Permalink
Browse files

Auth with Passport. Username attr added.

  • Loading branch information...
jorgecasar committed Jan 20, 2014
1 parent b45f9e7 commit 0c201f963d93f667622a7eb923ff9315a5503e4d
@@ -156,33 +156,21 @@ module.exports = {
/*
* Actions that proccess info.
*/
- login: function(req, res) {
- // Get the unique user with this email.
- User.findOne({email: req.param('email')}).done(function(err, user){
- // If there are an error,
- // or the user doesn't exist,
- // return to auth page.
- // TODO: Error handler.
- if ( err || !user ) return res.redirect('/user/auth');
- require('bcrypt').compare(req.param('password'), user.password, function(err, valid){
- // If there are an error,
- // or the pass doesn't match,
- // return to auth page.
- // TODO: Error handler.
- if(err || !valid ) return res.redirect('/user/auth');
- // Set autenticated to true.
- req.session.authenticated = true;
- // save the user data in the session.
- req.session.user = user;
+ login: function(req, res, next) {
+ // Use Passport LocalStrategy
+ require('passport').authenticate('local', function(err, user, info){
+ if ((err) || (!user)) next(err);
+ req.logIn(user, function(err){
+ if (err) return res.redirect('/user/auth');
// Redirect to the user page.
return res.redirect('/user/' + user.id);
});
- });
+ })(req, res);
},
logout: function(req, res){
- // Destroy the session.
- req.session.destroy();
+ // Call Passport method to destroy the session.
+ req.logout();
// Redirect to home page.
return res.redirect('/');
}
-};
+};
View
@@ -9,6 +9,11 @@
module.exports = {
attributes: {
+ username: {
+ type: 'string',
+ required: true,
+ unique: true
+ },
email: {
type: 'string',
required: true,
@@ -9,7 +9,7 @@
module.exports = function(req, res, next) {
// Allow only if the user requested is the same as logged.
- if (req.param('id') === req.session.user.id) return next();
+ if (req.param('id') === req.user.id) return next();
// User is not allowed
// (default res.forbidden() behavior can be overridden in `config/403.js`)
@@ -11,7 +11,7 @@ module.exports = function(req, res, next) {
// User is allowed, proceed to the next policy,
// or if this is the last policy, the controller
- if (req.session.authenticated) return next();
+ if ( req.isAuthenticated() ) return next();
// User is not allowed
// (default res.forbidden() behavior can be overridden in `config/403.js`)
View
@@ -0,0 +1,61 @@
+var passport = require('passport'),
+ LocalStrategy = require('passport-local').Strategy,
+ bcrypt = require('bcrypt');
+
+// Passport session setup.
+// To support persistent login sessions, Passport needs to be able to
+// serialize users into and deserialize users out of the session. Typically,
+// this will be as simple as storing the user ID when serializing, and finding
+// the user by ID when deserializing.
+passport.serializeUser(function(user, done) {
+ done(null, user.id);
+});
+
+passport.deserializeUser(function(id, done) {
+ User.findOne(id).done(function (err, user) {
+ done(err, user);
+ });
+});
+
+passport.use(new LocalStrategy(
+ function(username, password, done) {
+ // asynchronous verification, for effect...
+ process.nextTick(function () {
+ // Find the user by username or email.
+ // If there is no user with the given username,
+ // or the password is not correct,
+ // set the user to `false` to indicate failure
+ // and set a flash message.
+ // Otherwise, return the authenticated `user`.
+ User.findOne().where({
+ or: [
+ { username: username },
+ { email: username }
+ ]
+ }).done(function(err, user) {
+ if (err) { return done(null, err); }
+ if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
+ bcrypt.compare(password, user.password, function(err, res) {
+ if (!res) return done(null, false, { message: 'Invalid Password'});
+ return done(null, user, { message: 'Logged In Successfully'} );
+ });
+ })
+ });
+ }
+));
+
+module.exports = {
+ express: {
+ customMiddleware: function(app){
+ console.log('Express midleware for passport');
+ app.use(passport.initialize());
+ app.use(passport.session());
+ app.use(function(req,res,next){
+ // Set the loggedUser in locals
+ // to get it from the view
+ res.locals.loggedUser = req.user;
+ next();
+ });
+ }
+ }
+};
View
@@ -1,22 +1,24 @@
{
- "name": "building-realtime-webapp",
- "private": true,
- "version": "0.0.0",
- "description": "a Sails application",
- "dependencies": {
- "sails": "0.9.8",
- "grunt": "0.4.1",
- "ejs": "0.8.4",
- "optimist": "0.3.4",
- "sails-mongo": "~0.9.6",
- "bcrypt": "~0.7.7"
- },
- "scripts": {
- "start": "node app.js",
- "debug": "node debug app.js"
- },
- "main": "app.js",
- "repository": "",
- "author": "",
- "license": ""
+ "name": "building-realtime-webapp",
+ "private": true,
+ "version": "0.0.0",
+ "description": "a Sails application",
+ "dependencies": {
+ "sails": "0.9.8",
+ "grunt": "0.4.1",
+ "ejs": "0.8.4",
+ "optimist": "0.3.4",
+ "sails-mongo": "~0.9.6",
+ "bcrypt": "~0.7.7",
+ "passport": "~0.1.18",
+ "passport-local": "~0.1.6"
+ },
+ "scripts": {
+ "start": "node app.js",
+ "debug": "node debug app.js"
+ },
+ "main": "app.js",
