Passport node.js local authentication not working - node.js

I am trying to implement passport + express + mongodb functionality of local authentication, but it doesn't seem to work. All of the examples, including the one from the official page has the line
app.use(app.router);, but I am using express 4.9 and I get the error :
Error: 'app.router' is deprecated!
If I remove it, I only get redirected to unsuccessful login, without even entering the LocalStrategy callback.
I would appreciate any help and suggestion how should I substitute the deprecated line.

You'll want to remove that line -- in Express 4.x this is no longer needed -- some of the passport docs are just out of date.
Also: you may want to check out express-stormpath as an alternative to passport if you're trying to store user accounts. Depending on your application's usage, it might be a lot simpler.

Related

How to implement JWT auth on Loopback REST API?

I´m pretty new at nodejs, so I tried to implement an REST API with the loopback framework to try to simplify a bit the building process. I did correctly the models, also cusomized some endpoints, but, when connecting with the frontend (AngularJS), all the code I find, also the code I know to build, requires an JWT token to do any task that requires authorization/authentication, but it seems that loopback sends an uid2 token when I log in. I searched a lot, in stackoverflow and Github, the nearest thing I found is this (https://github.com/strongloop/loopback/issues/1905#issuecomment-310382322) but the code seems to fail here:
const data = jwt.verify(id, secretKey);
cb(null, {userId: data.id});
Any idea?
In simple words, you need to know who is making the call. If you'd use the default loopback authentication you would see that in the req object there is accessToken property which identifies the user. If you want to use JWT there are plenty of ready modules you could use, eg. loopback-jwt or loopback-jwt-advanced.
In general, what you need to do is to apply a middleware that will be responsible for authorization of your user( I strongly recommend you to get familiar with the middleware term). In simple words, middleware is a layer that your requests are going through and you can modify it's a body or reject the request.
In abstract steps, in your middleware you would have to:
get the token from the request
verify the token
identify the user based on the token
create the loopback AccessToken entity for that given user
put the token in the req.accessToken so now loopback will know who you are and you could use the ACL.
So this is more or less what those extensions are doing.

How can I test (integration-testing) with supertest a Node.js server with Passport JS using facebook/google... strategies with OAUTH2?

I have a Node Js application and I'm integration-testing my app with supertest/superagent + nockjs.
I have a problem, because I want to test my login rest apis using supertest to REPLY with a FAKE PROFILE RESPONSE + token for example for facebook/google/github and so on. (I'm not interested in LocalStrategy, because it' very simple)
How can I do that?
I'm trying with GitHub, and I wrote this code (not working) absolutely wrong, probably very stupid without any sense...It was an experiment XD.
nock('https://github.com/login/oauth')
.get('/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fgithub%2Fcallback&scope=user%3Aemail&client_id=XXXXXXXXXXXXXXXXXXXX')
.reply(302,undefined,
{
location : "http://localhost:3000/api/auth/github/callback?code=ab7f9823f03071209b26"
}
)
.get('http://localhost:3000/api/auth/github/callback?code=ab7f9823f03071209b26')
.reply(200, responseMocked);
PS: probably I made a mistake with url and status, I don't know.
Also, where I should set the connection.sid's cookie ?
How can I fix/rewrite this code to be able to integration-testing my application?
I'm also interested to use passportjs stub/mock, but I want a library supported and well documented.
UPDATE: I fixed the name of the mocked profile object (responseMocked)
Thank you,
Stefano.

Angularjs + nodejs + passport cross domain request

I'm using passport with facebook strategy for authentication. Problem doesn't reside in the back-end which is nodejs, as i have tested without angularjs and everything works just fine, but whenever angularjs comes into play i'd get CORS error.
Access-Control-Allow-Origin header is present on the requested resource. Origin host:8000 is therefore not allowed access.
I have tried most of the solutions i have found via google, but nothing has really worked so far. Does anyone have an idea what might be wrong?
This is the most common answer usually to this sort of question as far as i understand.
site.config(function($httpProvider) {
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
});
And like i said, it is not nodejs fault.
You'll need to use a popup to get around the CORS issue with Angular.. see this post for an example: http://www.webdeveasy.com/single-page-application-authentication/

Multiple login paths for everyauth

I have a node.js + express project that's using everyauth. I'm in the process of reworking the routes and I would like to have multiple routes for the login and logout paths so two api versions can coexist at the same time.
Calling postLoginPath multiple times just makes the last call "win".
I need the login code to respond to both "/login" and "/v1/login". I was trying to register the alternate route and do some sort of server-side forward but can't find the '/login' path (which is supplied to postLoginPath) in the registered routes in 'app.routes'.
Ended up using this: https://npmjs.org/package/connect-modrewrite
Here's some sample code for my example:
app.use(modRewrite([
'/v1/login /login',
'/v1/logout /logout'
]))
You can use everyauth also.
You can have array of value for the entryPath variable.
everyauth.facebook
.entryPath(['/url/path1','/url/path2'])
.callbackPath('/auth/facebook/callback')
.scope('email')
.fields('id,name,email,picture')
Also you can get the entryPath value by
everyauth.facebook.entryPath();
Hope this will be helpful.

using connect middlewares with geddyjs

I'm would like to use some middleware of connect in my geddy applications. My question is, is it possible to use connect middlewares with geddyjs?
Thanks
Yes, there is a Connect compatibility mode (set connectCompatibility = true in your app config), which causes Geddy's before-filters to behave like middleware -- but it's not well tested.
Geddy's baked-in auth (geddy-passport) uses Passport, which is structured as Connect middleware, so even without this compat-mode, middleware can be made to work, with a little bit of effort. If you have issues you can always post on Geddy's mailing list (https://groups.google.com/group/geddyjs), or hop into IRC (#geddy on Freenode).

Resources