Develop Reference

Passport not working after mail-gun verify email

I am using passport.js and mailgun-validate-email to try and validate an email then create a user account based off that email. I can get it to validate the email but it will not finish the POST request to actually create the user. It will eventually show a post log but it does't even give a status code which I found weird. I am using morgan to see this. Normally it does but this time it is just - where the status code is to be.
Passport.use signup middleware
passport.use('signup', new LocalStrategy({
usernameField: 'email',
passReqToCallback : true
},
function(req, email, password, done) {
var findOrCreateUser = function(){
console.log(req.body.email);
User.findOne({ email: req.body.email }, function(err, existingUser) {
if(err){
console.log(err);
}
if (existingUser) {
req.flash('form', {
email: req.body.email
});
return done(null, false, req.flash('error', 'An account with that email address already exists.'));
}
// edit this portion to accept other properties when creating a user.
var user = new User({
email: req.body.email,
password: req.body.password // user schema pre save task hashes this password
});
user.save(function(err) {
if (err) return done(err, false, req.flash('error', 'Error saving user.'));
var token = new Token({ _userId: user._id, token: crypto.randomBytes(16).toString('hex') });
token.save(function (err) {
if (err) return done(null, false, req.flash('error', err.message));
var email = req.body.email;
// Send the email
var message = 'Hello,\n\n' + 'Please verify your account by clicking the link: \nhttp:\/\/' + req.headers.host + '\/confirmation\/' + token.token + '\/' + email + '\n';
sendEmail('"Phantom Asset Management" noreply#phantomam.com', user.email, 'Account Verification Token', message);
});
var time = 14 * 24 * 3600000;
req.session.cookie.maxAge = time; //2 weeks
req.session.cookie.expires = new Date(Date.now() + time);
req.session.touch();
return done(null, user, req.flash('success', 'A verification email has been sent to ' + user.email + '.'));
});
console.log('done');
});
};
process.nextTick(findOrCreateUser);
})
);
Then my controller
exports.postSignup = function(req, res, next){
req.assert('email', 'Please sign up with a valid email.').isEmail();
req.assert('password', 'Password must be at least 6 characters long').len(6);
var errors = req.validationErrors();
if (errors) {
req.flash('errors', errors);
req.flash('form', {
email: req.body.email
});
return res.redirect('/signup');
}
validator(req.body.email, function (err, result){
if(err) {
return console.log('Error: ', err);
} else {
console.log('Result: ', result);
if(result.is_valid == false){
req.flash('error', 'Looks like your email is not valid did you mean ' + result.did_you_mean + '?');
return res.redirect(req.redirect.failure);
} else if(result.is_valid == true) {
// calls next middleware to authenticate with passport
passport.authenticate('signup', {
successRedirect: '/dashboard', // Select redirect for post signup
failureRedirect: '/signup',
failureFlash : true
});
}
}
});
(req, res, next);
next();
};
If my understanding of how I have it is correct it first checks to make sure it is an email then the password is the right length. If there is errors it lets the user know and redirect them back to /signup. Then it goes into the validator and either give an error to the console or goes into checking if it is valid or not. If it is not valid is shows the user an error but if valid goes into my passport middleware.
Which should take and check if a user exists then flag error is need be. It saves the user and a token for that user to use to verify their email address. This all works fine expect the saving of the user and token.
It looks like it might be a request.js issue, I am getting error: esockettimedout. The only dependencies for mailgun-validate-email is just request 2.25.0. The esockettimedout is on request.js:813:19

