I am trying to figure out the Passport.js authentication mechanism, and there is one confusing point for me.
The following is the .use() function's implementation:
Authenticator.prototype.use = function(name, strategy) {
if (!strategy) {
strategy = name;
name = strategy.name;
}
if (!name) { throw new Error('Authentication strategies must have a name'); }
this._strategies[name] = strategy;
return this;
};
My understanding is that this function registers strategy into the _strategies property.
For example, I use the JWT strategy as following:
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.sub}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
// or you could create a new account
}
});
}));
The verify callback is provided. So in this way, the authentication strategy is configured.
Then in the API route, we can use passport.authenticate('jwt') method as a middleware to authenticate the incoming request.
I check the implementation of the Passport.js (the authenitcate.js file). I found that in fact, the named strategy's authenticate function will be invoked for the auth process.
So how does the verify callback work? When and where it's called?
Edit:
After more debugging, I found the verify callback was called in the specific strategy's authenticate function. following is the passport-jwt strategy:
JwtStrategy.prototype.authenticate = function(req, options) {
var self = this;
var token = self._jwtFromRequest(req);
if (!token) {
return self.fail(new Error("No auth token"));
}
this._secretOrKeyProvider(req, token, function(secretOrKeyError, secretOrKey) {
if (secretOrKeyError) {
self.fail(secretOrKeyError)
} else {
// Verify the JWT
JwtStrategy.JwtVerifier(token, secretOrKey, self._verifOpts, function(jwt_err, payload) {
if (jwt_err) {
return self.fail(jwt_err);
} else {
// Pass the parsed token to the user
var verified = function(err, user, info) {
if(err) {
return self.error(err);
} else if (!user) {
return self.fail(info);
} else {
return self.success(user, info);
}
};
try {
if (self._passReqToCallback) {
self._verify(req, payload, verified);
} else {
self._verify(payload, verified);
}
} catch(ex) {
self.error(ex);
}
}
});
}
});
};
the self._verify is in fact the verify callback defined in the configure process.
Related
I'am using activedirectory library (https://www.npmjs.com/package/activedirectory) in Nodejs with Express server.
I want to return the user infomation when I pass the authenticate() method and call the findUser() method, but I can make it work.
Can someome help me, please?!?!
Is there any other library in node that I can use to make a Active Directory authentication?
Here's my code:
ad.authenticate(username, password, function (err, auth) {
if (err) {
console.log(err);
return;
}
if (auth) {
var opts = {
bindDN: username,
bindCredentials: password
};
ad.findUser(opts, username, function (err, user) {
if (err) {
console.log(err);
return;
} else {
console.log(user);
}
})
} else {
console.log('Authenticate Failed');
}
});
}
I want to replace the console.log(user) when I find the user.
Thank's!!
So, I have everything working but it is not showing it is an authenticate user even though it arrives at the proper places...
javascript code from the page to validate login
var UserManager = {
validateLogin : function (username, password) {
var userData = {
username: username,
password: password
}
return new Promise(function(resolve, reject) {
$.ajax({
url: "/musicplayer/users/api/login",
dataType: "json",
data: userData,
type: "POST",
success: function loginSuccess(result, status, xhr) {
resolve(null);
},
error: function loginError(xhr, status, result) {
reject(new Error(result));
},
});
});
}
}
function userLogin(){
UserManager.validateLogin($('#loginEmail').val(), $('#loginPassword').val()).then(function(response) {
window.location = '/musicplayer/library'
},
function(error){
$("#msgBox").messageBox({"messages" : error.message, "title" : "Warning", boxtype: 4 });
$("#msgBox").messageBox("show");
});
return false;
}
local.strategy.js
var passport = require('passport');
var localStrategy = require('passport-local').Strategy;
var userLibrary = require('../../classes/music/userlibrary.js');
module.exports = function () {
passport.use(new localStrategy(
{
usernameField: 'username',
passwordField: 'password'
},
function(username, password, done) {
//validating user here
var userManager = new userLibrary.UserManager();
userManager.login(username, password).then(
function (user){
done(null, user);
},
function (reason){
if (reason.err) {
done(err, false, info);
}
else {
done(null, false, {message: reason.message});
}
}
);
})
);
};
Router
/******* validate the user login ********/
usersRouter.post('/api/login', function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) {
console.log("Login Failed", err.message + " - " + err.stack);
if (req.xhr){
res.status(500).send({ error: 'Internal Error' });
}
else {
next(err);
}
}
else if (!err && !user){
err = new Error();
err.message = info.message;
err.status = 401;
console.log("Invalid Data", err.message);
if (req.xhr){
res.status(401).send({ error: err.message });
}
else {
next(err);
}
}
else if (user){
console.log("Successful Login:", user);
res.status(200).send({message: "successful"});
}
}
)(req, res, next);
});
passport.js file which has my Middleware...
