node.js - Passport-http bad request -

-

i wanna make simple authentication passport-http (digeststrategy). like:

var digeststrategy = require('passport-http').digeststrategy;  passport.use('login', new digeststrategy({ qop: 'auth' },     function(login, password, done) {         user.findone({ login: login }, function(err, user) {             if (err) { return done(err); }             if (!user) { return done(null, false); }             user.matchpassword(password, function(err, ismatch) {                 if (!ismatch)                 {                     return done(null, false);                 }                 return done(null, user);             })         });     } ));

and in post /login

router.post('/',     passport.authenticate('login', {session: false}),     function(req, res) {         if (req.user)         {             var expires = moment().add('hours', 1).valueof();              res.json({                 expires: expires,                 user: req.user.tojson()             });         }          else         {                console.log("send 401 ...");             res.sendstatus(401);         } });

i insert credentials in http form

div.loginbox     form(name='login', action='/login', method='post')         label(value='login')         input(type='text', name='login')          label(value='password')         input(type='password', name='password')          input(type='submit', value='login')

but after that, 400 bad request.

actually, mixing http authentication custom authentication posting form data credentials.

by posting credentials using html form there no implicit http digest authentication. need send special headers initiating http authentication. there can choose basic or digest authentication. causing browser prompt user name , password resulting in special http header managed chosen digeststrategy. bad request issued http header missing required header information performing authentication.

if want log in using form either might want use localstrategy of passport-local instead or use ajax managing client-side digest authentication though i'd stick former.


Comments

Post a Comment

Popular posts from this blog

c# - Better 64-bit byte array hash -

-
i need hash algorithm produces 64-bit hash code ( long ) fewer collisions string.gethashcode() , fast (no expensive calls cryptographic functions). here's implementation of fnv still shows 3% of collisions after testing 2 million random strings. need number way lower. void main() { const string chars = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!#@$%^&*()_+}{\":?><,./;'[]0123456789\\"; const int n = 2000000; var random = new random(); var hashes = new hashset<long>(); int collisions = 0; for(int = 0; < n; i++) { var len = random.next(chars.length); var str = new char[len]; (int j = 0; j < len; j++) { str[j] = chars[random.next(chars.length)]; } var s = new string(str); if(!hashes.add(get64bithash( s ))) collisions++; } console.writeline("collision percentage after " + n + " random strings: " + ((doubl
Read more

webrtc - Which ICE candidate am I using and why? -

-
[questions in bold below] i have setup kurento media server 5.1.3 in datacenter behind firewall running os ubuntu 14.04. has 2 network cards: 222.222.222.222 (eth0 - private ip) 111.111.111.111 (eth1 - public ip) attached below sdp (setremotedescription) when browser connected kurento media server type: answer, sdp: v=0 o=- 5487318114793304426 0 in ip4 0.0.0.0 s=kurento media server c=in ip4 0.0.0.0 t=0 0 a=group:bundle audio video m=audio 59068 rtp/savpf 111 0 c=in ip4 111.111.111.111 a=rtpmap:111 opus/48000/2 a=rtpmap:0 pcmu/8000 a=sendrecv a=rtcp:59068 in ip4 111.111.111.111 a=rtcp-mux a=ssrc:669011897 cname:user39019747@host-6e83e4c2 a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=mid:audio b=as:20 a=ice-ufrag:ymdk a=ice-pwd:lylifk5ueqzpwm91ddj37e a=fingerprint:sha-256 ff:0f:81:8c:41:4e:b4:b6:c6:d8:36:f3:d6:5f:09:fd:5f:af:13:b3:9d:fc:12:66:ac:f3:56:d6:5b:0a:73:5d a=candidate:1 1 udp 2013266431 111.111.111.111 55239 typ host a=candidate:2 1 udp
Read more

php - Zend Framework / Skeleton-Application / Composer install issue -

-
i trying create zend framework application using skeleton in netbeans. when run composer install, following error message: "c:\php\php.exe" "c:\composer\composer.phar" "--ansi" "--no-interaction" "update" "--dev" using deprecated option "dev". dev packages installed default now. loading composer repositories package information updating dependencies (including require-dev) requirements not resolved installable set of packages. problem 1 - package requires php >=5.5 php version (5.4.42) not satisfy requirement. problem 2 - installation request zendframework/zendframework 2.5.1 -> satisfiable zendframework/zendframework[2.5.1]. - zendframework/zendframework 2.5.1 requires php >=5.5 -> php version (5.4.42) not satisfy requirement. done. apparently, zend framework only needs php 5.3+ contradicts above. need use php 5.4. my composer.json following: { "name": "
Read more