Skip to content

Home

Jump to bottom Edit New page
Rowan edited this page Oct 8, 2019 · 1 revision

Install

$ npm install @passport-next/passport-local

Usage

Configure Strategy

The local authentication strategy authenticates users using a username and password. The strategy requires a verify callback, which accepts these credentials and calls done providing a user.

passport = require('passport');
LocalStrategy = require('passport-local').Strategy;

passport.use(new LocalStrategy(
  function(username, password, done) {
    User.findOne({ username: username }, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      if (!user.verifyPassword(password)) { return done(null, false); }
      return done(null, user);
    });
  }
));
Available Options

This strategy takes an optional options hash before the function, e.g. new LocalStrategy({/* options */ }, callback).

The available options are:

  • usernameField - Optional, defaults to 'username'
  • passwordField - Optional, defaults to 'password'

Both fields define the name of the properties in the POST body that are sent to the server.

Parameters

By default, LocalStrategy expects to find credentials in parameters named username and password. If your site prefers to name these fields differently, options are available to change the defaults.

passport.use(new LocalStrategy({
    usernameField: 'email',
    passwordField: 'passwd',
  },
  function(username, password, done) {
    // ...
  }
));

The verify callback can be supplied with the request object by setting the passReqToCallback option to true, and changing callback arguments accordingly.

passport.use(new LocalStrategy({
    usernameField: 'email',
    passwordField: 'passwd',
    passReqToCallback: true,
  },
  function(req, username, password, done) {
    // request object is now first argument
    // ...
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'local' strategy, to authenticate requests. It searches for fields in the query string and req.body, so ensure body parsers are in place if these fields are sent in the body.

For example, as route middleware in an Express application:

app.use(require('body-parser').urlencoded({ extended: true }));
app.use(passport.initialize());

app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login' }),
  function(req, res) {
    res.redirect('/');
  });
Add a custom footer
Add a custom sidebar
Clone this wiki locally