Passport本地策略身份验证似乎仅适用于具有共享MongoDB实例的localhost [英] Passport local strategy auth seems to only work on localhost with a shared MongoDB instance
问题描述
这是一个奇怪的问题,但是我不确定还会发生什么.我已经为存储用户帐户的Node.js Express应用程序成功部署了 passport-local 策略在MongoDB中.我正在通过MongoLab使用Mongo作为服务.
This is a weird one, but I'm not sure what else could be going on. I've successfully deployed the passport-local strategy for a Node.js Express app with user accounts stored in MongoDB. I'm using Mongo as a service via MongoLab.
我的帐户和登录身份验证可以在本地正常工作.但是,当我将应用程序部署到AWS时(仍使用相同的Mongo服务),相同的帐户凭据会失败.我想知道... Passport是否以某种方式使用URL,端口或其他特定于环境的信息来对用户进行身份验证?也许以怎样的方式进行密码查找?
My accounts and login auth works as expected locally. But when I deploy my app to AWS (using the same Mongo service still), the same account credentials fail. I'm wondering... is Passport somehow using the URL, port, or other environment-specific information to authenticate users? Perhaps in how password lookup is performed?
我将其范围缩小到 passport.authenticate('local')
中间件,尽管如果该库在完全相同的代码在不同环境中以不同方式执行时,会使我感到惊讶.
I've narrowed it down to the passport.authenticate('local')
middleware, although it would surprise me if this library somehow performed differently in different environments with the exact same code.
我还应该提到,我正在为用户模型使用 passport-local-mongoose
插件.
I should also mention that I'm using the passport-local-mongoose
plugin for my User model.
推荐答案
好的-我知道了.
在我的本地系统上,我有一个较新版本的node,但是在我的部署版本(在AWS ElasticBeanstalk上)上,它使用的是v0.10.36.
On my local system, I had a newer version of node, but on my deployed version (on AWS ElasticBeanstalk) it was using v0.10.36.
如果您查看 passport-local-mongoose
的代码,则会看到以下内容:
If you look at the code for passport-local-mongoose
you'll see this:
var pbkdf2DigestSupport = semver.gte(process.version, '0.12.0');
...
var pbkdf2 = function(password, salt, callback) {
if (pbkdf2DigestSupport) {
crypto.pbkdf2(password, salt, options.iterations, options.keylen, options.digestAlgorithm, callback);
} else {
crypto.pbkdf2(password, salt, options.iterations, options.keylen, callback);
}
};
因此,如果两个不同版本的节点的版本分别高于0.12.0和低于0.12.0,那么您将获得不同的加密功能.
So if the two different versions of node has one above 0.12.0 and one below, you are going to get different crypto functionality.
这篇关于Passport本地策略身份验证似乎仅适用于具有共享MongoDB实例的localhost的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!