Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is there a way to get req.user without using the authentication middleware? #675

Closed
ThatNerdyPikachu opened this Issue Jun 1, 2018 · 9 comments

Comments

Projects
None yet
4 participants
@ThatNerdyPikachu
Copy link

ThatNerdyPikachu commented Jun 1, 2018

WouldJjust grab the JWT from the cookie, and verify that? How would I do that from the server? (The Feathers's express server, which is where I'm hosting both the front-end and back end)

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jun 1, 2018

The authenticate Express middleware does all of that for you, why wouldn't you use it?

@bertho-zero

This comment has been minimized.

Copy link
Contributor

bertho-zero commented Jun 1, 2018

The authenticate Express middleware throw an error or redirect if fails, in some cases we would like to have the user in req.user if it exists, but still pass in the next middleware if it does not exist.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jun 1, 2018

Ah, I see. You could copy the code (https://github.com/feathersjs/authentication/blob/master/lib/express/authenticate.js) and modify it to what you need then.

@bertho-zero

This comment has been minimized.

Copy link
Contributor

bertho-zero commented Jun 1, 2018

Would an ignoreFails option not be enough? I have already had the case several times and it is true that creating this piece of code is not complicated but a little tedious.

@ThatNerdyPikachu

This comment has been minimized.

Copy link
Author

ThatNerdyPikachu commented Jun 1, 2018

If the authenticate middleware is used, then that route sends a 401, no?

@ThatNerdyPikachu

This comment has been minimized.

Copy link
Author

ThatNerdyPikachu commented Jun 14, 2018

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Jun 15, 2018

If you don't want to/can't use the middleware at the moment copying the code and modifying it to what you need is the way to go. I'll include an option to not error in the next version.

@ThatNerdyPikachu

This comment has been minimized.

Copy link
Author

ThatNerdyPikachu commented Jun 15, 2018

Alright, thanks!
Mind posting something here when that's done?
@daffl

@qazs

This comment has been minimized.

Copy link

qazs commented Dec 5, 2018

Hi @daffl, I would also like to have mixed mode authentication, meaning unauthenticated user is still able to access the data. Any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.