I'm trying to refactor my existing app in order to add support for PassportJS, but it's getting more difficult than expected.
I'm using passport-jwt as strategy. So I have
passport.use(new JwtStrategy(options, user.verify));
router.post(
'/login/jwt',
passport.authenticate('jwt', {session: false, failWithError: true})
);
And if user.verify fails it calls (for example)
done(new Error(errors.BAD_REQUEST));
But I have no way to handle this error, whatever I pass as first parameter of the done callback, Passport always sends a 401 - Unauthorized response.
This is not what I expect since I have many error handlers in my codebase and I want to municate a meaningful error to the client.
I googled a lot so far, and I opened several SO questions besides the official documentation, but any of those solutions fixes my problem.
For example, a mon solution for this problem is using a closure in order to access req and res objects (as the link above), but this is not applicable to my existing app.
Can someone help me?
I'm trying to refactor my existing app in order to add support for PassportJS, but it's getting more difficult than expected.
I'm using passport-jwt as strategy. So I have
passport.use(new JwtStrategy(options, user.verify));
router.post(
'/login/jwt',
passport.authenticate('jwt', {session: false, failWithError: true})
);
And if user.verify fails it calls (for example)
done(new Error(errors.BAD_REQUEST));
But I have no way to handle this error, whatever I pass as first parameter of the done callback, Passport always sends a 401 - Unauthorized response.
This is not what I expect since I have many error handlers in my codebase and I want to municate a meaningful error to the client.
I googled a lot so far, and I opened several SO questions besides the official documentation, but any of those solutions fixes my problem.
For example, a mon solution for this problem is using a closure in order to access req and res objects (as the link above), but this is not applicable to my existing app.
Can someone help me?
Share Improve this question edited Feb 19, 2018 at 17:07 Martijn Pieters 1.1m321 gold badges4.2k silver badges3.4k bronze badges asked Aug 19, 2017 at 12:43 Christian Vincenzo TrainaChristian Vincenzo Traina 10.5k4 gold badges45 silver badges78 bronze badges1 Answer
Reset to default 7So I assume you want to help the user and say the password is incorrect for example.
In the 'Verify Callback' Section you can find this example:
return done(null, false, { message: 'Incorrect password.' });
And by default, if authentication fails, Passport will respond with a 401 Unauthorized status
To catch this message you could try something like this: http://passportjs/docs#custom-callback
app.get('/login', function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/users/' + user.username);
});
})(req, res, next);
});
Does this help?
Edit: With no IIFE
app.post('/login',
passport.authenticate('local', { failWithError: true }),
function(req, res, next) {
// Handle success
return res.send({ success: true, message: 'Logged in' })
},
function(err, req, res, next) {
// Handle error
return res.status(401).send({ success: false, message: err })
}
)