问题描述
我正在尝试学习如何使用护照、护照本地、护照本地猫鼬、快速会话。 我想要的是当密码不正确时,应该呈现 login.ejs。但是,它显示一条消息“未经授权”,而不是呈现 login.ejs。我无法弄清楚我哪里出错了或者我应该在哪里进行更改以便页面呈现 login.ejs 。
login.ejs (表单验证我使用了 bootstrap v5.0)
<%-include("partials/header.ejs")%>
<div class="sign-heading"><h1>Login</h1></div>
<div class="sign">
<form action="/login" method="POST" class="needs-validation" novalidate>
<div class="mb-3">
<label for="InputUsername" class="form-label">Username</label>
<% if (!exists) { %>
<input type="text" class="form-control is-invalid" id="InputUsername" name="username" required>
<div class="invalid-Feedback">
Wrong username and password.
</div>
<% }else{ %>
<input type="text" class="form-control" id="InputUsername" name="username" required>
<% } %>
</div>
<div class="mb-3">
<label for="InputPassword" class="form-label" >Password</label>
<input type="password" class="form-control" id="InputPassword" name="password" required>
</div>
<div class="pb-3"></div>
<button type="submit" class="btn btn-primary">Register</button>
</form>
</div>
<%-include("partials/footer.ejs")%>
app.js
const bodyParser = require("body-parser");
const mongoose = require("mongoose");
const session=require("express-session");
const passport= require("passport");
const passportLocalMongoose=require("passport-local-mongoose");
const app=express();
app.use(bodyParser.urlencoded({extended:true}));
app.use(express.static(__dirname+"/public"));
app.set('view engine','ejs');
app.use(session({
secret: 'This is my personal diary.',resave: false,saveUninitialized: false,}));
app.use(passport.initialize());
app.use(passport.session());
mongoose.connect("mongodb://localhost:27017/diaryDB",{useNewUrlParser:true,useUnifiedTopology: true });
mongoose.set("useCreateIndex",true);
const entrySchema=new mongoose.Schema({
title: String,body: String
});
const diarySchema=new mongoose.Schema({
username:String,password:String,entry: [entrySchema]
});
diarySchema.plugin(passportLocalMongoose);
const Entry=mongoose.model("Entry",entrySchema);
const Diary=mongoose.model("Diary",diarySchema);
passport.use(Diary.createStrategy());
passport.serializeUser(Diary.serializeUser());
passport.deserializeUser(Diary.deserializeUser());
app.get("/",function(req,res){
res.render("home",{});
});
app.get("/register",res){
res.render("register",{exists:false});
});
app.post("/register",res){
let username=req.body.username;
let password=req.body.password;
Diary.register({username:username},password,function(err,diary){
if(err){
res.render("register",{exists:true});
}
else{
passport.authenticate("local")(req,res,function(){
res.redirect("/diary/"+username);
});
}
});
});
app.get("/login",res){
res.render("login",{exists:true});
});
app.post("/login",res){
let username=req.body.username;
let password=req.body.password;
Diary.findOne({username:username},diary){
if(diary){
req.login(diary,function(err){
if(err){
console.log(err);
res.redirect("login",{exists:false});
}
else{
passport.authenticate("local")(req,function(){
res.redirect("/diary/"+diary.username);
});
}
});
}else{
res.render("login",{exists:false});
}
});
});
app.get("/diary/:customName",res){
let customName=req.params.customName;
if(req.isAuthenticated()){
res.render("diary",{username:customName});
}else{
res.redirect("/login");
}
});
app.get("/write",res){
res.render("write",{});
});
app.get("/entry",res){
res.render("entry",{});
});
app.get("/delete",res){});
app.get("/logout",res){
req.logout();
res.redirect("/");
});
app.listen(3000,function(){
console.log("Server has started.");
});
只是“/登录”
app.get("/login",{exists:false});
}
});
});
解决方法
如果是,您需要检查用户凭据是否正确,如果是,则继续,然后使用适当的消息重新呈现登录屏幕
这是我在我的一个项目中所做的,比如 practo
router.post("/emailsignin",(req,res,next) => {
let errors = [];
USer.findOne({ email: req.body.email })
.then((user) => {
if (!user) {
req.flash("error_msg","email is not registered please signup");
res.redirect("/users/signup");
}
if (user) {
bcrypt.compare(req.body.password,user.password,function (err,res) {
if (res) {
} else {
errors.push({ msg: "Wrong Password" });
}
});
if (user.role === "doctor") {
return passport.authenticate("local",{
successRedirect: "/users/doctorDetails",failureRedirect: "/users/emailsignin",success_msg: req.flash("success_msg","successfully logged in"),failureFlash: true,successFlash: true,})(req,next);
}
if (user.role === "admin") {
return passport.authenticate("local",{
successRedirect: "/users/admin",next);
} else {
req.session.name = user.name;
return passport.authenticate("local",{
successRedirect: "/",error_msg: req.flash("error_msg","password or email is wrong"),// successFlash: "Welcome!",next);
}
} else {
console.log("error");
}
})
.catch((err) => console.log(err));
});
这里首先检查数据库中是否存在email id
如果是,则检查密码是否正确,如果不正确,则只需使用闪存消息推送错误消息
如果一切顺利,请相应登录