我尝试使用本地身份验证,但收到错误消息"登录无效"。
- 我从客户端发送"本地"身份验证。服务器上接收的数据
{ strategy: 'local',
email: 'email@gmail.com',
password: '123' },
{ query: {},
provider: 'socketio',
headers: {},
session: {},
cookies: {} }
在身份验证中.js
module.exports = function (app) {
const config = app.get('authentication');
// Set up authentication with the secret
app.configure(authentication(config));
app.configure(jwt());
app.configure(local());
app.configure(oauth2(Object.assign({
name: 'auth0',
Strategy: Auth0Strategy
}, config.auth0)));
app.service('authentication').hooks({
before: {
create: [
(data)=>{console.log('auth',data.arguments)},
authentication.hooks.authenticate(config.strategies),
],
remove: [
authentication.hooks.authenticate('jwt')
]
}
});
};
- 服务器在数据库中查找记录并返回查询结果
{ id: 1,
email: 'email@gmail.com',
password:
'$2a$13$t2XZsqu/0t5jKSdbRUyZTOVOoZJVtiha3sN/Z8N0O190Z0DUJj70O',
auth0Id: null,
isVerified: null,
verifyToken: 'string',
verifyExpires: null,
resetToken: 'string',
resetExpires: null,
createdAt: 2019-04-14T22:04:52.000Z,
updatedAt: 2019-04-14T22:04:52.000Z }
- 之后,它尝试比较密码的 hahs,但收到的密码的哈希不等于查询结果中的密码。收到的密码与结果哈希中的当前时间相结合。
如何在羽毛中使用本地身份验证?
UPD
来自 default.json 的配置
"authentication": {
"secret": "my secret key here",
"strategies": [
"jwt",
"local"
],
"path": "/authentication",
"service": "users",
"jwt": {
"header": {
"typ": "access"
},
"audience": "https://yourdomain.com",
"subject": "anonymous",
"issuer": "feathers",
"algorithm": "HS256",
"expiresIn": "1d"
},
"local": {
"entity": "user",
"usernameField": "email",
"passwordField": "password"
},
"auth0": {
"clientID": "your auth0 client id",
"clientSecret": "your auth0 client secret",
"successRedirect": "/",
"domain": "mydomain.auth0.com",
"scopes": [
"profile"
]
}
}
实际上,bcrypt(由羽毛内部用于散列(正在使用盐来散列我们的密码,这就是为什么您每次对同一字符串都会得到不同的结果。