我做了教程,使用IoT Foundation Service和.js样板来显示我的覆盆子pi中的数据。
我遵循了以下教程:
https://developer.ibm.com/recipes/tutorials/visualizing-your-data/
一切正常。
现在,我尝试添加单点登录服务以进行身份验证。我创建了一个云注册表并添加了两个测试用户。之后,我将服务绑定到我的IoT可视化.js应用程序,并完成了将我的应用程序与服务集成的步骤。我按照官方文档步骤(点"配置Node.js应用"):
我修改了我的电脑上的文件并使用CL CLI上传了它们。问题是,它没有改变任何东西。我可以像以前一样访问我的应用,但是我没有看到任何登录页面。
以下是我的文件:
的package.json
{
"name": "iot-visualization",
"version": "0.1.0",
"private": true,
"scripts": {
"start": "node app.js"
},
"dependencies": {
"passport": "*",
"cookie-parser": "*",
"express-session": "*",
"passport-idaas-openidconnect": "*",
"express": "~4.2.0",
"serve-favicon": "~2.1.0",
"morgan": "~1.0.0",
"cookie-parser": "~1.0.1",
"body-parser": "~1.0.0",
"debug": "~0.7.4",
"jade": "~1.3.0",
"stylus": "0.42.3",
"express-session": "^1.8.1"
}
}
app.js(已修改网址)
/*******************************************************************************
* Copyright (c) 2014 IBM Corporation and other Contributors.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* IBM - Initial Contribution
*******************************************************************************/
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var session = require('express-session');
var index = require('./routes/index');
var app = express();
var http_host = (process.env.VCAP_APP_HOST || '0.0.0.0');
var http_port = (process.env.VCAP_APP_PORT || 7000);
app.set('port', http_port);
app.set('host',http_host);
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');
//use favicon
app.use(favicon(__dirname + '/public/images/favicon.ico'));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
app.use(cookieParser());
// add session to store the api-key and auth token in the session
app.use(session({secret: 'xxxxxxxxxx',saveUninitialized: true,
resave: true}));
app.use(require('stylus').middleware(path.join(__dirname, 'public')));
var passport = require('passport');
var cookieParser = require('cookie-parser');
var session = require('express-session');
app.use(cookieParser());
app.use(session({resave: 'true', saveUninitialized: 'true' , secret: 'keyboard cat'}));
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
// VCAP_SERVICES contains all the credentials of services bound to
// this application. For details of its content, please refer to
// the document or sample of each service.
var services = JSON.parse(process.env.VCAP_SERVICES || "{}");
var ssoConfig = services.SingleSignOn[0];
var client_id = ssoConfig.credentials.clientId;
var client_secret = ssoConfig.credentials.secret;
var authorization_url = ssoConfig.credentials.authorizationEndpointUrl;
var token_url = ssoConfig.credentials.tokenEndpointUrl;
var issuer_id = ssoConfig.credentials.issuerIdentifier;
var callback_url = 'https://xxxxx.mybluemix.net/auth/sso/callback';
var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;
var Strategy = new OpenIDConnectStrategy({
authorizationURL : authorization_url,
tokenURL : token_url,
clientID : client_id,
scope: 'openid',
response_type: 'code',
clientSecret : client_secret,
callbackURL : callback_url,
skipUserProfile: true,
issuer: issuer_id},
function(iss, sub, profile, accessToken, refreshToken, params, done) {
process.nextTick(function() {
profile.accessToken = accessToken;
profile.refreshToken = refreshToken;
done(null, profile);
})
});
passport.use(Strategy);
app.get('/login', passport.authenticate('openidconnect', {}));
function ensureAuthenticated(req, res, next) {
if(!req.isAuthenticated()) {
req.session.originalUrl = req.originalUrl;
res.redirect('/login');
} else {
return next();
}
}
app.get('/auth/sso/callback',function(req,res,next) {
var redirect_url = req.session.originalUrl;
passport.authenticate('openidconnect', {
successRedirect: redirect_url,
failureRedirect: '/failure',
})(req,res,next);
});
app.get('/failure', function(req, res) {
res.send('login failed'); });
app.use(express.static(path.join(__dirname, 'public')));
app.use('/',index);
app.use(function(req, res, next) {
if(req.session.api_key)
res.redirect("/dashboard");
else
res.redirect('/login');
});
/// error handlers
// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render('error', {
message: err.message,
error: err
});
});
}
// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render('error', {
message: err.message,
error: {}
});
});
var server = app.listen(app.get('port'), app.get('host'), function() {
console.log('Express server listening on ' + server.address().address + ':' + server.address().port);
});
module.exports = app;
有什么想法吗?
//编辑
我第一次开始教程时没有.cfignore文件。所以我在我的apps根文件夹中创建了一个包含以下内容的文件:
node_modules/passport
node_modules/cookie-parser
node_modules/express-session
node_modules/passport-idaas-openidconnect
这是正确的,为什么我之前没有使用教程中的内容来获取此文件:
node_modules
答案 0 :(得分:6)
首先,我假设变量callback_url的值为'xxxxx.mybluemix.net/auth/sso/callback'作为示例。如果没有,您应该将“xxxxx”替换为您的应用程序名称。
正如Single Sign On - Configuring a Node.js app文档中所述:
passport-idaas-openidconnect模块适用于0.1.1至0.3.2的护照版本。超过0.3.2的版本可能无法正常工作。
我会确保您在package.json中使用(例如)此行使用正确的护照版本
"passport": "^0.2.2",
如果你想要你可以简化你的回调函数用于测试目的,如下所示(它可能会抛出错误,而不是找到req.session.originalUrl)并在以后扩展它:
app.get('/auth/sso/callback',function(req,res,next) {
passport.authenticate('openidconnect', {
successRedirect: "/home",
failureRedirect: '/failure',
}
)(req,res,next);
});
你的其余代码对我来说似乎没问题,因为已经建议你必须将“ensureAuthenticated”函数链接到你想要进行身份验证的每个app.get,app.post等。
例如,尝试执行以下操作:
app.get('/home', ensureAuthenticated, function(req, res) {
var htmlSplashPage = "<!DOCTYPE html> <html> <body> <h1>Hello "+JSON.stringify(req.session.passport.user._json.displayName)+"</h1></body> </html>";
res.writeHead(200, {'Content-Type': 'text/html','Content-Length':htmlSplashPage.length});
res.write(htmlSplashPage);
res.end();
});
在调用/ home时执行此操作GET函数ensureAuthenticated在所有其他函数之前调用,并且只有在用户已经过身份验证后才执行下一个函数(home),否则您将被重定向到登录页面。
答案 1 :(得分:2)
您需要将ensureAuthenticated函数添加到快速中间件堆栈中。每当向您的应用程序发出请求时,都需要调用此函数。例如,您可以通过添加以下内容将其添加到转到您的应用程序的所有请求:
app.use(ensureAuthenticated);