Fatal编程技术网
  • javascript/
  • Javascript 来自失败登录的响应包含cookie

Javascript 来自失败登录的响应包含cookie

javascript cookies

Javascript 来自失败登录的响应包含cookie,javascript,cookies,passport.js,Javascript,Cookies,Passport.js,在login.js中,我正在测试如果在请求中发送未注册的凭据,用户将无法登录。对此类失败请求的响应不应包含cookie,但在运行我的代码后,响应确实包含cookie,并且响应状态为400 为什么会这样 login.js const request = require('supertest') const express = require('express') const app = express() const passport = require('passport') const Loc

在login.js中,我正在测试如果在请求中发送未注册的凭据,用户将无法登录。对此类失败请求的响应不应包含cookie,但在运行我的代码后,响应确实包含cookie,并且响应状态为400

为什么会这样

login.js

const request = require('supertest')
const express = require('express')
const app = express()
const passport = require('passport')
const LocalStrategy = require('passport-local').Strategy
const expressSession = require('express-session')

const mongoose = require('mongoose')
const url = "mongodb://user1:password1@ds155091.mlab.com:55091/redditmock"  
mongoose.connect(url)





//Configuring local authentication
passport.use(new LocalStrategy(
    (username, password, done) => {
        User.findOne({username: username}, (err, user) => {
            if (err) return done(err)
            if (!user) {
                return done(null, false, {message: 'Incorrect username.'});
            }
            if (user.password !== password) {
                return done(null, false, { message: 'Incorrect password.' })
            }
            return done(null, user)
        })
    }
))


//Configuring app to have sessions 
passport.serializeUser((user, done) => {
    done(null, user._id)
})
passport.deserializeUser((id, done) => {
    User.findById(id, function(err, user) {
    done(err, user)
  })
})

app.use(expressSession({secret: 'aSecretKey'}))
app.use(passport.initialize())
app.use(passport.session())


app.post('/api/login', passport.authenticate('local'), (req, res) => res.end())

const server = app.listen(3000)



request(server)
    .post('/api/login')
    .type('form')
    .send({username: "sasd"})
    .send({password: "sdfa"})
    .then((res) => {
        cookie = res.header['set-cookie'][0]
        console.log(res.status)
        console.log(cookie)
    })
User.js

const mongoose = require('mongoose')


const schema = new mongoose.Schema({
    username: {
        type: String,
        required: true
    },
    password: {
        type: String,
        required: true
    }
}) 

module.exports = mongoose.model('User', schema)
为什么响应不应该包含cookie?因为只有在用户成功登录时才应该发送cookie。