I am creating a NodeJS app which requires that the user registers; I'm using passport to manage the autentication ('local' strategy) but now i need to modify the strategy. I need that, first the user registers, then a mail is send to one (or more) administrators with a Link to aprove or not the registration. I remember that in Moodle it is something called "email-based self-registration".
I know i can do this manually, but I suppose that passport or other library has this functionality implemented. ¿someone knows if it is possible?
Thank you in advance.
Passport only does user authentication.
Take a look at Drywall, which uses Express and Passport. http://jedireza.github.io/drywall/
Related
I'm using keycloak on react-native. And process login session with api calls. I want to add remember me feature to my app but i don't know any proper way to do that. Storing user's login information on cache is sounds like insecure. Can i grant access to user with access token or something like that? Thank you for reading. Have a nice day.
I think i'm solved the problem. I addedreact-native-keychain to project. Storing username and password on a encrypted storage. This package also asks for fingerprint before decrypt these informations.
I'm currently working on my friend's (who is a photographer) portfolio website using the following technologies:
Node.js
Express
MongoDB and Mongoose
ejs
I'm a beginning developer and have been struggling for a while now with authentication. I know how to use the passport package to create an administrator user, but since I don't want to implement a user system for a portfolio website, I'm not sure how I should go about making an admin.
The admin would be my friend, and he and only he should be able to see express routes meant for replacing pictures, uploading them, and in short just making post requests to the database. I know I should probably use some form of middleware like with the Passport package, but else than that I have no idea how to go about this.
Thanks in advance!
You can use HTTP Auth for this purpose, check this NPM Module
What happens is, you will define a custom username and password, and use the package as a middleware for your routes, now whenever a user visits the page, the browser will automatically show a popup asking for username and password. In this case, you will not need to implement a user system.
A similar question and answer is posted here
I am not familiar with user authentication in Node.js, now I am trying to create a website with a login system. I have managed to make it work using the code snippets from the website, but I don't really understand why we need the passport.js as a middleware to do the authentication.
Registration:
Let's take passport-local as an example, when we are using the passport middleware, we basically is trying to create a new document in the database, then can we do it without passport, such as using the MongoClient directly, with checkings of duplicates, and store the password after encryption.
Login:
We can simply check the user's email or username against our database, and then check the password after email or username is matched. This, as well, can be done without passport. After user identity has been confirmed we can use the express-session to store the session in the cookie for login persistence.
A video about the process that I described above can be found here.
I understand that there must be some very important functionality that I neglect, but after browsing many web resources, including stackoverflow, youtube, passport.js's docs and many others, I still didn't understand what does passport.js do and why we need it.
Apologies in advance if the question seems silly.
To me it's unnecessary.
It's not saving me any work. I have to write the configuration, the callback, and the user schema. To me, it's just easier for me to just write a middleware for that.
And I don't see there is any security enforcement I am getting cuz I am writing my own verify callback anyway.
So, I don't see any reason that I should use it.
Passport is a middleware for express.js. It supports various login types, Basic, Token, Local (username, password), OAuth, OAuth2, etc. We can combine these to allow users to authenticate by signing in with Google, FB, or whatever service with very minimal amount of code. We can also use this to combine external auth services so users can choose to login with one of the selected Strategies, e.g. Google, Twitter. It's much quicker to use passport for authentication than to build one yourself from scratch. This is why we use passport. You don't need passport, it just makes developing quicker. Read more from their website => https://www.passportjs.org/
We can know if the person trying to access routes, etc, is or is not a user. Can we know if a specific user is online, or if a specific user is visiting a specific page?
req.user
Is not sufficient here.
Passport is providing the mechanism to authenticate the user. The situation that you want to implement needs the different modules. Like whether user is online or not can be done using the socket.io module. and user is visiting specific page can be track by server side caching and redis is the one of the way as said by #Darkrum.
I'm trying to build a bridge between two applications, so I am trying to use the same session that I get from Rails to authenticate a user in Node. The two applications have access to the same memcache, so one application just writes to it and the other one reads from it. Basically, I am authenticating the app from another application and I need to create a user session with Passport, how can I do that?
Edit: Right now, I'm leaning towards just writing a new strategy.
I ended up writing a new strategy for passport that would check memcached and then finish the authentication process.