Categories
express javascript node.js passport.js

Passport.js User Login & Authentication

For the past few days I have been developing my first User login & authentication system using Passport.js. Awkwardly enough, I have finished it and it works just as intended. The problem is, even though I have read a lot of articles and checked tens of examples online, I seem to not completely understand the code per se. I have no issues understanding the process behind it and why it has to happen like that. I would really appreciate it if you could clarify some parts of the code for me. This is the working code, stored in my app.js file:

// Passport session setup
passport.serializeUser(function (user, done) {
done(null, user._id);
});
passport.deserializeUser(function (id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
// Use the Local Strategy within passport
passport.use(new LocalStrategy(function (username, password, done) {
User.findOne({ username: username }, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false, { message: 'Unknown user: ' + username});
}
user.comparePassword(password, function(err, isMatch) {
if (err) {
return done(err);
}
if (isMatch) {
return done(null, user);
} else {
return done(null, false, { message: 'Invalid Password' });
}
});
});
}));
var app = module.exports = express();
app.configure(function () {
app.set('views', path.join(__dirname + '/views'));
app.set('view engine', 'html');
app.engine('html', hbs.__express);
app.use(express.logger());
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.session({ secret: 'xxx' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(path.join(__dirname + '/public')));
});

I am using MongoDB (User – mongoose model). Also, to store passwords in the database I am currently using bcrypt.

I think that the most critical part that I do not understand here is the done callback function. I can understand that it simply passes some values, and I know that much to realize that the first parameter of it is the error and the second the data. Still, I do not fully grasp it because I haven’t specifically provided one as a parameter. For example, if I would have a function like this:

// Random Function
var randomFunction = function (a, b, done) {
done(a, b);
};
// Then I would call the randomFunction providing my own **done**
randomFunction('Random', 'Words', function(a, b) { return a + b; });

Still, in my example I am not the one specifying the done callback. Is it simply a required callback function parameter or is it the same as the next function in a normal middleware such as:

function middleware (req, res, next) {
next(req.user); // pass the req.user to next middleware
}

Also, where does Passport.js bind the user that it handles? Does it bind it to req.user? And how can I pass it to certain views in order, for example, to display the username?

I am looking forward to your feedback!

Thank you!