'isAuthenticated' returning false when config auth set to false

Question

'isAuthenticated' returning false when config auth set to false

Closed this issue 8 years ago · 9 comments

Hi,
This is not an issue, but more of a problem that I am facing since the past 2-3 days. Being new to node.js, hapi and hapi-auth-cookie, I followed wiki (read some old version tutorials too) and implemented hapi-auth-cookie to my server. However, I hit a dead end and I am not finding a solution to this. Let me explain my problem:
This is the setup:

// Set our server authentication strategy
    server.auth.strategy('session', 'cookie', true, {
        password: '#@%#@!%@!#%$^#$^#$^#$^%#$^DFGSDG342', // cookie secret
        cookie: 'drifters-cookie', // Cookie name
        clearInvalid: true,
        redirectTo: '/admin', //Unauthorizes req redirection
        isSecure: false, // required for non-https applications
        ttl: 24 * 60 * 60 * 1000
    });

And my routes which don't require an auth follow this kind of routing:

//homepage
    server.route({
        method: 'GET',
        path: '/',
        config: {
            auth: false,
            handler: function(request, reply){
                reply.view('index.html');
            }
        }
    });

My issue is arising in the following two routes:

//admin-home
    server.route({
        method: 'GET',
        path: '/admin-home',
        config:{
            handler: function(request, reply){

                reply.view('admin.html', {adminPage: 'true'}, { layout: 'clean' });

            }
        }
    });

    //admin page
    server.route({
        method: ['GET', 'POST'],
        path: '/admin',
        config: {
            auth: false,
            handler: function(request, reply) {
                if (request.auth.isAuthenticated) {
                    return reply.redirect('/admin-home');
                }

                let message = '';

                if (request.method === 'post') {
                    if(request.payload.email === 'sachin@drifters.in' && request.payload.password === 'admin') {
                        request.cookieAuth.set({id: 123, email: 'sachin@drifters.in', scope : 'admin'});
                        return reply.redirect('/admin-home');
                    } else {
                        message = 'Bad email or password';
                    }
                }
                if (request.method === 'get' || message) {
                    reply.view('admin-login.html', {adminPage: 'true'}, { layout: 'clean' });
                }

            }
        }
    });

Pardon my dumb question but if I am using auth: false on my /admin route, it is showing me the login form which is successfully redirecting me to /admin-home route. But the code

if (request.auth.isAuthenticated) {
                    return reply.redirect('/admin-home');
                }

should ideally automatically redirect me to /admin-home if I go to my /admin route and already authenticated. A little digging and it showed me that due to auth: false in /admin route, the value of request.auth.isAuthenticated is always false. But if I remove auth: false, I am unable to access the usual /admin route on a new session because of lack of cookie. Please guide me through this as I am still learning it.

I have another small doubt, what is the significance of validateFunc in the schema options and how is it helpful in a server setup?

Answer 1 · 2016-05-23T08:17:54.000Z

Minor bump

Answer 2 · 2016-06-22T04:44:46.000Z

I use:

auth: {mode: 'try'},
handler: function ....,
plugins: {
'hapi-auth-cookie': {
redirectTo: false
}
}

To work, try this.

Answer 3 · 2016-06-29T16:40:19.000Z

I try

  server.route({
    method: ['GET', 'POST'],
    path: '/login',
    config: {
      plugins: { 'hapi-auth-cookie': { redirectTo: false }, auth : {mode:'try', strategy: 'session'} }
    },
    handler: function (request, reply) {
      if (request.auth.isAuthenticated) { // always false
        return reply.redirect('/');
      }
    }
  });
});

But request.auth.isAuthenticated always returns false

Answer 4 · 2016-06-29T18:35:25.000Z

I think your code is wrong.

Why you does GET and POST in /login ? Get i think is only for render the page, and POST is to do authentication logic, I think you need to separate them.

This is my login route (only authenticate, the render is in another place):

`exports.login = {
auth: {mode: 'try'},
validate: {
payload: {
email: Joi.string().email().required(),
password: Joi.string().required()
}
},
handler: function(request, reply) {
User.find({email: request.payload.email}, (err, user) => {
if (err) {
return reply(Boom.badData('Internal MongoDB error', err));
}

  if (user.length > 0) {
    if (Bcrypt.compareSync(request.payload.password, user[0].password)) {
      request.cookieAuth.set(user);
      return reply('/');
    } else {
      return reply(Boom.unauthorized('Usuário ou senha inválidos', err));
    }
  } else if (user.length == 0) {
    return reply(Boom.unauthorized('Usuário não encontrado', err));
  }

  reply('/login');
});

},
plugins: {
'hapi-auth-cookie': {
redirectTo: false
}
}
};`

Answer 5 · 2016-06-29T18:42:42.000Z

I do not know how use tag code in github:

http://pastebin.com/0VaB5e4U

Answer 6 · 2016-06-29T18:44:16.000Z

If you does a xhr request, your server will not redirect, you will need to execute window.location.href in front-end.

Answer 7 · 2016-06-30T01:40:44.000Z

Hi rof20004
My /login route is working. On /index, request.auth.isAuthenticated returns true, but when requesting /login page, request.auth.isAuthenticated returns false. Separating my /login route can help resolving my problem?

Answer 8 · 2016-06-30T04:33:01.000Z

I think you can try =D

Answer 9 · 2020-01-09T02:18:24.000Z

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.