Create a gist now

Instantly share code, notes, and snippets.

var express = require('express'),
passport = require('passport'),
LocalStrategy = require('passport-local').Strategy;
var users = [
{ id: 1, username: 'bob', password: 'secret', email: 'bob@example.com' }
];
function findById(id, fn) {
var idx = id - 1;
if (users[idx]) {
fn(null, users[idx]);
} else {
fn(new Error('User ' + id + ' does not exist'));
}
}
function findByUsername(username, fn) {
for (var i = 0, len = users.length; i < len; i++) {
var user = users[i];
if (user.username === username) {
return fn(null, user);
}
}
return fn(null, null);
}
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
findById(id, function (err, user) {
done(err, user);
});
});
passport.use(new LocalStrategy(
function(username, password, done) {
findByUsername(username, function(err, user) {
if (!user) {
return done(null, false, { message: 'Unknown user ' + username });
}
if (user.password != password) {
return done(null, false, { message: 'Invalid password' });
}
return done(null, user);
});
}
));
var app = express();
app.configure(function() {
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
});
// using GET just for easy testing...
app.get('/session', passport.authenticate('local'), function(req, res) {
res.json({_id: req.user._id, _rev: req.user._rev});
});
app.listen(3000, function() {
console.log('Express server listening on port 3000');
});
@engram-design
Owner

Visiting http://127.0.0.1:3000/session?username=bob&password=secret2 simply results in Unauthorized rather than the expected { message: 'Invalid password' }

@jaredhanson

You need to add flash support and set the relevant options if you want to display flash messages. Look at this example for inspiration: https://github.com/jaredhanson/passport-local/tree/master/examples/express3

@engram-design
Owner

@jaredhanson Ah - good point. Whoops!

As far as I can tell, this doesn't work without a redirect? So the POST itself doesn't return anything

app.get('/login', function(req, res){
    res.json(req.flash('error'));
});

app.post('/session', passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }), function(req, res) {
    res.json({_id: req.user._id, _rev: req.user._rev});
});

Anyway, this seems by design so I won't waste any more of your time. Thanks so much for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment