node.js - Ask user to complete registration after social login through Passport -


i wonder best practice ask user more information complete registration after social login passport. able sign in user through twitter, , callback route '/auth/twitter/callback' called. however, @ point i'm presenting form ask them few more pieces of information. problem @ point req.isauthenticated() returns true already, while i'd rather set isauthenticated manually after complete registration, not twitter callback called. suggestions?

there few ways can achieve want , point of view fiddling around req.isauthenticated() not best. recommend following approaches.

method 1

in addition req.isauthenticated() put new condition check whether user completed registration or not i.e. user.completedregistration() completedregistration() function checks either mongodb or other logic decide yes or not. sample follow: 

var isauthenticated = function (req, res, next) {   if (req.isauthenticated() && user.completedregistration()) {     //user both authenticated registered.     return next();   } else if (req.isauthenticated() && !user.completedregistration()) {     //user authenticated, need fill form.     res.redirect('/to/the/view/that/have/registration/form');    } else {     // user needs login     res.redirect('/map/to/the/login/route/handler');   } }

you use isauthenticated in routes, follow: 

// secure route   router.get('/secure/api/create', isauthenticated, function(req, res) {     //return secure view   });

user.completedregistration() function queries, mongodb logged in user using logged in user id (twitter id) , check if particular field set. set field when user register otherwise default can false.

method 2

depending on ordering of configs in app.js every request runs deserializeuser shown below: 

passport.deserializeuser(function(id, done) {    user.findbyid(id, function(err, user) {       console.log('deserializing user:',user);          done(err, user);       });  });

which takes id of logged in user req object , retrieves user mongodb , populate more information user in req object. can tweak method user.find using not id of user but, field shows whether user registered or not. need set field in mongodb user object , user model.

method 3

leave alone passport related configs, write own checks in router level check whether logged in user registered or not. can using following steps:

  1. user access route , make sure he/she authenticated
  2. you retrieve id of logged in user
  3. you check mongodb or mysql or redis or whatever other logic can implement decide whether user id has completed registration or not
  4. if not redirect user registration page, if yes let user's request served normally.

to obtain id of logged in user, can check req.user field. shown in following function, have implemented twitter, facebook , local , hence checks. 

function getcurrentloggedinuserid(req, callback) {   console.log('func getcurrentloggedinuserid');    var userid = "ghost";   if(req.user) {     if(req.user.local != undefined && req.user.local.email != undefined) {       userid = req.user.local.email;     } else if(req.user.fb != undefined && req.user.fb.id != undefined) {       userid = req.user.fb.id;     } else if(req.user.twitter != undefined && req.user.twitter.id != undefined) {       userid = req.user.twitter.id;     }     callback(null, userid);   } else {     callback(null, userid);   } }

there many other ways achieve have asked in here but, need reading on express app combined passport work , understanding of intercept user requests , approach suits best.


Comments

Post a Comment

Popular posts from this blog

javascript - jQuery: Add class depending on URL in the best way -

i have html progress meter: <div class="col-md-3" style="margin-left: -20px;"> <div class="progress-pos active" id="progess-1"> <div class="progress-pos-inner"> login </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-2"> <div class="progress-pos-inner"> scan items </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-3"> <div class="progress-pos-inner"> confirm address </div> </div> </div> <div class="col-md-3 progress-pos-container"> <div class="progress-pos" id="progess-4"> <div class="progress-pos-in
Read more

caching - How to check if a url path exists in the service worker cache -

i need check if particular url path exists in service worker cache. example, suppose url is: /myserviceworker/service?a=110&b=70 this url exists in cache, there many of them different values of , b. now, suppose want refresh of these urls, how can that? i want know how access key values service worker cache. if know key, plan follows: var url = new url(key); if(url.pathname === "\/myserviceworker/service") refetch key but not sure how cache key , in format is. mean, string or url? cache api has match() method returns promise resolving in response object if match or undefined if no match exists. second parameter object can specify ignoresearch not take account url parameters. the ignoresearch option supported firefox ( chrome status here ). in other hand, retrieve cache entries, can use keys() method.
Read more

Redirect to a HTTPS version using .htaccess -

i need modify .htaccess file redirect urls https version without "www". http://example.com --> https://example.com http://www.example.com --> https://example.com https://www.example.com --> https://example.com this how .htaccess file looks like: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^(.*)$ redirect.php?id=$1&page=$2 [qsa,l] what modifications need make .htaccess in order forward https without "www"? it depends on doing current code. looks file called redirect trying display php page seo friendly url. think might confusing people. anyway, need , force https without www, need 1 more rule above. also second rule needs two capture groups in rewriterule test string because wanting 2 different values using $1 , $2 references. rewriteengine on #rediect www non www and/or http https --- combinations. rewritecond %{http_host} !^example\.com [nc,or] rewritecond %{https} !^
Read more