+ "repository": "",
+ "author": "",
+ "license": ""
}
View
@@ -51,9 +51,9 @@
<ul class="nav navbar-nav">
<li<% if( req.url.indexOf('user') != -1) { %> class="active"<% } %>><a href="/user"><%= __('Users') %></a></li>
</ul>
- <% if( session.authenticated ) { %>
+ <% if( loggedUser ) { %>
<ul class="nav navbar-nav navbar-right">
- <li><a href="/user/<%= session.user.id %>"><%= session.user.email %></a>
+ <li><a href="/user/<%= loggedUser.id %>"><%= loggedUser.username %></a>
</li>
<li>
<form class="navbar-form" action="/user/logout">
View
@@ -6,8 +6,8 @@
<form role="form" action="/user/login" method="POST" class="form-center" id="sign-up-form">
<h2 class="form-signin-heading"><%= __('Auth user') %></h2>
<div class="form-group">
- <label for="email"><%= __('Email') %></label>
- <input type="email" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" name="email" id="email" required />
+ <label for="username"><%= __('%s or %s', __('Username'), __('Email')) %></label>
+ <input type="text" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" name="username" id="username" required />
</div>
<div class="form-group">
<label for="password"><%= __('Password') %></label>
View
@@ -1,26 +1,30 @@
<ol class="breadcrumb">
<li><a href="/"><%= __('Home') %></a></li>
<li><a href="/user/"><%= __('Users') %></a></li>
- <li><a href="/user/<%= user.id %>"><%= user.email %></a></li>
+ <li><a href="/user/<%= user.id %>"><%= user.username %></a></li>
<li class="active"><%= __('Edit') %></li>
</ol>
<form action="/user/update/<%= user.id %>" method="POST" class="form-center" id="sign-up-form">
<h2 class="form-signin-heading"><%= __('Edit account') %></h2>
+ <div class="form-group">
+ <label for="username"><%= __('Username') %></label>
+ <input type="text" class="form-control" placeholder="<%= __('Username') %>" value="<%= user.username || user.id %>" name="username" id="username" required />
+ </div>
<div class="form-group">
<label for="email"><%= __('Email') %></label>
<input type="email" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" value="<%= user.email %>" name="email" id="email" required />
</div>
<div class="form-group">
<label for="password"><%= __('Old password') %></label>
- <input type="password" class="form-control" placeholder="<%= __('Old password') %>" name="password" id="password" required minlength="6" />
+ <input type="password" class="form-control" placeholder="<%= __('Old password') %>" name="password" id="password" minlength="6" />
</div>
<div class="form-group">
<label for="new_password"><%= __('New password') %></label>
- <input type="password" class="form-control" placeholder="<%= __('New password') %>" name="new_password" id="new_password" required minlength="6" />
+ <input type="password" class="form-control" placeholder="<%= __('New password') %>" name="new_password" id="new_password" minlength="6" />
</div>
<div class="form-group">
<label for="confirm_password"><%= __('Confirm password') %></label>
- <input type="password" class="form-control" placeholder="<%= __('Confirm password') %>" name="confirm_password" id="confirm_password" required minlength="6" />
+ <input type="password" class="form-control" placeholder="<%= __('Confirm password') %>" name="confirm_password" id="confirm_password" minlength="6" />
</div>
<input type="submit" class="btn btn-primary btn-block" value="<%= __('Update account') %>" />
</form>
View
@@ -5,14 +5,15 @@ if ( typeof users === 'undefined' ) {
<ol class="breadcrumb">
<li><a href="/"><%= __('Home') %></a></li>
<li><a href="/user/"><%= __('Users') %></a></li>
- <li class="active"><%= user.email %></li>
+ <li class="active"><%= user.username %></li>
</ol>
-<h2><%= user.email %></h2>
+<h2><%= user.username %></h2>
<%
if ( session.canAdminUser ) {
// There logged user and showed user is the same.
%>
+ <p>Email: <%= user.email %></p>
<form action="/user/destroy/<%= user.id %>" method="POST">
<a class="btn btn-primary" href="/user/edit/<%= user.id %>">Edit</a>
<input type="hidden" name="_method" value="delete"/>
@@ -28,10 +29,10 @@ if ( typeof users === 'undefined' ) {
<li><a href="/"><%= __('Home') %></a></li>
<li class="active"><%= __('Users') %></li>
</ol>
-<h2>Users <a class="btn btn-sm btn-default" href="/user/new"><%= __('Create new') %></a></h2>
+<h2>Users</h2>
<ul>
<% _.each(users, function(user){ %>
- <li><a href="/user/<%= user.id %>"><%= user.email %></a></li>
+ <li><a href="/user/<%= user.id %>"><%= user.username %></a></li>
<% }); %>
</ul>
View
@@ -5,6 +5,10 @@
</ol>
<form role="form" action="/user/create" method="POST" class="form-center" id="sign-up-form">
<h2 class="form-signin-heading"><%= __('Create user') %></h2>
+ <div class="form-group">
+ <label for="username"><%= __('Username') %></label>
+ <input type="text" class="form-control" placeholder="<%= __('Username') %>" name="username" id="username" required />
+ </div>
<div class="form-group">
<label for="email"><%= __('Email') %></label>
<input type="email" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" name="email" id="email" required />

0 comments on commit 0c201f9

Please sign in to comment.