如何用羽毛验证用户名和密码？

Question

我想用用户名和密码进行身份验证，我使用羽毛身份验证，但是我不明白在配置我的应用程序之后，如何在我的服务器中验证我的输入数据(用户名和密码)，以允许羽毛验证使用它？在我的客户端，我有以下代码来发送我的数据(用户名和密码)

app.authenticate({
    strategy: 'local',
    username: 'k0',//self.state.username,
    password:'kk'// self.state.password
  }).then(response => {
    console.log('Authenticated!', response);
  return app.passport.verifyJWT(response.accessToken);
})
.then(payload => {
  console.log('JWT Payload', payload);
  return app.service('users').get(payload.userId);
})
.then(user => {
  app.set('user', user);
  console.log('User', app.get('user'));
})
.catch(function(error){
  console.error('Error authenticating!', error);
});

但我有个错误

"POST http://localhost:4200/authentication 400 (Bad Request)
Error authenticating! 
BadRequest {type: "FeathersError", name: "BadRequest", message: "Missing credentials", code: 400, className: "bad-request", …}
className
:
"bad-request"
code
:
400
data
:
{message: "Missing credentials"}
errors
:
{}
message
:
"Missing credentials"
name
:
"BadRequest"
type
:
"FeathersError"
stack
:
"BadRequest: Missing credentials↵    at new BadRequest 
__proto__
:
Error"

这是我的server.js

var Users=[ {_id:"1",email:"k0",password:"kk"}, {_id:"2",email:"k1",password:"kk"}, {_id:"3",email:"k2",password:"kk"}, {_id:"4",email:"k3",password:"kk"}, {_id:"5",email:"k4",password:"kk"}]; 
const feathers = require('feathers'); 
const bodyParser = require('body-parser'); 
const errors = require('feathers-errors'); 
const errorHandler = require('feathers-errors/handler'); 
const rest = require('feathers-rest'); 
const hooks = require('feathers-hooks'); 
const auth = require('feathers-authentication'); 
const local = require('feathers-authentication-local'); 
const memory = require('feathers-memory'); 
const jwt = require('feathers-authentication-jwt');
 const app = feathers(); app.use(bodyParser.json()) app.use(bodyParser.urlencoded({ extended: true })); var cors = require('cors'); var port= process.env.PORT ||4200;app.use(cors());
`

.use('/users', {
find(params) {
return Promise.resolve(Users);
}
})
.use(errorHandler());
app.service('authentication').hooks({
before: {
create: [
auth.hooks.authenticate('local'),
customizeJWTPayload()
],
remove: [
auth.hooks.authenticate('jwt')
]
}
});
app.service('users').hooks({
before: {

create: [
  local.hooks.hashPassword({ passwordField: 'password' })
]
}
`});app.post('/login', auth.express.authenticate('local', { successRedirect: '/app', failureRedirect: '/login'     }));

app.get('/app', (req, res, next) => {
res.json({ success: true });
});

app.get('/login', (req, res, next) => {
res.json({ success: "faux" });
});
app.listen(port);`

Answer 1

我强烈建议您使用羽毛生成器，非常好，可以为您节省大量时间处理这些问题。这样，在开始自定义之前，您就知道基本服务和身份验证可以工作了。https://docs.feathersjs.com/guides/step-by-step/generators/readme.html

在下面与开发人员讨论之后，问题似乎是在身份验证username字段中使用email而不是默认的usernameField。要么更新代码以使用email，要么使用以下内容创建一个default.json文件：

{
  "authentication": {
    "strategies": [
      "local"
    ],
    "local": {
      "entity": "user",
      "usernameField": "username",
      "passwordField": "password"
    }
  }
}

其次，您的服务可能没有正确设置(这就是为什么您要获得the id property must be set on the entity service for authentication错误。

这是我的users.service.js文件：

// Initializes the `users` service on path `/users`
const createService = require('feathers-mongodb');
const hooks = require('./users.hooks');
const filters = require('./users.filters');

module.exports = function () {
  const app = this;
  const paginate = app.get('paginate');
  const mongoClient = app.get('mongoClient');
  const options = { paginate };

  // Initialize our service with any options it requires
  app.use('/users', createService(options));

  // Get our initialized service so that we can register hooks and filters
  const service = app.service('users');

  mongoClient.then(db => {
    service.Model = db.collection('users');
  });

  service.hooks(hooks);

  if (service.filter) {
    service.filter(filters);
  }
};

看起来您的查询被设置为处理查询，但是在mongodb服务中使用hooks：https://docs.feathersjs.com/api/databases/mongodb.html#querying来处理这个问题。

对于羽毛身份验证如何验证用户名和密码这一具体问题，羽毛身份验证使用钩子。如果您使用feathers generate service并选择了身份验证，那么它会自动在服务的钩子文件(通常是SERVICENAME.hooks.js)中调用authenticate()。

您可以看到authenticate()函数在这里实际上在做什么：https://github.com/feathersjs/feathers-authentication/blob/master/src/hooks/authenticate.js