Verify Password
In the previous section, you created a page which prompts the user to enter their username and password. In this section, you'll verify that the password is correct.
Install passport
and the passport-local
strategy as dependencies.
$ npm install passport
$ npm install passport-local
Next, configure Passport. Open routes/auth.js
and require()
the newly
installed packages at line 2, below require('express')
.
var express = require('express');
var passport = require('passport');
var LocalStrategy = require('passport-local');
var crypto = require('crypto');
var db = require('../db');
The built-in crypto module and the app's database are also require()
'd.
Add the following code at line 7 to configure the LocalStrategy
.
passport.use(new LocalStrategy(function verify(username, password, cb) {
db.get('SELECT * FROM users WHERE username = ?', [ username ], function(err, row) {
if (err) { return cb(err); }
if (!row) { return cb(null, false, { message: 'Incorrect username or password.' }); }
crypto.pbkdf2(password, row.salt, 310000, 32, 'sha256', function(err, hashedPassword) {
if (err) { return cb(err); }
if (!crypto.timingSafeEqual(row.hashed_password, hashedPassword)) {
return cb(null, false, { message: 'Incorrect username or password.' });
}
return cb(null, row);
});
});
}));
This configures the LocalStrategy
to fetch the user record from the app's
database and verify the hashed password against the password submitted by the
user. If that succeeds, the password is valid and the user is authenticated.
Next, add a route that will authenticate the user when they submit the form by
clicking "Sign in." Continuing within routes/auth.js
, add the following code
at line 28, below the /login
route.
router.post('/login/password', passport.authenticate('local', {
successRedirect: '/',
failureRedirect: '/login'
}));
Try signing in by starting the server.
$ npm start
Open http://localhost:3000, click "Sign in," and enter the following credentials:
Username: alice
Password: letmein
Click "Sign in."
Uh oh... the app fails with an error related to sessions. Next, you will fix that error by configuring Passport to establish a session.