Creating account email verification not working

I am trying to have it so when a user signs up to my site that they get an email saying that they need to verify their email to use the site. It currently sends the email with the token just fine but when I go to the confirmation link it fails with a status 404.
Route
app.post('/confirmation/:token',
users.confirmationPost);
Require controller
var users = require('../controllers/users-controller');
confirmationPost
exports.confirmationPost = function (req, res, next) {
req.assert('email', 'Email is not valid').isEmail();
req.assert('email', 'Email cannot be blank').notEmpty();
req.assert('token', 'Token cannot be blank').notEmpty();
req.sanitize('email').normalizeEmail({ remove_dots: false });
// Check for validation errors
var errors = req.validationErrors();
if (errors) return res.status(400).send(errors);
// Find a matching token
Token.findOne({ token: req.body.token }, function (err, token) {
if(err) throw err;
if (!token) return res.status(400).send({ type: 'not-verified', msg: 'We were unable to find a valid token. Your token my have expired.' });
// If we found a token, find a matching user
User.findOne({ _id: token._userId }, function (err, user) {
if(err) throw err;
if (!user) return res.status(400).send({ msg: 'We were unable to find a user for this token.' });
if (user.isVerified) return res.status(400).send({ type: 'already-verified', msg: 'This user has already been verified.' });
// Verify and save the user
user.isVerified = true;
user.save(function (err) {
if (err) { return res.status(500).send({ msg: err.message }); }
res.status(200).send("The account has been verified. Please log in.");
});
});
});
};
Passport signup
passport.use('signup', new LocalStrategy({
usernameField: 'email',
passReqToCallback : true
},
function(req, email, password, done) {
var findOrCreateUser = function(){
User.findOne({ email: req.body.email }, function(err, existingUser) {
if(err){
console.log(err);
}
if (existingUser) {
req.flash('form', {
email: req.body.email
});
return done(null, false, req.flash('error', 'An account with that email address already exists.'));
}
// edit this portion to accept other properties when creating a user.
var user = new User({
email: req.body.email,
password: req.body.password // user schema pre save task hashes this password
});
user.save(function(err) {
if (err) return done(err, false, req.flash('error', 'Error saving user.'));
var token = new Token({ _userId: user._id, token: crypto.randomBytes(16).toString('hex') });
token.save(function (err) {
if (err) return done(null, false, req.flash('error', err.message));
// Send the email
var message = 'Hello,\n\n' + 'Please verify your account by clicking the link: \nhttp:\/\/' + req.headers.host + '\/confirmation\/' + token.token + '.\n';
sendEmail('"Phantom Asset Management" noreply#phantomam.com', user.email, 'Account Verification Token', message);
});
var time = 14 * 24 * 3600000;
req.session.cookie.maxAge = time; //2 weeks
req.session.cookie.expires = new Date(Date.now() + time);
req.session.touch();
return done(null, user, req.flash('success', 'A verification email has been sent to ' + user.email + '.'));
});
});
};
process.nextTick(findOrCreateUser);
})
);
When I go to /confirmation/:token I get my error 404 page and nothing in my console. Only thing I see there is my debugger showing an error 404 for that route.

object Object error in signup with passport in express

I am using Passport and Express in a NodeJs project.
I have a User model with fields: id, password, and email. When I try to signup it throws this error:
[object Object]
into the form and it doesn't post user data in the database. In the console, it shows
POST /signup 302 -58.
Here's whole passport.js file:
var LocalStrategy = require('passport-local').Strategy;
// load up the user model
var configDB = require('./database.js');
var Sequelize = require('sequelize');
var sequelize = new Sequelize(configDB.url);
var User = sequelize.import('../app/models/users');
User.sync();
// load the auth variables
var configAuth = require('./auth'); // use this one for testing
module.exports = function(passport) {
// used to serialize the user for the session
passport.serializeUser(function(user, done) {
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser(function(id, done) {
User.findById(id).then(function(user){
done(null, user);
}).catch(function(e){
done(e, false);
});
});
=========================================================================
// LOCAL LOGIN =============================================================
passport.use('local-login', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass in the req from our route (lets us check if a user is logged in or not)
},
function(req, email, password, done) {
User.findOne({ where: { email: email }})
.then(function(user) {
if (!user) {
done(null, false, req.flash('loginMessage', 'Unknown user'));
} else if (!user.validPassword(password)) {
done(null, false, req.flash('loginMessage', 'Wrong password'));
} else {
done(null, user);
}
})
.catch(function(e) {
done(null, false, req.flash('loginMessage',e.name + " " + e.message));
});
}));
=========================================================================
// LOCAL SIGNUP ============================================================
passport.use('local-signup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass in the req from our route (lets us check if a user is logged in or not)
},
function(req, email, password, done) {
// Whether we're signing up or connecting an account, we'll need
// to know if the email address is in use.
User.findOne({ where: { email: email }})
.then(function(existingUser) {
// check to see if there's already a user with that email
if (existingUser)
return done(null, false, req.flash('error', 'That email is already taken.'));
// If we're logged in, we're connecting a new local account.
if(req.user) {
var user = req.user;
user.email = email;
user.password = User.generateHash(password);
user.save().catch(function (err) {
throw err;
}).then (function() {
done(null, user);
});
}
// We're not logged in, so we're creating a brand new user.
else {
// create the user
var newUser = User.build ({email: email, password: User.generateHash(password)});
newUser.save().then(function() {done (null, newUser);}).catch(function(err) { done(null, false, req.flash('error', err));});
}
})
.catch(function (e) {
done(null, false, req.flash('loginMessage',e.name + " " + e.message));
})
}));
And in routes.js
// locally --------------------------------
// LOGIN ===============================
// show the login form
app.get('/login', function(req, res) {
res.render('login.ejs', { message: req.flash('loginMessage') });
});
// process the login form
app.post('/login', passport.authenticate('local-login', {
successRedirect : '/profile', // redirect to the secure profile section
failureRedirect : '/login', // redirect back to the signup page if there is an error
failureFlash : true // allow flash messages
}));
// SIGNUP =================================
// show the signup form
app.get('/signup', function(req, res) {
res.render('signup.ejs', { message: req.flash('loginMessage') });
});
// process the signup form
app.post('/signup', passport.authenticate('local-signup', {
successRedirect : '/profile', // redirect to the secure profile section
failureRedirect : '/signup', // redirect back to the signup page if there is an error
failureFlash : true // allow flash messages
}));
Thanks in advance.

