Twitter login doesnt' redirect properly because passport.authenticate

[jorgeram]

Hi. I'm getting a "Page not found" (Error: /api/auth/twitter/[object%20Object] is not a valid path.) after twitter authenticate with default project created by MEAN.JS 0.4.2 Yeoman generator.

I'm pretty newbie but the problem seems to be that in users.authentication.server.controller.js -> oauthCallback -> line 122 we're redirecting to (redirectURL || sessionRedirectURL || '/') but passport.authenticate method give as an empty object in "redirectURL" so we're doing a redirect to "object Object" String (not a valid URL) instead of "/"

Looking at passport.authenticate doc, they say that third parameter of custom callback is not a URL but "an optional info argument containing additional details provided by the strategy's verify callback" ([http://passportjs.org/docs/authenticate])

I've tried with Facebook and is working fine because redirectURL is "undefined" and we're getting a redirect to "/".

It could need a change in MEAN.JS oauthCallback method, or maybe a passport problem?

Thanks in advance!
Regards

[mrbfrank]

+1 same problem on a newly generated 0.4.2 project.

[ilanbiala]

@mrbfrank have you tried with master?

[mrbfrank]

@ilanbiala Hi yes master appears to work with Facebook.. & also a custom strategy that I've written for Twitch authentication.

[mrbfrank]

@ilanbiala Update: Actually I just cloned master, npm install && grunt, and encountered "/api/auth/facebook/[object%20Object] is not a valid path."

[ilanbiala]

@lirantal @mleanos @codydaig have any of you run into these issues?

[lirantal]

I didn't but I'll give it a try

[mleanos]

Yes. I've experienced this exact issue. The authentication seems to take place, but the callback URL isn't working. I can't quite remember if I saw what was causing the issue. I was working on a short list of issues I found with the Social Accounts authentication methods, but hadn't gotten to attempting to solve this issue. I'll revisit this over the weekend, and provide feedback.

[ChrisSQL]

I was working on a 6 month old MEANjs 0.4 and got it all of a sudden on FB and Google Logins.

I changed a server function to redirect to homepage instead of going back to the last page you clicked login from and it seemed to solve it.

Also i went into mlab and deleted all the sessions.

modules/users/server/controllers/users/users.authentication.server.controller.js

`/**
 * OAuth callback
 */
exports.oauthCallback = function (strategy) {
  return function (req, res, next) {
    // Pop redirect URL from session
    var sessionRedirectURL = req.session.redirect_to;
    delete req.session.redirect_to;

    passport.authenticate(strategy, function (err, user, redirectURL) {
      if (err) {
        return res.redirect('/authentication/signin?err=' + encodeURIComponent(errorHandler.getErrorMessage(err)));

      }
      if (!user) {
        return res.redirect('/authentication/signin');
      }
      req.login(user, function (err) {
        if (err) {
          return res.redirect('/authentication/signin');
        }

        // return res.redirect(redirectURL || sessionRedirectURL || '/');
        return res.redirect('http://www.mysite.com');

      });
    })(req, res, next);
  };
};`

Also another problem started and im not sure if its related but if you click login too quickly as the page is loaded it just refreshes and stays logged in. You have to wait at least 10 seconds before the logout button actually works.

Another interesting point is i basically copied the whole project a few days ago onto a different Heroku App and that one never had the login problem. All that i changed was some CSS and that other site never had a problem.

[ChrisSQL]

Just got this problem on another site that i did absolutely no changes on.

I added

 // return res.redirect(redirectURL || sessionRedirectURL || '/');
        return res.redirect('http://www.mysite.com');

And it worked fine again.

Problem with Redirect url it seems.

[snlacks]

@chrismaher got me on the right path, it "worked" but I needed it to redirect to the place where we started from. When I ran the debugger, it seems that using redirectURL is what's messing it up. To get the redirect:

    // return res.redirect(redirectURL || sessionRedirectURL || '/');
    return res.redirect(sessionRedirectURL || '/'); 

in users.authentication.server.controller at \path\to\project\modules\users\server\controllers\users\users.authentication.server.controller.js

Opened issue on the generator repo

[ChrisSQL]

Still no solution to what actually caused the problem in the first place?

I had one site that i literally haven't modified in any way in weeks and it just started happening. Another one i was in the middle of working on so i assumed it was me that made some mistake but it probably wasnt. Both sites where using ~6 month old version of Mean.js 0.4

[fauria]

Same problem here:
/api/auth/twitter/[object%20Object] is not a valid path.
/api/auth/facebook/[object%20Object] is not a valid path.

meanjs-version: 0.5.0-beta

[fauria]

From passport.authenticate() doc: "An optional info argument will be passed, containing additional details provided by the strategy's verify callback.".

This corresponds to the argument redirectURL in passport.authenticate() callback, file users.authentication.server.controller.js function oauthCallback.

An empty object is a truthy value, so return res.redirect(redirectURL || sessionRedirectURL || '/'); will be evaluated as return res.redirect('[object Object]');, i.e., casting that object to string (Object().toString())

I just updated a previous PR with that changed, with the workaround that @snlacks suggests.