Nodejs Passport authenticate callback not being called with no errors

Question

I've seen similar questions to mine, but I cannot find the right answer.

I'm trying to implement a very simple login form using nodejs+express+passport (local strategy). The thing is, it seems that my authenticate callback always fails. I've removed every connection to the test DB (every tutorial has an example MongoDB).

This is my login form

<html>
  <body>
    <form action="/login" method="post">
      <div>
        <label>Username:</label>
        <input type="text" name="username" />
        <br/>
      </div>
      <div>
        <label>Password:</label>
        <input type="password" name="password" />
      </div>
      <div>
        <input type="submit" value="Submit" />
      </div>
    </form>
  </body>
</html>

This is my server.js (i run it with npm start)

var express = require('express');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;

var app     = express();
var port    =   process.env.PORT || 8080;

app.use(passport.initialize());
app.use(passport.session());

passport.use(new LocalStrategy(function(username, password, done) {
        // no authentication logic here... just return done with an object with 2 fields
        return (done, {username : username, password : password});
}));

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

// ROUTES
// ==============================================

// sample route with a route the way we're used to seeing it

app.post('/login',
                passport.authenticate('local', {
                successRedirect: '/loginSuccess',
                failureRedirect: '/loginFailure'
                })
);

app.get('/login', function(req, res) {
  res.sendfile('views/login.html');
});

app.get('/loginFailure', function(req, res, next) {
  res.send('Failed to authenticate');
});

app.get('/loginSuccess', function(req, res, next) {
  res.send('Successfully authenticated');
});

// START THE SERVER
// ==============================================
app.listen(port);

console.log('Magic happens on port ' + port);

I always get the Failed to authenticate message. Like I said, I've stripped every code relating to a schema/model with mongoose to read data from a sample MongoDB. The passport.authenticate callback just returns the done function with an object with 2 fields, called username and password like the ones expected by passport-local

Can you help me?

Answer 1

I don't believe you're invoking the callback correctly: First param expects an error or null and second expects false, or user object.

passport.use(new LocalStrategy(function(username, password, done) {
    // no authentication logic here... just return done with an object with 2 fields
    done(null, {username : username, password : password}); 
}));

or, using a db:

passport.use(new LocalStrategy(function(username, password, done) {
    db.users.findOne({ username : username}, function(err, user){
       if(err) return done(err);
       if(!user || user.password !== password) return done(null, false); 
       done(null, user);
    });
});

Here you can see we compare passwords before responding with the user object, which then gets attached by the passport lib to req.user. Ofcourse you wouldn't compare the two passwords but instead their hashes using bcrypt or similar.