在passport.js中使用令牌验证电子邮件
Verification email with token in passport.js
我只是在寻找一种解决方案,它可以在passport.js中为我的本地身份验证生成带有令牌的验证电子邮件是否有一些用于节点的插件或组件可以让我更容易地进行验证?或者我必须自己做?
我的控制器
exports.postSignup = function(req, res, next) {
req.assert('email', 'Email is not valid').isEmail();
req.assert('password', 'Password must be at least 4 characters long').len(4);
req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
var errors = req.validationErrors();
if (errors) {
req.flash('errors', errors);
return res.redirect('/signup');
}
var user = User.build({
email: req.body.email,
password: req.body.password,
});
User
.find({ where: { email: req.body.email } })
.then(function(existingUser){
if (existingUser) {
req.flash('errors', { msg: 'Account with that email address already exists.' });
return res.redirect('/signup');
}
user
.save()
.complete(function(err){
if (err) return next(err);
req.logIn(user, function(err){
if (err) return next(err);
res.redirect('/');
});
});
}).catch(function(err){
return next(err);
});
};
谢谢你的意见!
自己实现这一点非常简单。
伪代码:
//A user registers
//User is stored along with a random token string and a variable set to false
//User is sent a verification email
//Verification email has a link with the random token and a unique ID for that user
//Link goes to a route that takes the token as a parameter
//Match the user and the random token
//If they match - change a variable to verified
我用来生成随机字符串的包是:https://www.npmjs.com/package/randomstring
本地注册策略
passport.use('local-signup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true // allows us to pass back the entire request to the callback
},
function (req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function () {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({'local.email': email}, function (err, user) {
// if there are any errors, return the error
if (err) {
return done(err);
}
// check to see if theres already a user with that email
if (user) {
console.log('that email exists');
return done(null, false, req.flash('signupMessage', email + ' is already in use. '));
} else {
User.findOne({'local.username': req.body.username}, function (err, user) {
if (user) {
console.log('That username exists');
return done(null, false, req.flash('signupMessage', 'That username is already taken.'));
}
if (req.body.password != req.body.confirm_password) {
console.log('Passwords do not match');
return done(null, false, req.flash('signupMessage', 'Your passwords do not match'));
}
else {
// create the user
var newUser = new User();
var permalink = req.body.username.toLowerCase().replace(' ', '').replace(/[^'w's]/gi, '').trim();
var verification_token = randomstring.generate({
length: 64
});
newUser.local.email = email;
newUser.local.password = newUser.generateHash(password);
newUser.local.permalink = permalink;
//Verified will get turned to true when they verify email address
newUser.local.verified = false;
newUser.local.verify_token = verification_token;
try {
newUser.save(function (err) {
if (err) {
throw err;
} else {
VerifyEmail.sendverification(email, verification_token, permalink);
return done(null, newUser);
}
});
} catch (err) {
}
}
});
}
});
});
}));
我使用/permalink/随机令牌的组合来验证URL
路线应该是这样的:
app.get('/verify/:permaink/:token', function (req, res) {
var permalink = req.params.permaink;
var token = req.params.token;
User.findOne({'local.permalink': permalink}, function (err, user) {
if (user.local.verify_token == token) {
console.log('that token is correct! Verify the user');
User.findOneAndUpdate({'local.permalink': permalink}, {'local.verified': true}, function (err, resp) {
console.log('The user has been verified!');
});
res.redirect('/login');
} else {
console.log('The token is wrong! Reject the user. token should be: ' + user.local.verify_token);
}
});
});
相关文章:
- javascript api,用于在第三方域上存储身份验证令牌
- Facebook Javascript SDK:发布到提要时验证访问令牌时出错
- 在passport.js中使用令牌验证电子邮件
- 使用谷歌登录网页时使用的身份验证令牌是什么
- 使用基于令牌的身份验证保护Sails.js中的API路由
- AngularJS身份验证,带有一个restful api,成功时返回一个令牌
- 我是否必须在每个请求上验证谷歌令牌ID
- 使用 Angular.js 处理基于 OAuth 令牌的身份验证
- Django AJAX:CSRF 验证失败表示缺少 csrf 令牌
- 节点.js具有“持久性令牌”功能的身份验证库
- MVC 5 SPA 应用程序谷歌身份验证令牌处理
- AngularJS:如何使用$resource请求发送身份验证令牌
- 从用户电子邮件创建哈希/令牌以进行电子邮件验证
- 如何在节点中使用 x.509 证书验证 JWT 令牌
- 收到错误 401 未经授权,无法在 Twitter 中验证 OAuth 签名和令牌
- 我将如何形成正确的 POST 请求以LinkedIn将临时身份验证代码交换为访问令牌,SSL3 是原因吗?
- 无法验证 Stripe Payments 的 CSRF 令牌 [Rails 4]
- 谷歌令牌身份验证与节点.js和快递.js
- FB PHP SDK 的 getAccessToken() 是检索用户身份验证令牌的可靠方法吗?
- 如何在页面刷新时处理令牌验证?