I found the solution!!! It was simpler than I thought, just a carelessness.
In user model I defined password field:
password: {
type: DataTypes.STRING(25),
allowNull: true,
defaultValue: ''
},
And after encryption, this field length was too small to storage the value. So I changed it for 255.

Passport.js local login with body validation and error handling

I need body validation and better error handling without the first validation middleware. The code works very well, but I would like to delete the first middleware and manage validation within the second.
routes/auth.js
router.post('/signin', function(req, res, next){
req.checkBody('email', 'Email is required.').notEmpty();
req.checkBody('email', 'Invalid email format.').isEmail();
req.checkBody('password', 'Password is required.').notEmpty();
req.checkBody('password', 'The password length must be between 8 and 100.').isLength({min: 8, max: 100});
var err = req.validationErrors();
if (err) {
res.status(400).send({ success: false, error: err});
return;
}
next();
});
router.post('/signin', passport.authenticate('local', { session: false }), function(req, res){
var user = req.user;
return res.json({success: true, user: user});
});
As regards the error handling, if a user doesn't match, the error is:
{
"error": "Invalid email and/or password"
}
and I would like this:
{
"success":false,
"error": "Invalid email and/or password"
}
How can I do it?
passport.js
passport.use(new LocalStrategy({
usernameField: 'email',
passwordField: 'password'
},
function(email, password, done) {
User.findOne({ email: email, password: password },'-password', function (err, user) {
if (err)return done(err);
if(!user){
var err = new Error('Invalid email and/or password');
err.status = 401;
return done(err, false);
}
return done(null, user);
})
}
));
Thanks for the replies.

If I understand you correctly, you want the validation to occur in the verification function of the LocalStrategy object.
Before you can do this, you first need access to the req object. For that, you need to enable the passReqToCallback option of the strategy:
passport.use(new LocalStrategy({
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true
},
function(req, email, password, done) { ... });
From there, you can use the same validation code as in the first middleware:
function(req, email, password, done) {
req.checkBody('email', 'Email is required.').notEmpty();
req.checkBody('email', 'Invalid email format.').isEmail();
req.checkBody('password', 'Password is required.').notEmpty();
req.checkBody('password', 'The password length must be between 8 and 100.').isLength({min: 8, max: 100});
var err = req.validationErrors();
if (err) {
return done(err, false, { success: false, error: err});
}
User.findOne({...});
});
And lastly, you need to use a custom callback for passport.authenticate() to handle the verification outcome:
router.post('/signin', function(req, res, next) {
passport.authenticate('local', { session : false }, function(err, user, info) {
if (err) return next(err);
if (! user) {
return res.status(400).json(info);
}
return res.json({ success : true, user : req.user});
})(req, res, next);
});
The info argument to the callback maps to the third argument of the done() callback in the verification handler.
One thing to note is that Passport will not call the local strategy handler if email or password in the request body is empty, which makes the notEmpty validations moot.

Credentials are not getting passed to authentication stategy

I'm new to node express and passport so I'm not sure what I'm missing. I'm trying to use a custom callback as all I want is a json response from my registration strategy. Currently I keep getting the following error "Missing credentials". I've been at it for a while now and I'm stuck.
Here is my controller:
app.post('/services/authentication/registration', function(req, res, next) {
console.log('before authentication')
passport.authenticate('local-registration', function(err, user, info) {
console.log('authentication callback');
if (err) { return res.send({'status':'err','message':err.message});}
if (!user) { return res.send({'status':'err','message':info.message});}
if (user!=false) { return res.send({'message':'registration successful'});}
})(req, res, next);
},
function(err, req, res, next) {
return res.send({'status':'err','message':err.message});
});
And my passport strategy:
passport.use('local-registration', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true
},
function(req, email, password, done) {
console.log('credentials passed to passport' + email + '' + password)
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error
if (err)
return done(err);
// check to see if theres already a user with that email
if (user) {
return done(null, false, {message: 'User already exists'});
} else {
// if there is no user with that email
// create the user
var newUser = new User();
// set the user's local credentials
newUser.local.email = email;
newUser.local.password = newUser.generateHash(password);
// save the user
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}));

I dont think you should send "req" as a parameter to the authentication function. take a look at this example from the passport docs:
passport.use(new LocalStrategy(
function(username, password, done) {
User.findOne({ username: username }, function (err, user) {
if (err) { return done(err); }
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
if (!user.validPassword(password)) {
return done(null, false, { message: 'Incorrect password.' });
}
return done(null, user);
});
}
));