.flash('error'),
success: req.flash('success'),
alert: req.flash('alert')
});
}
}).post(passport.authenticate('local-signup', {
successRedirect: '/login',
failureRedirect: '/signup',
badRequestMessage: "You must fill in all of the form fields.",
failureFlash: true // allow flash
})
);
两种防止自动登录的方法:
1. 在 passport.authenticate 中提供一个 optional callback。示例...
router.post('/signup', function(req, res, next) {
/* ... */
passport.authenticate('local-signup', function(err, user, info) {
if (err) { return next(err) }
if (!user) { return res.redirect('/signup') }
res.redirect('/login');
})(req, res, next);
});
注意:如果提供了回调,它将成为应用程序的
负责登录用户、建立会话以及以其他方式执行所需的操作。
在此示例中,不会发生登录和会话存储。因此自动登录被阻止。
2. 更简单的解决方案。使用选项 session: false 禁用会话。
.post(passport.authenticate('local-signup', {
successRedirect: '/login',
failureRedirect: '/signup',
badRequestMessage: "You must fill in all of the form fields.",
failureFlash: true, // allow flash,
session: false // prevent auto-login
})
使用此解决方案,会话实例中不会存储任何用户信息,因此重定向到 /login 会正确通知 "You may now log in with your account"。
使用 passportjs 进行身份验证。当用户注册时,我希望出现一条消息,让他们知道他们现在可以使用他们的帐户登录。截至目前,注册还会记录它们,从而关闭我的通知:
- "You may now sign up"
- "You are already logged in"
和
- "welcome new user"
我该如何防止这种情况发生?我在 verifySignup() 结束时尝试了 req.logout(),但没有骰子。
我的路由器:
router.route('/login')
.get(function(req, res){
// If the user is already logged in, redirect them to the dashboard
if(req.isAuthenticated()) {
req.flash('alert', 'You are already logged in');
res.redirect('/');
} else {
// Otherwise, allow them to login
// Redirect them to the login pages
res.render('login',
{ host: req.baseUrl,
error: req.flash('error'),
success: req.flash('success'),
alert: req.flash('alert')
});
}
}).post(passport.authenticate('local-login', {
successRedirect: '/',
failureRedirect: '/login',
badRequestMessage: "You need to enter your username and password",
failureFlash: true // allow flash
})
);
router.route('/signup')
.get(function(req, res){
// If the user is already logged in, redirect them to the dashboard
if(req.isAuthenticated()) {
req.flash('alert', 'You must first log out before signing up for a new account');
res.redirect('/');
} else {
// Otherwise, allow them to signup
// Redirect them to the signup pages
res.render('signup',
{ host: req.baseUrl,
error: req.flash('error'),
success: req.flash('success'),
alert: req.flash('alert')
});
}
}).post(passport.authenticate('local-signup', {
successRedirect: '/login',
failureRedirect: '/signup',
badRequestMessage: "You must fill in all of the form fields.",
failureFlash: true // allow flash
})
);
两种防止自动登录的方法:
1. 在 passport.authenticate 中提供一个 optional callback。示例...
router.post('/signup', function(req, res, next) {
/* ... */
passport.authenticate('local-signup', function(err, user, info) {
if (err) { return next(err) }
if (!user) { return res.redirect('/signup') }
res.redirect('/login');
})(req, res, next);
});
注意:如果提供了回调,它将成为应用程序的 负责登录用户、建立会话以及以其他方式执行所需的操作。
在此示例中,不会发生登录和会话存储。因此自动登录被阻止。
2. 更简单的解决方案。使用选项 session: false 禁用会话。
.post(passport.authenticate('local-signup', {
successRedirect: '/login',
failureRedirect: '/signup',
badRequestMessage: "You must fill in all of the form fields.",
failureFlash: true, // allow flash,
session: false // prevent auto-login
})
使用此解决方案,会话实例中不会存储任何用户信息,因此重定向到 /login 会正确通知 "You may now log in with your account"。