Javascript passport.js中带有令牌的验证电子邮件
我只是在寻找解决方案,使验证电子邮件与令牌为我的本地身份验证在passport.js 是否有一些用于node的插件或组件可以使我更容易验证?还是我必须自己做 我的控制器Javascript passport.js中带有令牌的验证电子邮件,javascript,node.js,token,passport.js,passport-local,Javascript,Node.js,Token,Passport.js,Passport Local,我只是在寻找解决方案,使验证电子邮件与令牌为我的本地身份验证在passport.js 是否有一些用于node的插件或组件可以使我更容易验证?还是我必须自己做 我的控制器 exports.postSignup = function(req, res, next) { req.assert('email', 'Email is not valid').isEmail(); req.assert('password', 'Password must be at least 4 characte
exports.postSignup = function(req, res, next) {
req.assert('email', 'Email is not valid').isEmail();
req.assert('password', 'Password must be at least 4 characters long').len(4);
req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
var errors = req.validationErrors();
if (errors) {
req.flash('errors', errors);
return res.redirect('/signup');
}
var user = User.build({
email: req.body.email,
password: req.body.password,
});
User
.find({ where: { email: req.body.email } })
.then(function(existingUser){
if (existingUser) {
req.flash('errors', { msg: 'Account with that email address already exists.' });
return res.redirect('/signup');
}
user
.save()
.complete(function(err){
if (err) return next(err);
req.logIn(user, function(err){
if (err) return next(err);
res.redirect('/');
});
});
}).catch(function(err){
return next(err);
});
};
谢谢你的意见 自己实现这一点非常简单 伪代码:
//A user registers
//User is stored along with a random token string and a variable set to false
//User is sent a verification email
//Verification email has a link with the random token and a unique ID for that user
//Link goes to a route that takes the token as a parameter
//Match the user and the random token
//If they match - change a variable to verified
我用来生成随机字符串的包是:
本地注册策略
passport.use('local-signup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true // allows us to pass back the entire request to the callback
},
function (req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function () {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({'local.email': email}, function (err, user) {
// if there are any errors, return the error
if (err) {
return done(err);
}
// check to see if theres already a user with that email
if (user) {
console.log('that email exists');
return done(null, false, req.flash('signupMessage', email + ' is already in use. '));
} else {
User.findOne({'local.username': req.body.username}, function (err, user) {
if (user) {
console.log('That username exists');
return done(null, false, req.flash('signupMessage', 'That username is already taken.'));
}
if (req.body.password != req.body.confirm_password) {
console.log('Passwords do not match');
return done(null, false, req.flash('signupMessage', 'Your passwords do not match'));
}
else {
// create the user
var newUser = new User();
var permalink = req.body.username.toLowerCase().replace(' ', '').replace(/[^\w\s]/gi, '').trim();
var verification_token = randomstring.generate({
length: 64
});
newUser.local.email = email;
newUser.local.password = newUser.generateHash(password);
newUser.local.permalink = permalink;
//Verified will get turned to true when they verify email address
newUser.local.verified = false;
newUser.local.verify_token = verification_token;
try {
newUser.save(function (err) {
if (err) {
throw err;
} else {
VerifyEmail.sendverification(email, verification_token, permalink);
return done(null, newUser);
}
});
} catch (err) {
}
}
});
}
});
});
}));
我使用/permalink/random令牌组合作为验证URL
路线应如下所示:
app.get('/verify/:permaink/:token', function (req, res) {
var permalink = req.params.permaink;
var token = req.params.token;
User.findOne({'local.permalink': permalink}, function (err, user) {
if (user.local.verify_token == token) {
console.log('that token is correct! Verify the user');
User.findOneAndUpdate({'local.permalink': permalink}, {'local.verified': true}, function (err, resp) {
console.log('The user has been verified!');
});
res.redirect('/login');
} else {
console.log('The token is wrong! Reject the user. token should be: ' + user.local.verify_token);
}
});
});
看看干墙项目——它包括您提到的功能,并且是用passport构建的:内置了一些密码重置逻辑。你可以在新项目中使用它,如果你自己写的话,也可以作为指导。尽管这个答案很好,但我相信最初的问题是,通过passport(如果有的话)处理这个问题的正确方法是什么?我目前正在选择你提到的方法,但我想知道这个逻辑是否可以通过passport来运行。谢谢你的代码Tom。我看到在字段名前面有一个“local.”。我认为你实施了其他登录策略,正如我打算的那样。您能详细介绍一下您的mysql/sequelize/user.js实现吗?(关于@GroomedGorilla的答案,我不认为passport做了电子邮件确认。)Nevermind发现了类似的内容()tks tks