7

I haven't been able to track this down, but for my set up, isAuthenticated always returns false even after a successful login. Here's the passport code:

req.isAuthenticated = function() {
  var property = 'user';
  if (this._passport && this._passport.instance._userProperty) {
    property = this._passport.instance._userProperty;
  }

  return (this[property]) ? true : false;
};

But in a quick look around I don't see the _userProperty proeprty anywhere in the local strategy (sorry if I didn't look hard enough), so I suppose that might be why it's always returning false?

I'd leave a code sample of my application code, but I feel it's probably easier to have a quick look at the repo for my work in progress: passport api token sessionless

Ultimately, my goal is to have logout work properly for that boilerplate project (which it currently it doesn't).

laggingreflex
  • 32,948
  • 35
  • 141
  • 196
Rob
  • 4,093
  • 5
  • 44
  • 54

2 Answers2

8

I guess you forgot to put: req.login(...) inside passport.authenticate('local', function(...){}).

See here (at the end of the page)

inspector-g
  • 4,146
  • 2
  • 24
  • 33
  • The link given says nothing about calling login(). In fact it says Authenticate already calls it."Note: passport.authenticate() middleware invokes req.login() automatically. This function is primarily used when users sign up, during which req.login() can be invoked to automatically log in the newly registered user." – Epirocks Sep 13 '17 at 23:31
2

Apologies if my original question is not that useful in the first place, but...

I found that my combination of passport, passport-local, and passport-local-mongoose, a solution was to simply create an invalidation method on my mongoose Schema (that has the passportLocalMongoose "plugged in", and when my /logout route gets hit I essentially remove that user's token. Here's that method:

Account.statics.invalidateUserToken = function(email, cb) {
    var self = this;
    this.findOne({email: email}, function(err, usr) {
        if(err || !usr) {
            console.log('err');
        }
        usr.token = null;
        usr.save(function(err, usr) {
            if (err) {
                cb(err, null);
            } else {
                cb(false, 'removed');
            }
        });
    });
};

I presume it's more interesting to see this in context so again please feel free to refer to the repo listed in question...hope this helps someone.

Also, if a core from one of the aformentioned libs wants to suggest a better way I'd of course love to refactor my code to make it idiomatic; if not, this approach seemed to work.

Rob
  • 4,093
  • 5
  • 44
  • 54