Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
var express = require('express'),
passport = require('passport'),
LocalStrategy = require('passport-local').Strategy;
var users = [
{ id: 1, username: 'bob', password: 'secret', email: 'bob@example.com' }
];
function findById(id, fn) {
var idx = id - 1;
if (users[idx]) {
fn(null, users[idx]);
} else {
fn(new Error('User ' + id + ' does not exist'));
}
}
function findByUsername(username, fn) {
for (var i = 0, len = users.length; i < len; i++) {
var user = users[i];
if (user.username === username) {
return fn(null, user);
}
}
return fn(null, null);
}
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
findById(id, function (err, user) {
done(err, user);
});
});
passport.use(new LocalStrategy(
function(username, password, done) {
findByUsername(username, function(err, user) {
if (!user) {
return done(null, false, { message: 'Unknown user ' + username });
}
if (user.password != password) {
return done(null, false, { message: 'Invalid password' });
}
return done(null, user);
});
}
));
var app = express();
app.configure(function() {
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
});
// using GET just for easy testing...
app.get('/session', passport.authenticate('local'), function(req, res) {
res.json({_id: req.user._id, _rev: req.user._rev});
});
app.listen(3000, function() {
console.log('Express server listening on port 3000');
});
@engram-design

Visiting http://127.0.0.1:3000/session?username=bob&password=secret2 simply results in Unauthorized rather than the expected { message: 'Invalid password' }

@jaredhanson

You need to add flash support and set the relevant options if you want to display flash messages. Look at this example for inspiration: https://github.com/jaredhanson/passport-local/tree/master/examples/express3

@engram-design

@jaredhanson Ah - good point. Whoops!

As far as I can tell, this doesn't work without a redirect? So the POST itself doesn't return anything

app.get('/login', function(req, res){
    res.json(req.flash('error'));
});

app.post('/session', passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }), function(req, res) {
    res.json({_id: req.user._id, _rev: req.user._rev});
});

Anyway, this seems by design so I won't waste any more of your time. Thanks so much for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.