我正在尝试为我的网站构建身份验证系统,我正在使用express来构建服务器,并使用passport本地策略进行身份验证,
let passport = require("passport");
let LocalStrategy = require("passport-local").Strategy;
let session = require("express-session");
app.use(session({ secret: "super secret" }));
app.use(passport.initialize());
app.use(passport.session());
passport.use(
new LocalStrategy(function (username, password, done) {
User.findOne({ username: username }, function (err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false);
}
return done(null, user);
});
})
);
当我注册时,一切都正常,散列密码保存在数据库中:
app.post("/signup", async (req, res) => {
let { fullname, email, username, password } = req.body;
let user = new User({ fullname, email, username });
await User.register(user, password);
res.redirect("/login");
});
但当我尝试登录时,如果用户名存在,则用户登录,而不考虑密码:
app.post(
"/login",
passport.authenticate("local", {
failureFlash: true,
failureRedirect: "/login",
}),
async (req, res) => {
let user = await User.findById(req.user._id);
if (user.lastLogin === undefined) {
await User.updateOne({ _id: user._id }, { lastLogin: Date.now() });
res.redirect("/final-step");
}
res.redirect("/hi");
}
);
希望能帮助我,谢谢
我通过替换以下代码解决了问题:
passport.use(
new LocalStrategy(function (username, password, done) {
User.findOne({ username: username }, function (err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false);
}
return done(null, user);
});
})
);
发件人:
passport.use(new LocalStrategy(User.authenticate()));
我遇到了同样的问题,我通过添加解决了它
{ strictQuery: false }
在这样的模式中:
new Schema({}, {
strictQuery: false
})
之后它返回正确的值