var passport = require("passport");
module.exports = function (app) {
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser(function(user, done){
done(null, user);
});
passport.deserializeUser(function(user, done){
done(null, user);
});
require('./strategies/local.strategy')();
app.all('/musicplayer/*', function (req, res, next){
// logged in
//need function for exceptions
if (req.user || req.url === '/musicplayer/users/api/login' || req.url === '/musicplayer/users/signin') {
next();
}
// not logged in
else {
// 401 Not Authorized
var err = new Error("Not Authorized");
err.status = 401;
next(err);
}
});
}
Userlibrary/UserManager
I am using promises to be able to utilize the creation of a library and to deal with sync versus async issues that I ran into early on...
var sqlite3 = require('sqlite3').verbose();
function User() {
this.email = "";
this.password = "";
this.userid = "";
};
function UserManager () {
this.user = new User();
};
UserManager.prototype.login = function (email, password) {
var db = new sqlite3.Database('./data/MusicPlayer.db');
params = {
$email: email,
$password: password
}
var self = this;
return new Promise(function(resolve, reject){
db.serialize(function () {
db.get("SELECT * FROM users WHERE email = $email and password = $password", params, function (err, row) {
db.close();
if (!err && row) {
//log in passed
self.user.userid = row.userid;
self.user.email = row.email;
self.user.password = row.password;
resolve(self.user);
}
else if (!err) {
//log in failed log event
reject({
err: err,
message: null
});
}
else {
//error happened through out an event to log the error
reject({
message : "Email and/or Password combination was not found",
err : null
});
}
});
});
});
};
module.exports = {
User : User,
UserManager : UserManager
}
Now, I have debugged this and it is for sure getting to "successful Login"
Returns to the browser with success, the browser says okay let me redirect you to the library page (which is really just a blank page). When it goes to my library page I get a 401 unauthorized.
So if I debug inside the middleware to ensure authentication. I look at req.user and it is undefined and I try req.isAuthenticated() it returns a false.
I think I must be missing something...
What I want is a global authentication saying hey is this person logged in. And then I will set up the route/route basis say okay do they have permission for this page or web service call.
Right now I am sticking with session for everything as it is not useful to me to learn web tokens at this point and time.
Any help would be appreciated... I been around and around on this looking at examples out there. But the examples I find are the "basic" examples no one calling a library to validate from database or they are not trying to set up the authorization globally but rather on a route by route basis.
Upon searching I found this article
https://github.com/jaredhanson/passport/issues/255
then I found this in documentation
app.get('/login', function(req, res, next) {
passport.authenticate('local', function(err, user, info) {
if (err) { return next(err); }
if (!user) { return res.redirect('/login'); }
req.logIn(user, function(err) {
if (err) { return next(err); }
return res.redirect('/users/' + user.username);
});
})(req, res, next);
});
and that worked for me... I basically forgot to do the req.logIn method itself when using the custom callback.... I knew it was something simple... Hope this helps someone in the future.
I would like to use sailsJS with an existing database.
This database already contains a user table (which is named caver) and already has email, username and password (which are named contact, login, password).
I cannot change the schema of this database!
I am currently trying to use sails-generate-auth to setup a local authentication.
Is it possible to link the passport authentication with an existing model (Caver) which is not the automatically created model (User)?
Can I use a custom hash function (the one used for the password in my current database) with the passport service created by sails-generate-auth?
I already succeeded to make my authentication work with the following code but now I would like to use sails-generate-auth instead.
api/services/passport.js (without using sails-generate-auth) :
var passport = require('passport'),
LocalStrategy = require('passport-local').Strategy;
// helper functions
function findById(id, fn) {
Caver.findOne(id).done( function(err, user){
if (err){
return fn(null, null);
}else{
return fn(null, user);
}
});
}
function findByEmail(e, fn) {
Caver.findOne({
Contact: e
}).done(function(err, user) {
// Error handling
if (err) {
return fn(null, null);
// The User was found successfully!
}else{
return fn(null, user);
}
});
}
function md5(string) {
var crypto = require('crypto');
return crypto.createHash('md5').update(string).digest('hex');
}
function getOldGCpassword(login, password) {
return addslashes(md5(login + "*" + password));
}
function addslashes(str) {
// From: http://phpjs.org/functions
// * example 1: addslashes("kevin's birthday");
// * returns 1: 'kevin\'s birthday'
return (str + '').replace(/[\\"']/g, '\\$&').replace(/\u0000/g, '\\0');
}
// Passport session setup.
