User Management System in node.js - node.js

The requirements of most web applications regarding the management of users are fairly common:
A user registers himself
Receives an email for confirmation
Requests a forgotten password
An admin person assigns a role to the user, etc.
Is there a node.js/express.js project that has already implemented the flow and is customizable?
Passport.js allows the application to only authenticate but not perform the functions listed above. I have seen Drywall. It uses MongoDB.
I am looking for a module that lets me customize the user storage mechanism as well, so that I can use my own MySQL DB to store users.
ASP .NET provides such features in the membership module and also lets developers customize it completely. Do we have something for Node.js?

I use sails framework and there are some packages that integrates with sails. For authentication i found this package: https://github.com/kasperisager/sails-generate-auth, maybe it help you.

To build on Victor's answer, there is a comprehensive user/role management system for express called sails-permissions that is based on sails.js.

I think you will have to use Drywall and customize it to use mySQL. It's uncommon to use mySQL for node.js as you know already.
Maybe this article will help you with the mySQL integration:
http://teknosains.com/i/simple-crud-nodejs-mysql

Related

Node.JS webapp: Authentication, Create Account, Forgot Password and Change Password

I would like to develop a new web-app in node.js (using express). I am relatively new to node.js world, so I assume there are frameworks that I am not familiar with.
Is there any framework (like Spring for Java) that manages authentication (and save the trouble from the developer)? Or each developer has to write this code over and over again?
Login/Logout is not all. There are other flows:
registration (create account),
forgot-password (and then set new password),
locking/unlocking an account,
change password
and I think I have covered all flows.
I know that each application has its own UI, forms, maybe with its logo, but the flow itself is similar for most applications.
In addition, I know that it is not that hard to implement, but it could be great to have some kind of tool / framework / infrastructure which implements the flows.
Is there such a tool/framework which helps applications' developers and implements these flows?
I've searched this issue but could not find anything.
Thanks!
Long ago I have developed authentication-flows for Java over Spring, and recently I wrote authentication-flows-js.
It is a module that answers most flows - authentication, registration, forgot-password, change password etc., and it is secured enough so applications can use it without the fear that it will be easily hacked.
It is for node.js applications (written in TypeScript) that use express. It is an open source (in GitHub). A release version is on npm, so you can use it as a dependency in your package.json.
In its README (and of course in the npm page) there are detailed explanations for everything and if something is missing - please let me know. An article will be published soon (I will add a link as a comment).
You can find here an example for a hosting application.
NOTE: I have heard comments like "It's not so difficult to implement". True.
But you have to make sure you take care of all cases. For example,
what happens if a user tries to create account that is already exists?
what happens if a user tries to create account that is already exists
but inactive? what about the policy of the password? (too long/too
short/how many capital etc.) what about sending the email with the
activation link to the user? how you create this link? should you
encrypt it? what about the controller that will receive the click on
the link and activate the account? and more...

Best way to integrate OpenId connect / (Keycloak) with Django and Django Rest framework

I'm looking for advice on the best way to integrate Django / Django Rest Framework with OpenId connect (we're using Keycloak but I think using the protocol is probably more flexible).
There seems to be several option out there, but it would be good to have something that works as seamlessly as possible with Django and DRF – so session and API authentication working like the baked in Django version, and ideally access to external logon screens if using admin/DRF API endpoint. What is straightforward to set up and well supported?
What I will ultimately be doing is trying to change an existing Django/React application, but for the purposes of this discussion let's assume it's a basic application something like the ones set up in the Django tutorial and Django Rest framework quickstart (https://docs.djangoproject.com/en/3.1/intro/tutorial01/ to tutorial01 and https://www.django-rest-framework.org/tutorial/quickstart/).
I hope that's enough as I fairly new to this – I can create some sort of simple application in Github if this isn't a clear enough basis for a discussion.
Any help would be much appreciated. Even better if you have an example (!).

Is there 'switch user' add-on available for Node.js that behaves similar to the Grails plugin

I have a Grails application where we use the Grails Spring Security plugin to allow an admin to easily switch (or assume) another user. This has proven to be very useful for admins to debug user issues and for our testers to jump between roles.
Is there an easy solution available for Node.js that is similar to this Spring Security feature? Note that we're using JWT to auth every request, so not using server based token like Spring Security would.
No, but only because there is no equivalent security plugin for Node in the first place. There are popular projects such as http://passportjs.org/ that can provide functionality in this category, and each offers varying levels of support for what you're asking. But your request isn't relevant to NodeJS Core. User authentication and authorization are not core modules of that project.

MeanJS user management

I am using the mean.js stack. I want to manage my list of users, but there is no apparent solution for this. Is there an admin module for meanjs available that allows crud functions on the user database? If not please point me to a jsfiddle that shows how this can be done.
MEAN.js 0.4.1 has an admin module built in which allows a user with admin privileges to perform user management.
If you are currently using an older version maybe try to look at the code there and make the necessary changes to implement a similar module.
the other answer is correct, meanjs.org 0.4x already has this feature built in.
While for 0.3x and below you need to manually create one. It shouldn't be hard, just a regular CRUD but for users model.

Symfony 2 : Custom user provider

Since this article http://symfony.com/doc/2.0/cookbook/security/custom_provider.html has not been written yet, has anyone an idea of how to do that ? (In my case it would be using LDAP authentication).
Thanks for your answers
To help you get started you can check out my blog post which outlines how to create a very basic user provider system:
http://clintberry.com/2011/custom-user-providers-symfony2/
EDIT: This post only covers the custom User Provider. To use LDAP authentication you will need to create your own Authentication Provider as well or use a third party library. http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
This first thing I would suggest you is to do a search for a LDAP bundle on the great website KnpBundles (results here). I saw two results. If you are willing to use an external bundle, you could just use of the two given in the results.
If you prefer to create your own bundle for this task, what I would suggest is to inspire you from these two bundles. Another useful suggestion is to check the FOSFacebookBundle. It is in no mean related to LDAP but, they implements their own provider, so all the glue is there to implement your own.
Just a small notice, if you are developing against Symfony2 master branch, it is good to know that security factory registration has changed a bit. So, be carefull when looking at other bundles to be sure what version they are targeting.
Hope this helps.
Regards,
Matt

Resources