Giters

jaredhanson / passport-http

HTTP Basic and Digest authentication strategies for Passport and Node.js.

Home Page:https://www.passportjs.org/packages/passport-http/?utm_source=github&utm_medium=referral&utm_campaign=passport-http&utm_content=about

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Basic & Digest authentication not working for some reason...

thisissami opened this issue · comments

commented

Hi There,

I have been using Passport for numerous years now. In the current platform that I run, I use Passport's local strategy for authentication. This has been working fine for several months.

Today, I added a new Basic Strategy authentication system to the mix. This is completely separate from the standard Local Strategy that already exists.

My code is as follows:

  var basic = require('passport-http').BasicStrategy;

  passport.use(new basic({},
    function(username, password, done) {
      console.log('here we are');
    }
  ));

and the following is part of a different function

    if(path == '/the/correct/path'){
      console.log('OUTSIDE AUTH');
      passport.authenticate('basic', { session: false }, function(req, res){
        console.log('INSIDE AUTH');
      });
    }

When I make a request to /the/correct/path, OUTSIDE AUTH gets printed properly. However, I then expect here we are from the passport.use() function to get printed, which it never. I'm really frustrated, as I have no idea how this is supposed to work...

I have tried accessing this via browser, via curl calls (as per the example), using older & newer versions of the module, and using the DigestStrategy instead of the BasicStrategy. Any advice on what to do would be greatly appreciated... Also I am NOT using express if that makes a difference at all...

Best, and thanks either way,
Sami

commented

Hey there,

I also had this issue. If I am not wrong, the local strategy in passport authenticates against form data. However, if you would like to authenticate using the basic strategy, you have to add an Authorization header.

I never used CURL to do my requests, you can try use Postman to do the calls. In Postman, you just have to click on the Basic Auth tab and enter the credentials and they will auto generate an Authorization header with your encoded credentials and you can send it to the server.

The header should look like this: Authorization Basic wegTIyNy3h32SDGdgd

Adding the authorization header triggered the basic strategy for me.

Hope this helps

Cheers

commented

I saw a similar behavior where I was mounting the auth endpoint to a non-root endpoint via app.use('/auth', authApp) and the uri check was failing. I opened a separate issue #43 and submitted a pull request.

passport-http is pretty silent about which check is failing. I added checkpoints in passport-http to track down which check was failing. Once I saw that it was the URI check, it was pretty easy to figure out what was going wrong. Hope that helps.

commented

I think we are seeing the same issue. Was using basic auth fine in certain testing scenarios - now it's hanging (no errors).