node.js - 登录失败环回验证

Question

我在用户登录环回方面遇到了一些问题。 当我尝试使用环回浏览器登录时

{
  "error": {
    "statusCode": 401,
    "name": "Error",
    "message": "login failed",
    "code": "LOGIN_FAILED",
    "stack": "Error: login failed\n    at d"
  }
}

回复:

{
  "date": "Tue, 18 Jul 2017 06:20:01 GMT",
  "content-encoding": "gzip",
  "x-content-type-options": "nosniff",
  "x-download-options": "noopen",
  "x-frame-options": "DENY",
  "content-type": "application/json; charset=utf-8",
  "access-control-allow-origin": "http://localhost:10010",
  "transfer-encoding": "chunked",
  "connection": "keep-alive",
  "access-control-allow-credentials": "true",
  "vary": "Origin, Accept-Encoding",
  "x-xss-protection": "1; mode=block"
}

在 mixin 中创建 lb-tables:(服务器端)

var server = require('./server'); 
var ds = server.dataSources["sql-local"]; 
var lbTables = ['User', 'AccessToken', 'ACL', 'RoleMapping', 'Role']; 
ds.automigrate(lbTables, function(er) { 
  if (er) throw er; 
  console.log('Loopback tables [' - lbTables - '] created in ', ds.adapter.name); 
  ds.disconnect(); 
})

auth.service.js(客户端):

(function () {
    'use strict';

    angular.module('CrudAngular')
        .factory('authService', authService);

    authService.$inject = ['User', '$rootScope'];

    function authService(User, $rootScope) {
        var service = {
            login: login,
            logout: logout,
            register: register,
            isAuthenticated: isAuthenticated,
            getCurrentUser: getCurrentUser
        };
        return service;

        function login(email, password) {
            return User
                .login({ email: email, password: password })
                .$promise;
        }

        function logout() {
            return User
                .logout()
                .$promise;
        }

        function register(email, password) {
            return User
                .create({
                    email: email,
                    password: password
                })
                .$promise;
        }

        function isAuthenticated() {
            return User.isAuthenticated();
        }

        function getCurrentUser() {
            return User.getCurrent();
        }
    }
})();

这是登录和app.js 的 Controller

.controller('LoginController', ['$scope', '$state', 'authService', '$location', function ($scope, $state, authService, $location) {
        $scope.login = function () {
            authService.login(this.username, this.password).then(function (response) {
                $location.path('/home');
                console.log(response);
            }, function (err) {
                alert(err.data.error.message);
                console.log(err);
            });
        };
    }])

   .run(['$rootScope', '$location', '$http', 'User', function ($rootScope, $location, $http, User) {
        console.log(User.isAuthenticated());    

        $rootScope
            .$on('$stateChangeStart',
            function (event, toState, toParams, fromState, fromParams) {
                $("#ui-view").html("");
                $(".page-loading").removeClass("hidden");
            });

        $rootScope
            .$on('$stateChangeSuccess',
            function (event, toState, toParams, fromState, fromParams) {
                $(".page-loading").addClass("hidden");
            });


        $rootScope.$on('$locationChangeStart', function (event, next, current) {
            // redirect to login page if not logged in and trying to access a restricted page
            var restrictedPage = $.inArray($location.path(), ['/login', '/register']) === -1;
            if (restrictedPage && !User.isAuthenticated()) {
                console.log("Not Authenticated");
                $location.path('/login');
            }

            if (User.isAuthenticated()) {
                $location.path('/home');
            }
        });
    }])

登录.html:

<div ng-controller="LoginController">

<div class="col-md-6 col-md-offset-3">
    <h2>Login</h2>
    <form name="form" ng-submit="login()" role="form">
        <div class="form-group" ng-class="{ 'has-error': form.username.$dirty && form.username.$error.required }">
            <label for="username">Username</label>
            <input type="text" name="username" id="username" class="form-control" ng-model="username" required />
            <span ng-show="form.username.$dirty && form.username.$error.required" class="help-block">Username is required</span>
        </div>
        <div class="form-group" ng-class="{ 'has-error': form.password.$dirty && form.password.$error.required }">
            <label for="password">Password</label>
            <input type="password" name="password" id="password" class="form-control" ng-model="password" required />
            <span ng-show="form.password.$dirty && form.password.$error.required" class="help-block">Password is required</span>
        </div>
        <div class="form-actions">
            <button type="submit" ng-disabled="form.$invalid || vm.dataLoading" class="btn btn-primary">Login</button>
            <a href="#!/register" class="btn btn-link">Register</a>
        </div>
    </form>
</div>

Answer 1

在帐户/用户模型中添加额外的 ACL，如下所述:

"acls": [{
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$unauthenticated",
    "permission": "ALLOW",
    "property": "find"
}]

它将允许帐户(用户)模型获取帐户及其帐户，因为用户模型的默认 ACL 需要对除 POST 请求之外的每个请求进行授权。