With Passport configured, we can now set up the passport-local
strategy for authenticating with a username and password.
First, we can configure the local strategy by creating a new instance of it and passing it as middleware into passport
:
passport.use(new LocalStrategy( function(username, password, done) { // … } ));
The new LocalStrategy
object will take in an anonymous function with the following parameters:
username
password
- A callback function called
done
.
The purpose of the done
callback is to supply an authenticated user to Passport if a user is authenticated. The logic within the anonymous function follows this order:
- Verify login details in the callback function.
- If login details are valid, the
done
callback function is invoked and the user is authenticated. - If the user is not authenticated, pass
false
into the callback function.
The done
callback function takes in two arguments:
- An error or
null
if no error is found. - A user or
false
if no user is found.
With those steps implemented our updated strategy should look like:
passport.use(new LocalStrategy( function (username, password, done) { // Look up user in the db db.users.findByUsername(username, (err, user) => { // If there's an error in db lookup, // return err callback function if(err) return done(err); // If user not found, // return null and false in callback if(!user) return done(null, false); // If user found, but password not valid, // return err and false in callback if(user.password != password) return done(null, false); // If user found and password valid, // return the user object in callback return done(null, user) }); }) );
We’re looking for potential errors during the authentication process and addressing them before the next request handler is reached.
Once the local strategy is configured, the Express application will have user authentication implemented!
Instructions
Add a new LocalStrategy
instance with an anonymous callback function using username
, password
, and done
as its parameters.
Type node app.js
into the Terminal to start the node app.
Press the Check Work button to check your work for each checkpoint.
A db
lookup function has been provided.
Within the LocalStrategy
function, make a call to db.users.findByUsername()
. Provide username
as the first argument. For the second argument, give it an arrow callback function using err
and user
as its parameters.
Within the db lookup function, add an if
statement that checks if an error is found.
In that if
statement, return the done()
callback with one argument showing that an error was found.
Add another if
statement if NO user is found.
Return the done()
callback with arguments showing that there was NO error and NO user was found.
Add one last if
statement that checks if a user was found but the password was invalid. You can do this by comparing user.password
to password
.
Return the done()
callback with arguments showing that there was NO error and NO user was found.
Return the done()
callback function with arguments showing that there was NO error and a user was found.