Nodejs Passport authenticate callback not being called

Question

Using Nodejs Passport, I was testing out what happens when an error condition occurs using the following code:

passport.use(new LocalStrategy(   function(username, password, done) {     // asynchronous verification, for effect...     process.nextTick(function () {       findByUsername(username, function(err, user) {     console.log('in auth function');       return done('errortest');         if (err) { return done(err); }         if (!user) {           return done(null, false, { message: 'Unknown user ' + username });         }         if (user.password != password) {           return done(null, false, { message: 'Invalid password' });         }         return done(null, user);       })     });   } ));  app.get('/logintest', function(req, res, next) { console.log('before authenticate');   passport.authenticate('local', function(err, user, info) { console.log('authenticate callback');     if (err) { return res.send({'status':'err','message':err.message}); }     if (!user) { return res.send({'status':'fail','message':info.message}); }     req.logIn(user, function(err) {       if (err) { return res.send({'status':'err','message':err.message}); }       return res.send({'status':'ok'});     });   })(req, res, next); }); 

Using the route /logintest?username=bob&password=s I expected to see in the console, "before authenticate" then "in auth function" then "authenticate callback" but it only shows the first two followed by "errortest", and "errortest" is displayed in the browser.

I also tried return done({'message':'test'}); and "[object Object]" was displayed in the console and in the browser.

Is this not working properly or am I missing something?

EDIT: As per Jared Hanson's response, adding this error handler function as the third argument to app.get() allows me to catch the error and return the appropriate json:

...     })(req, res, next);   },   function(err, req, res, next) {     // failure in login test route     return res.send({'status':'err','message':err.message});   }); 

Answer 1

You're understanding it perfectly, and its working as intended.

If any error occurs, Passport immediately next()'s with that error. You can use error handling middleware (details: http://expressjs.com/guide/error-handling.html) if you want to handle that error in a custom manner.

Custom callbacks are primarily used to deal with authentication success or failure (user == false). Errors, like DB connectivity, etc, are not passed back to the callback, in favor of error handling middleware described above. I've considered changing this, but haven't found a compelling reason to. But, if you've got a use case that isn't covered by the above, let me know.