Rectangle 27 0

var express = require('express')
  , routes = require('./routes')
  , home = require('./routes/home')
  , user = require('./routes/user')
  , http = require('http')
  , mongodb = require('mongodb')
  , mongoose = require('mongoose')
  , path = require('path')
  , passport = require('passport')
  , LocalStrategy = require('passport-local').Strategy
  , flash = require('connect-flash')
  ;

var app = express();

mongoose.connect('mongodb://localhost/test');
var db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', function callback () {
  console.log('Connected to DB');
});
var userSchema = mongoose.Schema({
    username: String,
    password: String
});
userSchema.methods.validPassword = function (password) {
  if (password === this.password) {
    return true; 
  } else {
    return false;
  }
}
var User = mongoose.model('User', userSchema);
var user = new User({ username: 'andrew', password: 'secret' });
user.save();

app.configure(function(){
  app.set('port', process.env.PORT || 3000);
  app.set('views', __dirname + '/views');
  app.set('view engine', 'jade');
  app.use(express.favicon());
  app.use(express.logger('dev'));
  app.use(express.bodyParser());
  app.use(express.methodOverride());
  app.use(express.cookieParser());
  app.use(express.session({ cookie: { maxAge: 60000 }, secret: 'keyboard cat' }));
  app.use(flash());
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(app.router);
  app.use(express.static(path.join(__dirname, 'public')));
});

app.configure('development', function(){
  app.use(express.errorHandler());
});

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

passport.use(new LocalStrategy(function(username, password, done) {
    User.findOne({ username: username }, function(err, user) {
      if (err) { 
        return done(err); 
      }
      if (!user) {
        return done(null, false, { message: 'Incorrect username.' });
      }
      if (!user.validPassword(password)) {
        return done(null, false, { message: 'Incorrect password.' });
      }
      return done(null, user);
    });
  }
));

app.get('/', routes.index);
app.post('/login',
  passport.authenticate('local', {
    successRedirect: '/home',
    failureRedirect: '/',
    failureFlash: true
  })
);
app.get('/home', home.dashboard);
app.get('/users', user.list);

http.createServer(app).listen(app.get('port'), function(){
  console.log("Express server listening on port " + app.get('port'));
});

Thanks - I had the same problem

Also, thanks. I do feel compelled to mention, though, that you should not return that the user exists if the password is wrong; it's one of the many little things that compromise the security of web services.

@Romiox Depends. There are many websites where you can easily get a list of their users (like StackOverflow), and they're not less secure because of that.

javascript - Can't set up Passport with Express and MongoDB/Mongoose -...

javascript node.js express passport.js
Rectangle 27 0

I personally use PassportJS to make the authentication, only after the user is authenticated he can access the "single page app" where I use backbone. Here is a project that was a great help for me LostAndFound

How to login user with node.js express backbone.js mongodb? - Stack Ov...

node.js mongodb backbone.js express
Rectangle 27 0

user signup/login with salted and hashed passwords with Express 4 an...

This one uses a salt and hash with the password.

See the server.js file for the main flow of the app. The app defines routes for /login (GET and POST) and /signup (GET and POST).

It also has a 'secret' page that can only be accessed by a logged-in user.

Note: There's one important weakness about this application: It stores passwords in the database in plain text! This means that anyone who is able to access the mongo database (a hacker/attacker, or even just the sysadmin running this site) can view everyone's passwords.

To make this situation better, the passwords should be salted) and hashed..

I'll update this soon to show how that can be done.

express Node.js node-mongodb-native mongodb
Rectangle 27 0

user creation/signup and login with Express 4 and MongoDB [Node.js] ...

See the server.js file for the main flow of the app. The app defines routes for /login (GET and POST) and /signup (GET and POST).

It also has a 'secret' page that can only be accessed by a logged-in user.

Note: There's one important weakness about this application: It stores passwords in the database in plain text! This means that anyone who is able to access the mongo database (a hacker/attacker, or even just the sysadmin running this site) can view everyone's passwords.

To make this situation better, the passwords should be salted) and hashed..

I'll update this soon to show how that can be done.

express Node.js node-mongodb-native mongodb
Rectangle 27 0

user creation/signup and login with Express 4 and MongoDB [Node.js] ...

See the server.js file for the main flow of the app. The app defines routes for /login (GET and POST) and /signup (GET and POST).

It also has a 'secret' page that can only be accessed by a logged-in user.

Note: There's one important weakness about this application: It stores passwords in the database in plain text! This means that anyone who is able to access the mongo database (a hacker/attacker, or even just the sysadmin running this site) can view everyone's passwords.

To make this situation better, the passwords should be salted) and hashed..

I'll update this soon to show how that can be done.

express Node.js node-mongodb-native mongodb
Rectangle 27 0

user signup/login with salted and hashed passwords with Express 4 an...

This one uses a salt and hash with the password.

See the server.js file for the main flow of the app. The app defines routes for /login (GET and POST) and /signup (GET and POST).

It also has a 'secret' page that can only be accessed by a logged-in user.

Note: There's one important weakness about this application: It stores passwords in the database in plain text! This means that anyone who is able to access the mongo database (a hacker/attacker, or even just the sysadmin running this site) can view everyone's passwords.

To make this situation better, the passwords should be salted) and hashed..

I'll update this soon to show how that can be done.

express Node.js node-mongodb-native mongodb