// To support persistent login sessions, Passport needs to be able to
// serialize users into and deserialize users out of the session. Typically,
// this will be as simple as storing the user ID when serializing, and finding
// the user by ID when deserializing.
passport.serializeUser(function(sessionUser, done) {
done(null, sessionUser.id);
});
passport.deserializeUser(function(id, done) {
findById(id, function (err, user) {
done(err, user);
});
});
// Use the LocalStrategy within Passport.
// Strategies in passport require a `verify` function, which accept
// credentials (in this case, a email and password), and invoke a callback
// with a user object.
passport.use(new LocalStrategy({
usernameField: 'email'
},
function(email, password, done) {
// asynchronous verification, for effect...
process.nextTick(function () {
// Find the user by email. If there is no user with the given
// email, or the password is not correct, set the user to `false` to
// indicate failure and set a flash message. Otherwise, return the
// authenticated `user`.
findByEmail(email, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false, { message: 'Unknown user ' + email });
}
var hash = getOldGCpassword(user.Login, password);
if (hash.localeCompare(user.Password) == 0) {
var returnUser = { email: user.Contact, createdAt: user.Date_inscription, id: user.Id };
return done(null, returnUser, { message: 'Logged In Successfully'} );
} else {
return done(null, false, { message: 'Invalid Password'});
}
})
});
}
));
I am trying to use two different basic authentication conditions for two different apis. But the moment I add the second authentication condition in my project, Passport.Js doesn't let me authenticate at all. It keeps saying wrong password. Below is the code: Can anybody suggest what's wrong with it? I am sorry if this is a noob question. I have just begun working with node so the entire framework is new to me.
// Load required packages
var passport = require('passport');
var passport2= require('passport');
var BasicStrategy = require('passport-http').BasicStrategy;
var BasicStrategy2 = require('passport-http').BasicStrategy;
var User = require('../models/useridentity');
var User2 = require('../models/useridentity');
passport.use(new BasicStrategy(
function(username, password, callback) {
User.findOne({ username: username }, function (err, user) {
if (err) { return callback(err); }
// No user found with that username
if (!user) { return callback(null, false); }
// Make sure the password is correct
user.verifyPassword(password, function(err, isMatch) {
if (err) { return callback(err); }
// Password did not match
if (!isMatch) { return callback(null, false); }
// Success
return callback(null, user);
});
});
}
));
passport2.use(new BasicStrategy2(
function(user, pass, callback) {
User2.findOne({ useremail: user }, function (err, user) {
if (err) { return callback(err); }
// No user found with that username
if (!user) { return callback(null, false); }
// Make sure the password is correct
user.verifyPassword(pass, function(err, isMatch) {
if (err) { return callback(err); }
// Password did not match
if (!isMatch) { return callback(null, false); }
// Success
return callback(null, user);
});
});
}
));
exports.isAuthenticated = passport.authenticate('basic', { session : false });
exports.isAuthenticated2 = passport2.authenticate('basic',{session:false});
Requiring same modules multiple times makes no sense - due to module caching you are likely receiving the same object. You can name the strategies in use which enables using same strategy with different configuration:
var passport = require('passport'),
BasicStrategy = require('passport-http').BasicStrategy;
passport.use('auth1', new BasicStrategy(...));
passport.use('auth2', new BasicStrategy(...));
app.post('/api1', passport.authenticate('auth1'), function(req, res) { ... });
app.post('/api2', passport.authenticate('auth2'), function(req, res) { ... });
I'm using the MEAN stack with passport and the Passport-Local-Mongoose plugin. However, whenever I update a User record's username, I am logged out of my current session. What is the correct way to update a username with Passport-Local-Mongoose?
// Update User -- Tied to Usernames or will log out
exports.update = function(req, res) {
user = req.user;
user = _.extend(user, req.body);
user.save(function(err, user) {
if(err) {
console.log(err);
// Error handling for uniqueness violations
if (err.code === 11001) {
if (err.err.indexOf("email") != -1) {
return next(new Error("Email Address Already In Use"));
} else if (err.err.indexOf("username") != -1) {
return next(new Error("Username Already In Use"));
}
}
};
});
};
The reason for this behavior is the serialize/deserialize implementation shipped with passport-local-mongoose:
schema.statics.serializeUser = function() {
return function(user, cb) {
cb(null, user.get(options.usernameField));
}
};
schema.statics.deserializeUser = function() {
var self = this;
return function(username, cb) {
self.findByUsername(username, cb);
}
};
This implementation uses the username field for serialization and deserialization. As a consequence a change to the username will fail if the username value changed. You can prevent this behavior by using a custom serialization/deserialization strategy like this:
schema.statics.serializeUser = function() {
return function(user, cb) {
cb(null, user.id);
}
};
schema.statics.deserializeUser = function() {
var self = this;
return function(id, cb) {
self.findOne(id, cb);
}
};