1

I have a older system in php, so , i'm writing a new one with Node.js with Express framework, in some place with the Node.js site i need log into the php site (the sites use the same credentials).

Basically i have a button in some place in mi view (in Express) that when is pressed, should take some user credentials from some place, login into php site with this credentials (without any forms) and redirect to the php system already logged in on the browser.

I'm trying to follow this answer

So, here is the code, that execute when button is pressed.

app.post('/loginphp', function(req, res) {

  var data = request.post(
    'http://somesite.somedomain.com/Users/login', {
      form:{
       'data[User][email]': 'someuser@somedomain.com',
       'data[User][pass]' : 'somepassword'
      }
    }, function(error, response, body) {

      var sessionCookie = response.headers['set-cookie'][response.headers['set-cookie'].length - 1];
      sessionCookie = sessionCookie.split(';');
      sessionCookie = sessionCookie[0];

      // trying with this way  the same results

      /*
         res.set({'Cookie' : sessionCookie}).
           redirect('http://somesite.somedomain.com/Users');
      */

      // and same results too in this one

      /*
         res.setHeader('Cookie', sessionCookie).
           redirect('http://somesite.somedomain.com/Users');
      */


      res.header('Cookie', sessionCookie)
         .redirect('http://somesite.somedomain.com/Users');

      //the output shows the cookie is saved just fine on headers

      /*console.log(res.header());*/


      // Doing this!!! -> WORKS!! , but i need be on the browser not here.

      /*
       request.get('http://somesite.somedomain.com/Users', {
          headers: {"Cookie" : sessionCookie},
        }, function (error, response, body) {
          if(response.statusCode == 200) {
           console.log(body);
          }
       });
      */

    });
});

Uncomment the last commented piece of code (from request.get), i can see this works nice, and is printing the HTML (body) of the logged in website users home page, but when i try to set the Cookies in headers and redirect to the site in order to make login on the browser, this doesn't work

Is possible do this by this way?

I'm missing something?

Thanks in advance.

Community
  • 1
  • 1
Gonzalo Bahamondez
  • 1,371
  • 1
  • 16
  • 37
  • 1
    Are you using the middlewares for session and cookie for express? https://github.com/expressjs/cookie-parser https://github.com/expressjs/session – fernandopasik Aug 06 '14 at 14:00
  • There's another framework to recommend on authentication, you can make your custom configuration for your php service http://passportjs.org/ – fernandopasik Aug 06 '14 at 14:29
  • I use passport for common local login authentication, do you have examples of using passport for solve my problem? i'm new in node. – Gonzalo Bahamondez Aug 06 '14 at 14:53
  • I think the idea would be the basic/digest from the guide: http://passportjs.org/guide/basic-digest/ – fernandopasik Aug 06 '14 at 17:00
  • Are the PHP and Node.j apps on different domains? If, so are they just different sub domains of the same TLD, or different TLDs altogether? – JME Aug 08 '14 at 14:26
  • they are in differents domains – Gonzalo Bahamondez Aug 08 '14 at 17:18
  • they are in differents domains – Gonzalo Bahamondez Aug 08 '14 at 17:18
  • @GonzaloBahamondez if they are from different domain then setting the cookie from node.js domain will not be accessible by cakephp – dkkumargoyal Aug 08 '14 at 19:04
  • Okay, but are they in different sub domains of the same TLD (top level domain or in different TLD altogether? (i.e. different subdomains sub1.domain.com and sub2.domain.com, or different TLD domain1.com and domain2.com). I ask because sharing cookies between domains is a bit trickier than sharing cookies between sub-domains of a single TLD domain. – JME Aug 09 '14 at 01:27
  • Now, i'm in differents TLD , but i need understand both, because on production, will be the same TLD, but different SD. there some way for differents TLD? – Gonzalo Bahamondez Aug 09 '14 at 03:53

1 Answers1

1

@Gonzalo do you still have access to the (server/code) running the cakephp app?

you would need to add a cross-origin header to allow your node.js (express) app to issue POST requests to the cakephp app/website.

e.g:

<?php
 header("Access-Control-Allow-Origin: *");

or specific to CakePHP:

$this->response->header('Access-Control-Allow-Origin', '*');

then you can test it by running:

curl -H "Content-Type: application/json" -dv "{'data[User][email]':'someuser@somedomain.com','data[User][pass]' : 'somepassword'}" http://somesite.somedomain.com/Users/login

Confirm that the headers contain an entry similar to:

Access-Control-Allow-Origin: *

This will allow you to access the PHP app from both Node (using request) and in your client app.

More info:

Let me know (in the comments) if you are still unable to send POST requests to the CakePHP app.

nelsonic
  • 31,111
  • 21
  • 89
  • 120
  • $this->response->header('Access-Control-Allow-Origin', '*'); ready, checking the headers i can see "Access-Control-Allow-Origin: *" it's present, looks nice, but doesn't work, when i redirect the site is not logged in. – Gonzalo Bahamondez Aug 07 '14 at 03:28
  • I think, the "post" is working, because, when instead of trying to set the headers and redirect on the browser, with res.redirect, if i make a get with the request module (on terminal), I can see the already logged in html, with console.log(body) - (the commented code at the end of my question). but when i try to redirect in the browser, doesn't work (instead of request.get, with -> res.header('Cookie',sessionCookie).redirect('http://somesite.somedomain.com/Users')). The difference is the way of set the cookies between res.header() and request.get() . – Gonzalo Bahamondez Aug 07 '14 at 04:03
  • The cookies in the response of the first post (with user credentials) looks like this "CAKEPHP=coi7jq3g5al4jvs305jm6br744", should i use res.cookie ? instead of res.header('Cookie', sessionCookie) before res.redirect, if so, how i can set the cookies properly with res.cookies() considering the cookie sample that i get in the response. – Gonzalo Bahamondez Aug 07 '14 at 04:20
  • When you say it "doesn't work" what error message are you seeing? – nelsonic Aug 07 '14 at 10:12
  • curl -X POST --data "username=user@example.com&password=password" http://example.com/Users/login, works without any problems. But i need the same on browser. – Gonzalo Bahamondez Aug 07 '14 at 17:27