new Strategy([options], verify)
-
options
<Object>-
usernameField
<string>Form field name where the username is found.
Default:'username'
. -
passwordField
<string>Form field name where the password is found.
Default:'password'
. -
passReqToCallback
<boolean>When
Default:true
, theverify
function receives the request object as the first argument, in accordance withStrategy~verifyWithReqFn
.false
.
-
-
verify
<Strategy~verifyFn> | <Strategy~verifyWithReqFn>Function which verifies username and password.
Create a new Strategy
object.
var LocalStrategy = require('passport-local').Strategy;
new LocalStrategy(function(username, password, cb) {
users.findOne({ username: username }, function(err, user) {
if (err) { return cb(err); }
if (!user) { return cb(null, false, { message: 'Incorrect username or password.' }); }
crypto.pbkdf2(password, user.salt, 310000, 32, 'sha256', function(err, hashedPassword) {
if (err) { return cb(err); }
if (!crypto.timingSafeEqual(user.hashedPassword, hashedPassword)) {
return cb(null, false, { message: 'Incorrect username or password.' });
}
return cb(null, user);
});
});
});
var LocalStrategy = require('passport-local');
new LocalStrategy(function(username, password, cb) {
// ...
});
Construct strategy using top-level export.
- Extends: <base.Strategy>
Members
(readonly) name :string
The name of the strategy, which is set to 'local'
.
Type:
- <string>
Methods
(protected) authenticate(req, [options])
-
req
<http.IncomingMessage>The Node.js
IncomingMessage
object. -
options
<Object>-
badRequestMessage
<string>Message to display when a request does not include a username or password. Used in conjunction with
Default:failureMessage
orfailureFlash
options.'Missing credentials'
.
-
Authenticate request by verifying username and password.
This function is protected, and should not be called directly. Instead,
use passport.authenticate()
middleware and specify the name
of this strategy and any options.
passport.authenticate('local');
Type Definitions
verifyFn(username, password, cb)
-
username
<string>The username received in the request.
-
password
<string>The passport received in the request.
-
cb
<function>-
err
<Error>An
Error
if an error occured; otherwisenull
. -
user
<Object> | <boolean>An
Object
representing the authenticated user if verification was successful; otherwisefalse
. -
info
<Object>Additional application-specific context that will be passed through for additional request processing.
-
Verifies username
and password
and yields authenticated user.
This function is called by Strategy
to verify a username and
password, and must invoke cb
to yield the result.
verifyWithReqFn(req, username, password, cb)
-
req
<http.IncomingMessage>The Node.js
IncomingMessage
object. -
username
<string>The username received in the request.
-
password
<string>The passport received in the request.
-
cb
<function>-
err
<Error>An
Error
if an error occured; otherwisenull
. -
user
<Object> | <boolean>An
Object
representing the authenticated user if verification was successful; otherwisefalse
. -
info
<Object>Additional application-specific context that will be passed through for additional request processing.
-
Verifies username
and password
and yields authenticated user.
This function is called by Strategy
to verify a username and
password when the passReqToCallback
option is set, and must invoke cb
to
yield the result.