derbyparty / derby-login Goto Github PK
View Code? Open in Web Editor NEWAuth for Derby
Auth for Derby
I'm requiring derby-login components like so in my app app.use(require('derby-login/components/noAuth'));
.
In my templates, I use the views <view is="auth:login"></view>
and <view is="auth:register"></view>
, but when I click the login or register buttons it always calls the resetpassword route and I get an error on the front-end: "secret field missing".
I don't know if this is because resetpassword is the last component being loaded in noAuth and overwrites all of the other components:
module.exports = function(app, options) {
app.component(require('./login'));
app.component(require('./recoverPassword'));
app.component(require('./register'));
app.component(require('./resetPassword'));
};
derby version: ^0.10.3
getUserByEmail
transfroms the email to lower case.
But registration doesn't transform email to lower case.
So it is possible to register [email protected] and then [email protected]
Hi,
Switching from version 0.2 to 0.3 the login module seems to not accept the urlWhiteList
in the configuration object (which was added with pull request #10 ).
Is it intended to be this way?
Would it be possibile to get that behaviour back?
Thanks for your work!
I took clean derby-login-example application and made one successfull registration (with email). In MongoDB I had one unconfirmed 'local' account.
After that I tried to register with new email. It caused registration providerExists error: 'User is already registered with this provider'.
After successfull confirmation of first account this error disappeared.
Could you help or explain me this issue?
Hello.
In config/login.js I overrided request hook, for example:
hooks :{
request: function(req, res, userId, isAuthenticated, done) {
//denide work resourse for all not authenticated users
var work_url = config.WORK_URL;
if (!isAuthenticated && req.url.substring(0, work_url.length) == work_url){
return res.redirect(this.options.loginUrl);
};
if (false && !isAuthenticated && req.method === 'GET' &&
req.url !== this.options.confirmRegistrationUrl &&
req.url !== this.options.loginUrl &&
req.url !== this.options.registrationConfirmedUrl &&
req.url.indexOf(this.options.recoverPasswordUrl) !== 0 &&
req.url.indexOf('/auth/') !== 0) {
return res.redirect(this.options.loginUrl);
};
done();
}, ...
When I make request in http://localhost:5555/work/smthsubres it works (in this case I wrote url in browser's url field).
But if I have got link on my root page like
<a href="/work/smthsubres">work link</a>
and use it, in this case hook don't works and not-authenticated users must to make requests in work resourse.
Could you explain, I do something wrong? Or it is lib's bug or feature?
zhe@zhe-X550CL:~/projects/nodes/derby-login-example$ npm start
[email protected] start /home/zhe/projects/nodes/derby-login-example
node server.js
Master pid 28526
/home/zhe/projects/nodes/derby-login-example/server.js:38
app.writeScripts(store, publicDir, {extensions: ['.coffee']}, function(e
^
TypeError: Object # has no method 'writeScripts'
at bundleApp (/home/zhe/projects/nodes/derby-login-example/server.js:38:11)
at /home/zhe/projects/nodes/derby-login-example/node_modules/async/lib/async.js:125:13
at Array.forEach (native)
at _each (/home/zhe/projects/nodes/derby-login-example/node_modules/async/lib/async.js:46:24)
at Object.async.each (/home/zhe/projects/nodes/derby-login-example/node_modules/async/lib/async.js:124:9)
at /home/zhe/projects/nodes/derby-login-example/server.js:30:11
at module.exports (/home/zhe/projects/nodes/derby-login-example/server/express.js:49:3)
at /home/zhe/projects/nodes/derby-login-example/server.js:25:3
at Racer.Derby.run (/home/zhe/projects/nodes/derby-login-example/node_modules/derby/lib/Derby.server.js:14:5)
at Object. (/home/zhe/projects/nodes/derby-login-example/server.js:9:7)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:906:3
The wrong way, redirect by default to "/login" for all queries.
// Request hook executes on every request before it goes to app, it's good place
// to restrict access to some urls
request: function(req, res, userId, isAuthenticated, done) {
// Redirect all unAuth GET requests to loginUrl
if (!isAuthenticated && req.method === 'GET' &&
req.url !== this.options.confirmRegistrationUrl &&
req.url !== this.options.loginUrl &&
req.url !== this.options.registrationConfirmedUrl &&
req.url.indexOf(this.options.recoverPasswordUrl) !== 0 &&
req.url.indexOf('/auth/') !== 0) {
return res.redirect(this.options.loginUrl);
}
done();
},
Привет.
Здесь показано как инициировать RPC но без авторизации пример не полный, можно ли как-то вытащить сессию и текущего пользователя из client
?
I have this route:
app.get '/', (page, model, params, next) ->
user = model.get '_session.user'
# ...
When page is rendered on the client side user
is undefined.
@vmakhaev can you help me with this issue?
Hi,
I found a strange behaviour when my login is autofill by the browser.
Basically when the page is loaded and the browser (firefox 35.0.1) fills the user and password for me.
If I click the Login
button right away the "missing credentials" error is given to me.
On the server side I receive email
and password
as undefined
.
I believe this is because the model didn't received the input by the user, so data[field] = this.model.get(field)
in the base
class returns undefined
.
The strange thing is that if I than remove both fields, start typing the user and select the one I want from the browser saved credentials dropdown, and the browser fills up the fields for me, then I can succesfully login - even though I didn't filled up the password at all, and I partially filled the email field.
To solve this behaviour I tried to get the field data directly from the dom, with somehting like data[field] = this.model.get(field) || this.dom.getElementById(field).value
, but there's no such function, as I didn't find other functions which allows me to get a dom element refence from the dom
object inside a component.
Any Idea? Is it happening only to me?
Thanks a lot!
Cheers
Hi @vmakhaev,
As a further enhancement I would suggest to use scrypt instead of bcrypt. At the moment it seems the best choince for password hashing against software and hardware cracking.
Of course this is not a necessary change, just the cherry on the top of the cake ;)
When I'll have a little bit of time, I'll try to make a pull request if you didn't do it yet.
Thanks again for all your work!
Cheers, M.
This issue is for discussion more than an issue itself.
About the error handling, I think would be better to use our Error class with two data fields: type and message.
This would allow us to check which kind of error we receive from the API against predefined keywords, instead of checking strings as we need to do now, which would allow us to support localization in errors more easily.
If you agree I may do a PR to be discussed.
As I can see, route '/auth/login'
(https://github.com/derbyparty/derby-login/blob/master/lib/routes.js#L35) provides custom callback for passport.authenticate
. As a result, after success login, I'm getting to /
instead of what I've set in options.passport.successRedirect
.
Is it possible to define custom redirect urls after having logged in with a provider?
Example: To login, now I send the user to "/auth/facebook". After they have logged in I'd like to send them to different locations based on the situation.
I can't simply define a session variable before they reach /auth/facebook, and then read it after login, because the login process changes the session id (and therefore the session is lost after login).
Ideally I could define a redirect url by sending the users to "/auth/facebook?redirect=%2Fmy-fancy-redirect" and derby-login would handle it for me.
Hello,
I am using GitHub OAuth on derby-login v1.1.1 . Authentication seems to work correctly after I access /auth/github
. However, logging out does not seem to work. I tried /auth/logout
and /auth/github/logout
. None of these seem to set _session.loggedIn
to false or delete it.
I noticed that the logout function deletes the user id on the Express session object
Line 2 in 074eac3
model.get("_session");
Am I missing something? Any suggested ways to achieve logging out? Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.