PassportJS serializeUser和deserializeUser执行流程 [英] PassportJS serializeUser and deserializeUser execution flow

问题描述

我使用的ExpressPasswordJS通过本地策略对用户进行身份验证.我看过几篇有关如何设置护照和执行流程的文章.尽管关于护照的大部分事情都可以通过搜索找到，但是用户的序列化和反序列化使我感到困惑.

I'm using passportJS with express to authenticate user by local strategy. I have seen few articles regarding how passport is setup and the execution flow. Although most of the thing regarding passport can be figured out by searching, there is serialization and deserialization of user which keeps me confused.

我了解它用于在会话中保存用户信息以进行持久登录.我的序列化和反序列化代码是

I understand it is used to save the user information in session for persistent login. My code for serialization and deserialization is

passport.serializeUser(function(user, done){
    done(null, user.id);
});

passport.deserializeUser(function(id, done){
    User.findById(id, function(err, user){
        done(err, user);
    });
});

我对此的疑问

1)谁调用并填充了serializeUser和deserializeUser的参数?以及它如何访问用户对象?为了理解这一点，我添加了

1) Who calls and populates the arguments of the serializeUser and deserializeUser? And how it has access to the user object? To understand this I added log like

 passport.serializeUser(function(user, done){
    console.log(arguments.callee.caller);
    done(null, user.id);
});

在输出中得到 [Function:pass] 谁能解释一下?

And got [Function: pass] in output Can anyone explain this?

2)我正在使用mongodb来存储用户信息. MongoDB的默认ID为_id.因此，理想情况下，serializeUser和deserializeUser应该使用user._id而不是user.id.但是，它与user.id可以正常工作，而User.id在User对象中不可用.这是控制台中打印的用户对象

2) I am using mongodb to store the user information. MongoDB has _id as the default id of document. So ideally the serializeUser and deserializeUser should have worked with user._id instead of user.id. But it is working fine with user.id which is not available in User the object. Here is the user object printed in console

{ _id: 5505f231b810dbd4098ac76a,
  __v: 0,
  google: {},
  twitter: {},
  facebook: {},
  local:
   { password: '$2a$08$9NGd0xNu0JbWMZ07ufyFRu8guwy147k8IBl5cAC4Y8APOuxreNI32',
     email: 'xxxx@xxx.com' } }

这怎么可能?

3)一旦执行了done方法，控制流就会执行到哪里?

3) Where the control flow execution goes once done method is executed?

推荐答案

经过长时间的搜索，我发现了这个

After a long time of searching I found this article which explains authentication flow very clearly.

• 对于serializeUser:

1. 当用户提交登录表单时，对/login的POST请求是 导致执行 passport.authenticate 我们已经建立的中间件.
2. 该路由的身份验证中间件配置为 处理当地策略，护照会调用我们的 实施当地战略.
3. 护照使用req.body.username和req.body.password以及 将其传递给我们在本地策略中的验证功能.
4. 现在我们要做的事情:从数据库中加载用户并检查 如果给出的密码与数据库中的密码匹配.
5. 如果一切正常，我们希望用户登录，则调用done(null，user).
6. 调用完成将使流程跳回到 passport.authenticate .它传递了错误，用户和其他信息 信息对象(如果已定义).
7. 如果通过了用户，则中间件将调用req.login(a 请求附带的护照功能).
8. 这将调用我们定义的 passport.serializeUser 方法 较早.

1. When the user submits the login form, a POST request to /login is made resulting in the execution of the passport.authenticate middleware we've set up.
2. As the authenticate middleware for that route is configured to handle the local strategy, passport will invoke our implementation of the local strategy.
3. Passport takes the req.body.username and req.body.password and passes it to our verification function in the local strategy.
4. Now we do our thing: loading the user from the database and checking if the password given matches the one in the database.
5. If everything went fine and we want the user to login we invoke done(null, user).
6. Calling done will make the flow jump back into passport.authenticate. It's passed the error, user and additional info object (if defined).
7. If the user was passed, the middleware will call req.login (a passport function attached to the request).
8. This will call our passport.serializeUser method we've defined earlier.

• 对于deserializeUser:
1. Express加载会话数据并将其附加到请求.由于通行证会将序列化的用户存储在会话中
2. passport.session 中间件是一种将加载的Passport策略. 如果找到序列化的用户对象，则将该用户对象放到req.user上 在服务器中.
在请求中调用
3. passport.initialize ，它会找到连接到会话的password.user.接下来， passport.session 是 调用.
4. password.session中间件呼叫 passport.deserializeUser 设置.将已加载的用户对象作为req.user附加到请求.
1. Express loads the session data and attaches it to the req. As passport stores the serialised user in the session
2. passport.session middleware is a Passport Strategy which will load the user object onto req.user if a serialised user object was found in the server.
3. passport.initialize is invoked on the request, it finds the passport.user attached to the session. Next, passport.session is invoked.
4. The passport.session middleware calls passport.deserializeUser we've setup. Attaching the loaded user object to the request as req.user.

希望对您有帮助.

这篇关于PassportJS serializeUser和deserializeUser执行流程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！