Comments (10)
This is because request.auth.session.set
is used for setting the cookie object. request.auth.credentials
is only set after a request is successfully validated against an auth scheme. In the case of your route, the request is unsuccessfully authenticated, your validation logic is executed, and the cookie is set. But request.auth.credentials
was already set to null and request.auth.session.set
isn't going to update it.
The most straight forward approach would be to separate your dashboard and login logic, then use reply with reply.redirect('/dashboard')
upon successful user validation.
However, you can use the onPreAuth
extension point in the request life cycle to do things differently if you'd like. http://hapijs.com/api#request-lifecycle
from cookie.
Thanks for the quick response. This is what I figured was happening. I'll just take the performance hit of the reply.redirect because it's more pragmatic.
from cookie.
I am using XMLHttpRequest
. How should I separate my login logic, and use reply.redirect
?
When I add reply.redirect('/home')
, an error will appear on my browser(Chrome) stating -- XMLHttpRequest cannot load server/login. The request was redirected to 'server/home', which is disallowed for cross-origin requests that require preflight.
even though I have enabled cors
.
from cookie.
I would just handle the redirect to /home client side in javascript if you're doing an ajax call. It seems a little cleaner that way too if you're using ajax for navigation logic. My guess is that the browsers have weird behavior with following a redirect from an ajax request.
from cookie.
So if I have this on my route
,
{
method: 'POST',
path: '/login',
config: {
handler: function (request, reply) {
User.find({
'email' : request.payload.email,
'password' : request.payload.password,
}, function (error, data) {
if (!data.length) {
throw new Error(error);
}
request.auth.session.set(data[0]);
return reply(data[0]);
});
},
auth: {
mode: 'try',
strategy: 'session'
},
plugins: {
'hapi-auth-cookie': {
redirectTo: false
}
}
}
}
and this on my XMLHttpRequest
,
var xhrContent = '{\
"email" : "' + email + '",\
"password" : "' + password + '"\
}';
xhr.open('POST', 'server/login');
xhr.onload = function () {
var responseMessage = JSON.parse(this.responseText);
if (responseMessage.error) {
return responseMessage.message;
}
}
xhr.send(xhrContent);
Where should I put my redirect? I tried to add console.log(request.auth.credentials)
right after setting the session and returns null
. However, on my browser (Chrome) under Network
tab and Headers
tab, it has set-cookie
and some random value. And under Preview
tab, it contains data of the user I tried to login.
from cookie.
You won't be able to use a redirect. If you're concerned about requesting protected resources via an ajax requests, you'll need to handle errors to trigger the logic to get user/pass within your own client app.
request.auth.credentials
will be available on all subsequent requests, but not immediately after setting the session.
The browser is handling the ajax request as expected. The random value is the encrypted cookie which will be used on your future requests.
from cookie.
@jaw187, am I doing this the right way?
from cookie.
The redirect is disabled correctly. Your handler needs to be able to reply with an error. This is how I'd write your handler and I'd use Boom (https://github.com/hapijs/boom)...
}, function (error, data) {
if (error) {
return reply(Boom.wrap(error));
}
if (data && data.length) {
request.auth.session.set(data[0]);
return reply(data[0]);
}
return reply(Boom.unauthorized());
});
From that point on it all depends on the implementation of your client app.
from cookie.
@jaw187, thank you. And sorry @Zambonilli for trying to hijack your issue.
from cookie.
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
from cookie.
Related Issues (20)
- After upgrading from 9.1.0 to 10.0.0 on hapi 18.1.0 getting strange behaviour for plugin HOT 2
- request.auth.credentials is null after setting request.cookieAuth.set({ id: users.id }); HOT 3
- Change module namespace HOT 1
- Update to README HOT 3
- Bug in readme.md (example code) HOT 2
- Very long password can break cookies HOT 2
- Server-side-only session attributes to avoid cookies exceed size HOT 2
- Action required: Greenkeeper could not be activated 🚨 HOT 1
- Update deps HOT 1
- Update joi HOT 1
- Only node 12
- Non system error in validateFunc will be swallowed HOT 1
- Document requirement for cookie path when using paths other than /login HOT 2
- validateFunc function not called when i load my react application with webserver (Hapi js) inside Iframe
- hapi js social login session management HOT 1
- How to Return cookie value from cookie_jar file as string
- Use two different cookies for different consumer services
- Does Boom.unauthorized in validate method cause HAPI handler to slow down? HOT 1
- Support for Non-401 Error Codes from the validateFunc HOT 2
- Version 12.0.0 breaking changes? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cookie.