Username & Password
The most widely used way for websites to authenticate users is via a username and password. Support for this mechanism is provided by the passport-local module.
Install
$ npm install passport-local
Configuration
var passport = require('passport')
, LocalStrategy = require('passport-local').Strategy;
passport.use(new LocalStrategy(
function(username, password, done) {
User.findOne({ username: username }, function(err, user) {
if (err) { return done(err); }
if (!user) {
return done(null, false, { message: 'Incorrect username.' });
}
if (!user.validPassword(password)) {
return done(null, false, { message: 'Incorrect password.' });
}
return done(null, user);
});
}
));
The verify callback for local authentication accepts username
and password
arguments, which are submitted to the application via a login form.
Form
A form is placed on a web page, allowing the user to enter their credentials and log in.
<form action="/login" method="post">
<div>
<label>Username:</label>
<input type="text" name="username"/>
</div>
<div>
<label>Password:</label>
<input type="password" name="password"/>
</div>
<div>
<input type="submit" value="Log In"/>
</div>
</form>
Route
The login form is submitted to the server via the POST
method. Using
authenticate()
with the local
strategy will handle the login request.
app.post('/login',
passport.authenticate('local', { successRedirect: '/',
failureRedirect: '/login',
failureFlash: true })
);
Setting the failureFlash
option to true
instructs Passport to flash an
error
message using the message
option set by the verify callback above.
This is helpful when prompting the user to try again.
Parameters
By default, LocalStrategy
expects to find credentials in parameters named
username
and password
. If your site prefers to name these fields
differently, options are available to change the defaults.
passport.use(new LocalStrategy({
usernameField: 'email',
passwordField: 'passwd'
},
function(username, password, done) {
// ...
}
));