Yotam
Yotam

Reputation: 10485

Checking user authentication with ajax request, jquery

I have a nodeJS based server that receives this ajax request

    $("#inbox").click(function() {
        $.ajax({
            type: "POST",
        url: "/inbox",
        data: dataString,
        username: 'test',
        password: 'test',
        success: function(data) {
        mails = JSON.parse(data);
        var html = new String();
        for (var i = 0 ; i < mails.length ; i++) {
            html += mails[i].from + ": " + mails[i].subject + "<br>";
        }
        $("#emails").html(data);
            },
        error: function(xhr, textStatus, errorThrown) {
        $("#emails").html("bad");
        }
        });
    });

How do I get the username and password on the server side? I've checked the request headers, didn't see anything that would help me.

Also: after login, when username and password were validated, I send a response that redirects the user to /mail?user=username. How do I safely send the password so that mail.html will send it for further requests?

Thanks!

Upvotes: 0

Views: 1265

Answers (1)

robertklep
robertklep

Reputation: 203251

If you're using Express, you'd need to use something like the basicAuth middleware first. If you're using that, you can get to username using req.user. If you want to access the password as well, I think you need to supply your own validation-callback:

app.use(express.basicAuth(function(user, pass){
  // validate username/password and return true or false
}));

For more information, look here.

As for passing the password to mail.html: don't. Use sessions instead.

Upvotes: 1

Related Questions