Is the user consistently experiencing redirection to a failure page with passport?

Question

Is the user consistently experiencing redirection to a failure page with passport?

I've been struggling with the user login redirection issue on my website. No matter what changes I make, it keeps redirecting to failure instead of success. I'm not sure if I missed something or did something wrong. The documentation for passport was confusing for me when I tried reading it. If you need to review the rest of the code, here is the link to my GitHub repository: https://github.com/gego144/to-do-list-website/tree/main

const customFields = {
    usernameField: 'email',
    passwordField: 'password'
}

const verifyCallback = (username, password, done) => {
          user_exists = userName_Checker(username), function (err, user) {
            if (err) { return done(err); }
            if (userName_Checker(username) == false) {
                console.log('wrong user');
              return done(null, false, { message: 'Incorrect username.' });
            }
            if (password_finder(username, password)) {
                console.log('wrong pass');
              return done(null, false, { message: 'Incorrect password.' });
            }
            console.log('wtf');
            return done(null, user);
          };  
      ;

}

const strategy = new LocalStrategy(customFields, verifyCallback);

passport.use(strategy);

passport.serializeUser(function(user, done) {
    done(null, user);
});


passport.deserializeUser(function(id, done) {
    User.findById(id, function(err, user) {
      done(err, user);
    });
});


// function that checks if the user's email is in the database
function userName_Checker(email_name){
    
    var sql = "select * from info where email = ?";
    var user_email = [[email_name]];

    db.query(sql, [user_email],function (err,result){
        if (err) throw err;
        var not_unique = result.length;
        if(not_unique == 0){
            return false;
        }
        else{
            return true;
        }
    }
    )}


// function that checks if the password in the database matches the email
function password_finder(email_name, pass){
    var sql = "SELECT password FROM info WHERE email = ?";
    var user_email = [[email_name]];
    db.query(sql, [user_email],function (err,result){
        if (err) throw err;
        
        bcrypt.compare(result, pass, function(err, res){
            if(err){ throw err};
            if(res){
                return true;
            }
            else{
                return false;
            }
        })
    }
)}

This is the post method in my other file:

app.post('/login', passport.authenticate('local', {
    successRedirect: '/',
    failureRedirect:'/index.html',
    failureFlash: true
}))

Edit 1. I also noticed that the console logs in the verify Callback function are not logging anything for some reason.

mysql node.js express passport.js bcrypt

Answer 1

Answer №1

There may be an issue with the serialization logic in your code.

When using passport.serializeUser, you are passing the entire user object, but during deserialization, only the id is passed.

Although I am not utilizing SQL, the concept should remain similar.

Here is how the code should look:

//  Session
// Pass the user id to keep session data minimal
passport.serializeUser((id, done) => {
    done(null, id);
});

// Deserialize when necessary by querying the DB for complete user details
passport.deserializeUser(async (id, done) => {
    try {

        const user = await User_DB.findById(id);
        done(null, user);
    } catch (err) {

        console.error(`Error Deserializing User: ${id}: ${err}`);
    }

});

// Exporting the passport module
module.exports = (passport) => {

    passport.use(new LocalStrategy({ usernameField: 'email', }, async (email, password, done) => {

        try {

            // Find the user 
            const userData = await User_DB.findOne({ email: email, }, { 
            password: 1, }); 

            // If user does not exist
            if (!userData) {

                return done(null, false);
            }

            // Hash and compare passwords
            const passMatch = await bcrypt.compare(password, userData.password);

            // If passwords do not match
            if (!passMatch) {
                return done(null, false);
            }

            // Return user id on success
            return done(null, userData.id);

        } catch (err) {
            passLog.error(`Login Error: ${err}`);
        }

    }));
};

These passport options seem to encounter issues frequently or display abnormal behavior, so I recommend handling redirection logic as seen in my controller.

