-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api/auth/login always shows "Unauthorized" response when invalid email/password is used #24
Comments
I get the same thing as well. When I test it out by using the actual front end form, it works and returns a jwt. |
@jamesjsewell When I use the correct login and password then I too get the correct response with JWT and all but with invalid login credentials "Unauthorized" is coming. |
yeah me too. It's because the login route is actually returning a jwt that goes into the user's cookies. The jwt is read by looking in the cookies for a cookie named 'token'. This token can then be used when requesting info from routes. That's why you won't receive anything from postman |
This behavior is also documented in the tests just run |
@Ineedcode ************* AUTH REGISTRATION ************* ************* AUTH LOGIN ************* |
@ketanbhardwaj What is your requirement or what would like to expect (http code, body) from wrong credentials? In my opinion 401 is fine because you didn't want to tell the user that either this user is existing or not an invalid password. |
@Ineedcode const localLogin = new LocalStrategy(localOptions, (email, password, done) => {
}); |
Hi everyone, Sorry, I have been busy. Take a look at the custom callback section of the Passport docs: http://passportjs.org/docs This can be implemented, I just didn't do it here (yet). I'd be open to a PR if anyone had the time. Thanks, Josh |
@joshuaslate |
I got this issue as well, worked in front end but doesn't work in postman, I even passed the Test in the header, still got unauthorized. Need Help. |
I have the same issue. |
Hey, I was able to solve this in my new starter, which uses Koa instead of Express. I would imagine the implementation would be similar, if you care to take a look: https://github.com/joshuaslate/mkrn-starter |
Had the same issue, got this to work using the custom callbacks passport docs. router.post('/login', (req, res) => {
passport.authenticate('local', (err, user, info) => {
if (err) {
return res.status(500).send();
}
if (!user && info) {
return res.status(422).send(info);
}
// do something here and send back a res.json()
})(req, res);
}); |
had the same issue tried everything above |
This recently happened with one of my junior and what he did wrong was: instead of There is a missing "e" in failureRedirect and failureFlash and so when a wrong credential is entered the callback doesn't know where to go so it returns "UNAUTHORIZED" with a code 401. There might be some similar errors in yours also. |
I also had the same issue, but while registering. I solved it by replacing This With this
|
try this |
I getting unauthorized although i am using User.authenticate() app.use(require("express-session")({ app.use(passport.initialize()) passport.use("local",new LocalStrategy({usernameField:"emailid"},Student.authenticate())) passport.serializeUser((user,done)=>{
})
}) app.use(require('connect-flash')()); app.use(studentRoutes) app.listen(3000, () => { |
login with passport local strategy's request body must be only Body Request{
"username": "[email protected]",
"password": "your_password"
} Response from APIMy Auth Serviceimport { Injectable } from "@nestjs/common";
import { UsersService } from "../../users/services/users.service";
@Injectable()
export class AuthService {
constructor(
// @Inject(forwardRef(UsersService))
private usersService: UsersService,
) {}
async validateUser(email: string, password: string) {
const user = await this.usersService.findByEmail(email);
if (user?.password === password) {
return user;
}
// throw new UnauthorizedException("Email or Password is incorrect");
return null;
}
} My Auth Controllerimport { ClassSerializerInterceptor, Controller, Post, Request, UseGuards, UseInterceptors } from "@nestjs/common";
import { User } from "../../../users/entities/user.entity";
import { LocalAuthGuard } from "./../../guards/local-auth.guard";
@UseInterceptors(ClassSerializerInterceptor)
@Controller("auth")
export class AuthController {
@UseGuards(LocalAuthGuard)
@Post("login")
async login(@Request() req: { user: User }) {
return req.user;
}
} My Local Strategy file import { AuthService } from "../service/auth.service";
import { Injectable, UnauthorizedException } from "@nestjs/common";
import { PassportStrategy } from "@nestjs/passport";
import { Strategy /*as Local*/ } from "passport-local";
@Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
constructor(private authService: AuthService) {
super();
}
async validate(email: string, password: string): Promise<any> {
const user = await this.authService.validateUser(email, password);
if (!user) {
throw new UnauthorizedException("Username or Password is invalid");
}
return user;
}
} |
When I try to pass wrong email/password then the user.comparePassword function in passport.js always returns "Unauthorized" as response. I could not find any way to fix it. Can you help me with this?
The text was updated successfully, but these errors were encountered: