Auth with Passport. Username attr added.

api/controllers/UserController.js

@@ -156,33 +156,21 @@ module.exports = {
 	/*
 	 * Actions that proccess info.
 	 */
-	login: function(req, res) {
-		// Get the unique user with this email.
-		User.findOne({email: req.param('email')}).done(function(err, user){
-			// If there are an error,
-			// or the user doesn't exist,
-			// return to auth page.
-			// TODO: Error handler.
-			if ( err || !user ) return res.redirect('/user/auth');
-			require('bcrypt').compare(req.param('password'), user.password, function(err, valid){
-				// If there are an error,
-				// or the pass doesn't match,
-				// return to auth page.
-				// TODO: Error handler.
-				if(err || !valid ) return res.redirect('/user/auth');
-				// Set autenticated to true.
-				req.session.authenticated = true;
-				// save the user data in the session.
-				req.session.user = user;
+	login: function(req, res, next) {
+		// Use Passport LocalStrategy
+		require('passport').authenticate('local', function(err, user, info){
+			if ((err) || (!user)) next(err);
+			req.logIn(user, function(err){
+				if (err) return res.redirect('/user/auth');
 				// Redirect to the user page.
 				return res.redirect('/user/' + user.id);
 			});
-		});
+		})(req, res);
 	},
 	logout: function(req, res){
-		// Destroy the session.
-		req.session.destroy();
+		// Call Passport method to destroy the session.
+		req.logout();
 		// Redirect to home page.
 		return res.redirect('/');
 	}
-};
+};

api/models/User.js

@@ -9,6 +9,11 @@
 module.exports = {
 
 	attributes: {
+		username: {
+			type: 'string',
+			required: true,
+			unique: true
+		},
 		email: {
 			type: 'string',
 			required: true,

api/policies/canAdminUser.js

@@ -9,7 +9,7 @@
 module.exports = function(req, res, next) {
 
 	// Allow only if the user requested is the same as logged.
-	if (req.param('id') === req.session.user.id) return next();
+	if (req.param('id') === req.user.id) return next();
 
 	// User is not allowed
 	// (default res.forbidden() behavior can be overridden in `config/403.js`)

api/policies/isAuthenticated.js

@@ -11,7 +11,7 @@ module.exports = function(req, res, next) {
 
 	// User is allowed, proceed to the next policy, 
 	// or if this is the last policy, the controller
-	if (req.session.authenticated) return next();
+	if ( req.isAuthenticated() ) return next();
 
 	// User is not allowed
 	// (default res.forbidden() behavior can be overridden in `config/403.js`)

config/passport.js

@@ -0,0 +1,61 @@
+var passport      = require('passport'),
+    LocalStrategy = require('passport-local').Strategy,
+    bcrypt = require('bcrypt');
+
+// Passport session setup.
+// To support persistent login sessions, Passport needs to be able to
+// serialize users into and deserialize users out of the session. Typically,
+// this will be as simple as storing the user ID when serializing, and finding
+// the user by ID when deserializing.
+passport.serializeUser(function(user, done) {
+	done(null, user.id);
+});
+
+passport.deserializeUser(function(id, done) {
+	User.findOne(id).done(function (err, user) {
+		done(err, user);
+	});
+});
+
+passport.use(new LocalStrategy(
+	function(username, password, done) {
+		// asynchronous verification, for effect...
+		process.nextTick(function () {
+			// Find the user by username or email.
+			// If there is no user with the given username,
+			// or the password is not correct,
+			// set the user to `false` to indicate failure
+			// and set a flash message.
+			// Otherwise, return the authenticated `user`.
+			User.findOne().where({
+				or: [
+					{ username: username },
+					{ email: username }
+				]
+			}).done(function(err, user) {
+				if (err) { return done(null, err); }
+				if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
+				bcrypt.compare(password, user.password, function(err, res) {
+					if (!res) return done(null, false, { message: 'Invalid Password'});
+					return done(null, user, { message: 'Logged In Successfully'} );
+				});
+			})
+		});
+	}
+));
+
+module.exports = {
+	express: {
+		customMiddleware: function(app){
+			console.log('Express midleware for passport');
+			app.use(passport.initialize());
+			app.use(passport.session());
+			app.use(function(req,res,next){
+				// Set the loggedUser in locals
+				// to get it from the view
+				res.locals.loggedUser = req.user;
+				next();
+			});
+		}
+	}
+};

package.json

@@ -1,22 +1,24 @@
 {
-    "name": "building-realtime-webapp",
-    "private": true,
-    "version": "0.0.0",
-    "description": "a Sails application",
-    "dependencies": {
-        "sails": "0.9.8",
-        "grunt": "0.4.1",
-        "ejs": "0.8.4",
-        "optimist": "0.3.4",
-        "sails-mongo": "~0.9.6",
-        "bcrypt": "~0.7.7"
-    },
-    "scripts": {
-        "start": "node app.js",
-        "debug": "node debug app.js"
-    },
-    "main": "app.js",
-    "repository": "",
-    "author": "",
-    "license": ""
+  "name": "building-realtime-webapp",
+  "private": true,
+  "version": "0.0.0",
+  "description": "a Sails application",
+  "dependencies": {
+    "sails": "0.9.8",
+    "grunt": "0.4.1",
+    "ejs": "0.8.4",
+    "optimist": "0.3.4",
+    "sails-mongo": "~0.9.6",
+    "bcrypt": "~0.7.7",
+    "passport": "~0.1.18",
+    "passport-local": "~0.1.6"
+  },
+  "scripts": {
+    "start": "node app.js",
+    "debug": "node debug app.js"
+  },
+  "main": "app.js",
+  "repository": "",
+  "author": "",
+  "license": ""
 }

views/layout.ejs

@@ -51,9 +51,9 @@
             <ul class="nav navbar-nav">
               <li<% if( req.url.indexOf('user') != -1) { %> class="active"<% } %>><a href="/user"><%= __('Users') %></a></li>
             </ul>
-            <% if( session.authenticated ) { %>
+            <% if( loggedUser ) { %>
               <ul class="nav navbar-nav navbar-right">
-                <li><a href="/user/<%= session.user.id %>"><%= session.user.email %></a>
+                <li><a href="/user/<%= loggedUser.id %>"><%= loggedUser.username %></a>
                 </li>
                 <li>
                   <form class="navbar-form" action="/user/logout">

views/user/auth.ejs

@@ -6,8 +6,8 @@
 <form role="form" action="/user/login" method="POST" class="form-center" id="sign-up-form">
 	<h2 class="form-signin-heading"><%= __('Auth user') %></h2>
 	<div class="form-group">
-		<label for="email"><%= __('Email') %></label>
-		<input type="email" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" name="email" id="email" required />
+		<label for="username"><%= __('%s or %s', __('Username'), __('Email')) %></label>
+		<input type="text" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" name="username" id="username" required />
 	</div>
 	<div class="form-group">
 		<label for="password"><%= __('Password') %></label>

views/user/edit.ejs

@@ -1,26 +1,30 @@
 <ol class="breadcrumb">
 	<li><a href="/"><%= __('Home') %></a></li>
 	<li><a href="/user/"><%= __('Users') %></a></li>
-	<li><a href="/user/<%= user.id %>"><%= user.email %></a></li>
+	<li><a href="/user/<%= user.id %>"><%= user.username %></a></li>
 	<li class="active"><%= __('Edit') %></li>
 </ol>
 <form action="/user/update/<%= user.id %>" method="POST" class="form-center" id="sign-up-form">
 	<h2 class="form-signin-heading"><%= __('Edit account') %></h2>
+	<div class="form-group">
+		<label for="username"><%= __('Username') %></label>
+		<input type="text" class="form-control" placeholder="<%= __('Username') %>" value="<%= user.username || user.id %>" name="username" id="username" required />
+	</div>
 	<div class="form-group">
 		<label for="email"><%= __('Email') %></label>
 		<input type="email" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" value="<%= user.email %>" name="email" id="email" required />
 	</div>
 	<div class="form-group">
 		<label for="password"><%= __('Old password') %></label>
-		<input type="password" class="form-control" placeholder="<%= __('Old password') %>" name="password" id="password" required minlength="6" />
+		<input type="password" class="form-control" placeholder="<%= __('Old password') %>" name="password" id="password" minlength="6" />
 	</div>
 	<div class="form-group">
 		<label for="new_password"><%= __('New password') %></label>
-		<input type="password" class="form-control" placeholder="<%= __('New password') %>" name="new_password" id="new_password" required minlength="6" />
+		<input type="password" class="form-control" placeholder="<%= __('New password') %>" name="new_password" id="new_password" minlength="6" />
 	</div>
 	<div class="form-group">
 		<label for="confirm_password"><%= __('Confirm password') %></label>
-		<input type="password" class="form-control" placeholder="<%= __('Confirm password') %>" name="confirm_password" id="confirm_password" required minlength="6" />
+		<input type="password" class="form-control" placeholder="<%= __('Confirm password') %>" name="confirm_password" id="confirm_password" minlength="6" />
 	</div>
 	<input type="submit" class="btn btn-primary btn-block" value="<%= __('Update account') %>" />
 </form>

views/user/find.ejs

@@ -5,14 +5,15 @@ if ( typeof users === 'undefined' ) {
 <ol class="breadcrumb">
 	<li><a href="/"><%= __('Home') %></a></li>
 	<li><a href="/user/"><%= __('Users') %></a></li>
-	<li class="active"><%= user.email %></li>
+	<li class="active"><%= user.username %></li>
 </ol>
 
-<h2><%= user.email %></h2>
+<h2><%= user.username %></h2>
 	<%
 	if ( session.canAdminUser ) {
 	// There logged user and showed user is the same.
 	%>
+	<p>Email: <%= user.email %></p>
 	<form action="/user/destroy/<%= user.id %>" method="POST">
 		<a class="btn btn-primary" href="/user/edit/<%= user.id %>">Edit</a>
 		<input type="hidden" name="_method" value="delete"/>
@@ -28,10 +29,10 @@ if ( typeof users === 'undefined' ) {
 	<li><a href="/"><%= __('Home') %></a></li>
 	<li class="active"><%= __('Users') %></li>
 </ol>
-<h2>Users <a class="btn btn-sm btn-default" href="/user/new"><%= __('Create new') %></a></h2>
+<h2>Users</h2>
 <ul>
 <% _.each(users, function(user){ %>
-	<li><a href="/user/<%= user.id %>"><%= user.email %></a></li>
+	<li><a href="/user/<%= user.id %>"><%= user.username %></a></li>
 <% }); %>
 </ul>
 

views/user/new.ejs

@@ -5,6 +5,10 @@
 </ol>
 <form role="form" action="/user/create" method="POST" class="form-center" id="sign-up-form">
 	<h2 class="form-signin-heading"><%= __('Create user') %></h2>
+	<div class="form-group">
+		<label for="username"><%= __('Username') %></label>
+		<input type="text" class="form-control" placeholder="<%= __('Username') %>" name="username" id="username" required />
+	</div>
 	<div class="form-group">
 		<label for="email"><%= __('Email') %></label>
 		<input type="email" class="form-control" placeholder="<%= __('someone@somewhere.com') %>" name="email" id="email" required />