post request body is undefined if the post request is from a static file #92
Description
Hi,
I am not sure whether this is an issue, details as follows, the following code always fails the authentication (i.e., 'Verification function is called' is never shown in console):
const express = require('express')
const path = require('path')
const passport = require('passport')
const Strategy = require('passport-local').Strategy
const port = 30000
passport.use(new Strategy(
function(username, password, cb) {
console.log('Verification function is called');
return cb(null, {username, id: '1'});
}
));
var app = express();
app.use(passport.initialize());
app.use(passport.session());
app.get('/', (req, res) => res.send('Hello world!'));
app.get('/login.html', (req, res) => res.sendFile(path.join(__dirname, '/login.html')));
app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login.html' }));
app.listen(port, () => console.log(`Example app listening on port ${port}`));
here is the static file 'login.html':
<html>
<head>
<title>login</title>
</head>
<body>
<form action="/login" method="post">
<div>
<label>Username:</label>
<input type="text" name="username"/>
</div>
<div>
<label>Password:</label>
<input type="password" name="password"/>
</div>
<div>
<input type="submit" value="Log In"/>
</div>
</form>
</body>
</html>
After debug, I found the problem is in Strategy.prototype.authenticate, passport-local/lib/strategy.js, specially, this line:
return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);
And I add a log before this return such as:
console.log('here!!! body:' + req.body + ' query: ' + req.query + ' usernameField: ' + this._usernameField + ' passwordField:' + this._passwordField);
and here is the result:
here!!! body:undefined query: [object Object] usernameField: username passwordField:password
But actually, from fiddler, the request body is not null:
POST http://xxx:30000/login HTTP/1.1
Host: xxx:30000
Connection: keep-alive
Content-Length: 25
Cache-Control: max-age=0
Origin: http://xxx:30000
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://xxx:30000/login.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,ar;q=0.8,zh-CN;q=0.7,zh;q=0.6
Cookie: connect.sid=s%3AU9HkxMCRQJutHorlDOveMi91T8CngKVs.MNuCBvMhY7KAb%2Fmvn0oMbga8GFfYWrMeUeL8Bu1RMiw
username=adf&password=adf
Looks the request body is never populated to the passport library. Could you please take a look? Thanks!