passport
passport copied to clipboard
jaredhanson
passport.authenticate('local', { successReturnToOrRedirect: '/'}) not working properly
const router = require('express').Router() const User = require('../models/user.model') const { body, validationResult } = require('express-validator') const passport = require('passport')
router.get('/login', ensureNotAuthenticated, async(req, res, next) => { res.render('login') }) router.post('/login', ensureNotAuthenticated, passport.authenticate('local', { successReturnToOrRedirect: '/', failureRedirect: "/auth/login", failureFlash: true }))
if for example a user tries to access a protected route, say 'auth/profile', he gets redirected to the log in page, but on successfully logging in, he gets redirected to the route specified in 'successReturnToOrRedirect'. I was using passport 0.4.1 and there, it redirected back to the previous protected route after the user has successfully logged in
Having the same problem since updating from v0.5.3. I believe this is down to change a77271f55f045bd4fd2578a953256406b3621721 - authentice.js uses req.session.returnTo to redirect back to whatever page the user was visiting. But now sessionmanager.js is using req.session.regenerate - resulting in the returnTo property being lost, hence no redirect.
A workaround is to use options.keepSessionInfo to retain the session info:
passport.authenticate('oauth2', {
successReturnToOrRedirect: '/home',
failureRedirect: '/sign-in',
keepSessionInfo: true
})
though this feels like it defeats the purpose of regenerating the session, when all we want to keep is the returnTo value.
Plus, if you are using Typescript keepSessionInfo isn't included in @types/passport
We tried moving to 0.6.0 to receive vulnerability fixes but hit with this issue. Since the PR is all ready can we expect a release
@Evalife @ashishth09 Did this solve your issue? i added keepsessioninfo to the config and its still having the same behavior
Same problem. Hope https://github.com/jaredhanson/passport/pull/941 could fix this.
