'isAuthenticated' returning false when config auth set to false
Closed this issue · 9 comments
Hi,
This is not an issue, but more of a problem that I am facing since the past 2-3 days. Being new to node.js, hapi and hapi-auth-cookie, I followed wiki (read some old version tutorials too) and implemented hapi-auth-cookie to my server. However, I hit a dead end and I am not finding a solution to this. Let me explain my problem:
This is the setup:
// Set our server authentication strategy
server.auth.strategy('session', 'cookie', true, {
password: '#@%#@!%@!#%$^#$^#$^#$^%#$^DFGSDG342', // cookie secret
cookie: 'drifters-cookie', // Cookie name
clearInvalid: true,
redirectTo: '/admin', //Unauthorizes req redirection
isSecure: false, // required for non-https applications
ttl: 24 * 60 * 60 * 1000
});
And my routes which don't require an auth follow this kind of routing:
//homepage
server.route({
method: 'GET',
path: '/',
config: {
auth: false,
handler: function(request, reply){
reply.view('index.html');
}
}
});
My issue is arising in the following two routes:
//admin-home
server.route({
method: 'GET',
path: '/admin-home',
config:{
handler: function(request, reply){
reply.view('admin.html', {adminPage: 'true'}, { layout: 'clean' });
}
}
});
//admin page
server.route({
method: ['GET', 'POST'],
path: '/admin',
config: {
auth: false,
handler: function(request, reply) {
if (request.auth.isAuthenticated) {
return reply.redirect('/admin-home');
}
let message = '';
if (request.method === 'post') {
if(request.payload.email === 'sachin@drifters.in' && request.payload.password === 'admin') {
request.cookieAuth.set({id: 123, email: 'sachin@drifters.in', scope : 'admin'});
return reply.redirect('/admin-home');
} else {
message = 'Bad email or password';
}
}
if (request.method === 'get' || message) {
reply.view('admin-login.html', {adminPage: 'true'}, { layout: 'clean' });
}
}
}
});
Pardon my dumb question but if I am using auth: false on my /admin route, it is showing me the login form which is successfully redirecting me to /admin-home route. But the code
if (request.auth.isAuthenticated) {
return reply.redirect('/admin-home');
}
should ideally automatically redirect me to /admin-home if I go to my /admin route and already authenticated. A little digging and it showed me that due to auth: false in /admin route, the value of request.auth.isAuthenticated is always false. But if I remove auth: false, I am unable to access the usual /admin route on a new session because of lack of cookie. Please guide me through this as I am still learning it.
I have another small doubt, what is the significance of validateFunc in the schema options and how is it helpful in a server setup?
Minor bump
I use:
auth: {mode: 'try'},
handler: function ....,
plugins: {
'hapi-auth-cookie': {
redirectTo: false
}
}
To work, try this.
I try
server.route({
method: ['GET', 'POST'],
path: '/login',
config: {
plugins: { 'hapi-auth-cookie': { redirectTo: false }, auth : {mode:'try', strategy: 'session'} }
},
handler: function (request, reply) {
if (request.auth.isAuthenticated) { // always false
return reply.redirect('/');
}
}
});
});
But request.auth.isAuthenticated always returns false
I think your code is wrong.
Why you does GET and POST in /login ? Get i think is only for render the page, and POST is to do authentication logic, I think you need to separate them.
This is my login route (only authenticate, the render is in another place):
`exports.login = {
auth: {mode: 'try'},
validate: {
payload: {
email: Joi.string().email().required(),
password: Joi.string().required()
}
},
handler: function(request, reply) {
User.find({email: request.payload.email}, (err, user) => {
if (err) {
return reply(Boom.badData('Internal MongoDB error', err));
}
if (user.length > 0) {
if (Bcrypt.compareSync(request.payload.password, user[0].password)) {
request.cookieAuth.set(user);
return reply('/');
} else {
return reply(Boom.unauthorized('Usuário ou senha inválidos', err));
}
} else if (user.length == 0) {
return reply(Boom.unauthorized('Usuário não encontrado', err));
}
reply('/login');
});
},
plugins: {
'hapi-auth-cookie': {
redirectTo: false
}
}
};`
I do not know how use tag code in github:
If you does a xhr request, your server will not redirect, you will need to execute window.location.href in front-end.
Hi rof20004
My /login route is working. On /index, request.auth.isAuthenticated returns true, but when requesting /login page, request.auth.isAuthenticated returns false. Separating my /login route can help resolving my problem?
I think you can try =D
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.