{ successRedirect: '/good',
 failureRedirect: '/bad' }

Login controller logic: (Omitted session storage code and made modifications, but this code should suffice)

const login = (req, res, next) => {

    //Using passport-local
    passport.authenticate('local', async (err, user) => {


        //If user object does not exist, login failed
        if (!user) { return res.redirect('/unauthorized'); }


        //Successful login
        req.logIn(user, (err) => {

            if (err) { return res.status(401).json({ msg: 'Login Error', }); }

            // Send response to frontend
            return res.redirect('/good');
        });

      
        });
    })(req, res, next);


};

The actual route:

//  Import the controller
const {login} = require('../controllers/auth');

// Implement in the route
router.post('/auth/login', login);

Answer 2

There may be an issue with the serialization logic in your code.

When using passport.serializeUser, you are passing the entire user object, but during deserialization, only the id is passed.

Although I am not utilizing SQL, the concept should remain similar.

Here is how the code should look:

//  Session
// Pass the user id to keep session data minimal
passport.serializeUser((id, done) => {
    done(null, id);
});

// Deserialize when necessary by querying the DB for complete user details
passport.deserializeUser(async (id, done) => {
    try {

        const user = await User_DB.findById(id);
        done(null, user);
    } catch (err) {

        console.error(`Error Deserializing User: ${id}: ${err}`);
    }

});

// Exporting the passport module
module.exports = (passport) => {

    passport.use(new LocalStrategy({ usernameField: 'email', }, async (email, password, done) => {

        try {

            // Find the user 
            const userData = await User_DB.findOne({ email: email, }, { 
            password: 1, }); 

            // If user does not exist
            if (!userData) {

                return done(null, false);
            }

            // Hash and compare passwords
            const passMatch = await bcrypt.compare(password, userData.password);

            // If passwords do not match
            if (!passMatch) {
                return done(null, false);
            }

            // Return user id on success
            return done(null, userData.id);

        } catch (err) {
            passLog.error(`Login Error: ${err}`);
        }

    }));
};

These passport options seem to encounter issues frequently or display abnormal behavior, so I recommend handling redirection logic as seen in my controller.

{ successRedirect: '/good',
 failureRedirect: '/bad' }

Login controller logic: (Omitted session storage code and made modifications, but this code should suffice)

const login = (req, res, next) => {

    //Using passport-local
    passport.authenticate('local', async (err, user) => {


        //If user object does not exist, login failed
        if (!user) { return res.redirect('/unauthorized'); }


        //Successful login
        req.logIn(user, (err) => {

            if (err) { return res.status(401).json({ msg: 'Login Error', }); }

            // Send response to frontend
            return res.redirect('/good');
        });

      
        });
    })(req, res, next);


};

The actual route:

//  Import the controller
const {login} = require('../controllers/auth');

// Implement in the route
router.post('/auth/login', login);

Is the user consistently experiencing redirection to a failure page with passport?

Answer №1

Similar questions

What solutions are available to resolve the routing problem in React.js?

Tips for ensuring that req.query only accepts date formats in the format yyyy-mm-dd

Error encountered: `npm ERR! code E503`

retrieving information from the database and passing it to the controller

Does npm-check-updates have the ability to lock specific dependencies during the execution of ncu -ua command?

Is there a way for me to access the user's gender and birthday following their login using their Google account details?

Forwarding the geographic coordinates directly to the system's database

Getting a URL path in Next.js without relying on the Link component when the basePath is configured

Express not receiving data from HTML form submission

Deliver feedback from NodeJS Server to JavaScript on the client side

Why won't the infowindow close when I press the close button in the markercluster of Google Maps API v3?

How can I convert a string to an integer in Node.js/JavaScript in terms of cardinality?

What is the method for accessing an anonymous function within a JavaScript Object?

The only thing you can see in MongoDB output is the objectid

The Yarn Start Command encountered a hiccup and exited with error code 1

Troubleshooting problem with cookies in express-session

The system was unable to locate node.js with socket.io

Ways to utilize Pub / Sub Notifications for Cloud Storage

When the disk space is insufficient, the createWriteStream function will not trigger an error event if the file is not completely written

What is the process for adding pictures and information to a MySQL database through PHP?