Strategy

Strategy

A Strategy that is responsible for authenticating requests that carry a username and password in the body of the request. These credentials are typically submitted by the user via an HTML form.

new Strategy([options], verify)

  • options <Object>
    • usernameField <string>

      Form field name where the username is found.

      Default: 'username'.
    • passwordField <string>

      Form field name where the password is found.

      Default: 'password'.
    • passReqToCallback <boolean>

      When true, the verify function receives the request object as the first argument, in accordance with Strategy~verifyWithReqFn.

      Default: false.
  • verify <Strategy~verifyFn> | <Strategy~verifyWithReqFn>

    Function which verifies username and password.

Create a new Strategy object.

var LocalStrategy = require('passport-local').Strategy;

new LocalStrategy(function(username, password, cb) {
  users.findOne({ username: username }, function(err, user) {
    if (err) { return cb(err); }
    if (!user) { return cb(null, false, { message: 'Incorrect username or password.' }); }

    crypto.pbkdf2(password, user.salt, 310000, 32, 'sha256', function(err, hashedPassword) {
      if (err) { return cb(err); }
      if (!crypto.timingSafeEqual(user.hashedPassword, hashedPassword)) {
        return cb(null, false, { message: 'Incorrect username or password.' });
      }
      return cb(null, user);
    });
  });
});
var LocalStrategy = require('passport-local');

new LocalStrategy(function(username, password, cb) {
  // ...
});
Construct strategy using top-level export.
  • Extends: <base.Strategy>

Members

(readonly) name :string

The name of the strategy, which is set to 'local'.

Type:
  • <string>

Methods

(protected) authenticate(req, [options])

  • req <http.IncomingMessage>

    The Node.js IncomingMessage object.

  • options <Object>
    • badRequestMessage <string>

      Message to display when a request does not include a username or password. Used in conjunction with failureMessage or failureFlash options.

      Default: 'Missing credentials'.

Authenticate request by verifying username and password.

This function is protected, and should not be called directly. Instead, use passport.authenticate() middleware and specify the name of this strategy and any options.

passport.authenticate('local');

Type Definitions

verifyFn(username, password, cb)

  • username <string>

    The username received in the request.

  • password <string>

    The passport received in the request.

  • cb <function>
    • err <Error>

      An Error if an error occured; otherwise null.

    • user <Object> | <boolean>

      An Object representing the authenticated user if verification was successful; otherwise false.

    • info <Object>

      Additional application-specific context that will be passed through for additional request processing.

Verifies username and password and yields authenticated user.

This function is called by Strategy to verify a username and password, and must invoke cb to yield the result.

verifyWithReqFn(req, username, password, cb)

  • req <http.IncomingMessage>

    The Node.js IncomingMessage object.

  • username <string>

    The username received in the request.

  • password <string>

    The passport received in the request.

  • cb <function>
    • err <Error>

      An Error if an error occured; otherwise null.

    • user <Object> | <boolean>

      An Object representing the authenticated user if verification was successful; otherwise false.

    • info <Object>

      Additional application-specific context that will be passed through for additional request processing.

Verifies username and password and yields authenticated user.

This function is called by Strategy to verify a username and password when the passReqToCallback option is set, and must invoke cb to yield the result.