derby-login. Redirect the user to another page if he is not logged in.

[Мукагали Бейсембаев]

Hi everyone,

I would like to know how to prevent unauthorized user accesing my page after logging. By entering the straight forward address. I want to check if the user is not logged in, then he should be directed to landing page of my app not the gallery page ( which comes right after sign in page). Please help. 

Thanks in advance. Your help will be much appreciated.

[Vladimir Makhaev]

app.get('/route1', function(page, model, params, next) {

  if (!model.get('_session.loggedIn')) {

    return page.redirect('/route2');

  }

  ...

});

This will redirect user from /route1 to /route2 if he is not authorised.

[Мукагали Бейсембаев]

Thanks a lot Vladimir,

Here route1 is the gallery page in my case right? I mean the page right after logging in ?

--
You received this message because you are subscribed to a topic in the Google Groups "Derby" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/derbyjs/2dJhxMmQPp8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to derbyjs+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Vladimir Makhaev]

Yes.

And also you can specify in passport options successRedirect (page to redirect on login) and failureRedirect (page to redirect on logout).

[Мукагали Бейсембаев]

Thanks again Vladimir.

I will try it out and let you know )

[Мукагали Бейсембаев]

After logging in via facebook it brings me to http://localhost:3000/ and I want to change the URL to http://localhost:3000/gallery. When I do so it brings me the error which says URL doesn't match and so on. 

facebook: {

                strategy: require('passport-facebook').Strategy,

                conf: {

                    clientID: '1567224883504619',

                    clientSecret: 'bb36b5bc0b15b8787266b5c46ea046de',

                    callbackURL: 'http://localhost:3000/auth/facebook/callback',

                    scope: ['email']

                }

            },

I also tried to change callbackURL to http://localhost:3000/gallery/auth/facebook/callback'

It still doesn't work though. I saw this thing in npm, but how to implement it to your derby-login?

app.get('/auth/facebook/callback',
  passport.authenticate('facebook', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Thanks a lot,

Cheers

[Vladimir Makhaev]

setup: options.passport.successRedirect = '/gallery'

--
You received this message because you are subscribed to the Google Groups "Derby" group.
To unsubscribe from this group and stop receiving emails from it, send an email to derbyjs+u...@googlegroups.com.

[Мукагали Бейсембаев]

facebook: {

                strategy: require('passport-facebook').Strategy,

                conf: {

                    clientID: '1567224883504619',

                    clientSecret: 'bb36b5bc0b15b8787266b5c46ea046de',

                    callbackURL: 'http://localhost:3000/auth/facebook/callback',

                    setup: options.passport.successRedirect = '/gallery' <==== you mean here?

                    scope: ['email']

                }

            },

[Vladimir Makhaev]

options = {

  passport: {

    successRedirect: '/galery'

  },

  strategies: {

    ...
  }

}

[Curran Kelleher]

Hello,

Is there a way to make the successRedirect dynamic? For example, if the user is not logged in but tries to access a restricted page, I'd like to redirect to the login page, and then redirect to the original intended destination page after login.

This is related to derby-login: [question] custom redirect urls #31. The method described there seems like it's only intended for external auth providers. In my case, I followed the derby-login-example strategy of having a separate page for login, and I'm using the local strategy only. I'm not sure how to communicate the redirect location through the login page. I tried storing it in "_session.redirect", but soon realized that the "_session" object gets changed when the user logs in. I also tried storing it in "_page.redirect", but that also didn't work.

I came across this code that stores the query in cookies, which seems like it would include the "req.query.redirect" option that is used in response.js. I'm just not sure how I can set the "redirect" value such that it will be picked up and used there.

My route for creating a document (which requires being logged in) looks something like this:

app.get("/create", function(page, model, params, next) {

  if (model.get("_session.loggedIn")) {

    var id = generateDocumentId(model);

    model.add("documents", {

      id: id,

      content: ""

    });

    page.redirect("/" + id + "/edit");

  } else {

    // Here's where I'd like to set query.redirect = "/create", but don't know how.

    // This does not work, as the session gets destroyed on login.

    // model.set("_session.redirect", "/create", function (err){

    //   page.redirect("/login");

    // });

    // This also does not work, as the _page contexts seems to be transient.

    // model.set("_page.redirect", "/create", function (err){

    //   page.redirect("/login");

    // });

    // This also does not work.

    // model.set("redirect", "/create", function (err){

    //   page.redirect("/login");

    // });

    // This also does not work, as the query parameters need to go on the /auth/login route (I think).

    page.redirect("/login?redirect=/create");

  }

});

In the above code, the redirect to "/login" goes to a page very similar to this login page in derby-login-example.

Any help would be greatly appreciated. I feel like it should be a simple thing and I'm just missing something. Thank you.

Regards,

Curran

[Curran Kelleher]

Found another clue in components/base/index.js:

var redirectUrl = self.model.get('redirectUrl') || res.body.url;

Not sure if this is usable to set up a redirect after login, or how to use it, but thought I'd include it here for completeness. I tried model.set("redirectUrl" ... as well, but that also didn't work.