Problems with password authentication with everyauth

1,105 views
Skip to first unread message

Andrea Di Mario

unread,
Sep 19, 2012, 9:04:48 AM9/19/12
to der...@googlegroups.com
Hi, i'm a Derby/Everyauth's new user, i'm trying authentication with password based on the example in this group and in the projects' Readme, i've created a new derby project from command line and i wrote in lib/server/index.js this:
https://gist.github.com/3749520

When i run, i've:

starting step - displayLogin
Error: Cannot find module 'undefined'
    at Function.Module._resolveFilename (module.js:338:15)
    at Function.Module._load (module.js:280:25)
    at Module.require (module.js:362:17)
    at require (module.js:378:17)
    at new View (/home/andrea/projects/first-project/node_modules/express/lib/view.js:42:49)
    at Function.app.render (/home/andrea/projects/first-project/node_modules/express/lib/application.js:486:12)
    at render (/home/andrea/projects/first-project/node_modules/express/lib/response.js:663:9)
    at ServerResponse.res.render (/home/andrea/projects/first-project/node_modules/express/lib/response.js:687:5)
    at render (/home/andrea/projects/first-project/node_modules/everyauth/lib/modules/password.js:48:13)
    at Object.render [as _displayLogin] (/home/andrea/projects/first-project/node_modules/everyauth/lib/modules/password.js:56:16)
...finished step

It seems a rendering error. Could someone give me some suggestions about this error?

Thanks for your time.
Best regards.

Владимир Махаев

unread,
Sep 20, 2012, 6:20:52 AM9/20/12
to der...@googlegroups.com
I`ve got this error too. No suggestions.

среда, 19 сентября 2012 г., 17:04:48 UTC+4 пользователь Andrea Di Mario написал:

Andrea Di Mario

unread,
Sep 20, 2012, 12:49:18 PM9/20/12
to der...@googlegroups.com
Hi, maybe a bug, unfortunally the examples in the other post use only facebook auth. We should wait for an example app or some more docs.

Regards

Tyler Renelle

unread,
Sep 20, 2012, 12:56:43 PM9/20/12
to der...@googlegroups.com
Yeah sorry, habit only has FB currently - other services (twitter, GH) to come, but password looked daunting to me. When I tackle an everyauth fork of chat/todoMVC, i'll be sure to include password. 

Andrea Di Mario

unread,
Sep 21, 2012, 2:59:19 AM9/21/12
to der...@googlegroups.com
Hi, great, really thanks.

Regards

Tyler Renelle

unread,
Sep 22, 2012, 10:22:27 PM9/22/12
to der...@googlegroups.com
heads up, auth in habit coming up in the next few weeks - i'll do todomvc/chat after that, so won't be very soon, but def. in the pipeline.

Владимир Махаев

unread,
Oct 10, 2012, 8:22:34 AM10/10/12
to der...@googlegroups.com
Still no solution?


среда, 19 сентября 2012 г., 17:04:48 UTC+4 пользователь Andrea Di Mario написал:
Hi, i'm a Derby/Everyauth's new user, i'm trying authentication with password based on the example in this group and in the projects' Readme, i've created a new derby project from command line and i wrote in lib/server/index.js this:

Darryl Ryan

unread,
Oct 11, 2012, 6:10:13 AM10/11/12
to der...@googlegroups.com
Well he did say it would be a few weeks at least... I'd appreciate an update on this too though... I have been checking back here every day in anticipation  :)
I've got some awesome ideas of what I want to make with Derby but without password authentication it just can't work and security isn't really something I'd attempt myself without fully understanding how everything works inside out, which I don't. Very tempted to start with certain other frameworks out there that have auth examples already, but I can resist a little longer.... just...a...bit...more...patience...must... resist :D

Tyler Renelle

unread,
Oct 11, 2012, 9:37:54 AM10/11/12
to der...@googlegroups.com
Hey guys, I promise I haven't forgotten - I've been inbetween jobs (aka, juggling many) presently and haven't had any time, hopefully will have time in the near future. Please see how far you can get using habitrpg side-by-side with everyauth-example as example code, and I'll be back sometime soon.

Matt

unread,
Oct 12, 2012, 4:30:26 AM10/12/12
to der...@googlegroups.com
Andrea, 

I've been playing with password auth lately (I haven't gotten much farther than you), but I've figured out the line of code that is causing the error.

  everyauth.password
    .loginKey('email')
    .loginFormFieldName('email')
    .loginWith('email')
    .getLoginPath('/login')
    .postLoginPath('/login')
    .loginView('login') //EXPLOD-A-MATIC!!!

I dived a bit into the code and I'm not exactly sure what's going on. I know if I pass in:
login
/views/app/login

I get the same exception. If I pass in
login.html
/views/app/login.html

The exception changes somewhat to:

Error: Cannot find module 'html'

My guess: Whatever derby is using to register templates doesn't use the file extension. However, this code expects the file extension to point to the view engine (like jade, as the example uses).

I found this comment in the source of password.js in EveryAuth for the loginView property.

This is what goes in loginView:

Either (A) the name of the view (e.g., "login.jade") 
or (B) the HTML string corresponds to the login page 
or (C) a function (errors, login) {...} that returns the HTML string incorporating the array of `errors` messages and the `login` used in the prior attempt'

Andrea, it sounds like we've both tried A, but because of the syntax for the derby views, that doesn't work. I've been searching through the derby source trying to find an easy way to render a view to a string so that I could pass that to this method, but haven't figured it out yet.

Anyone else have some ideas?

Matt

Владимир Махаев

unread,
Oct 26, 2012, 10:10:00 AM10/26/12
to der...@googlegroups.com
After digging a little found something.

Everyauth uses express.js rendering (not derby).
Express.js needs engine for every file extension it renders. If there is no, it tries to find one with simply doing: 
engine = require(file extension)
That`s why we see error message.

So all we need is to add some engine to express.js or just do like this:

expressApp.engine 'html', do ->
cache = {}
return (path, options, cb) ->
try
str = cache[path] or cache[path] = fs.readFileSync path, 'utf8'
cb null, str
catch err
cb err

Now for login.html in views folder (express.js uses /views/ folder by default):

.loginView('login.html')

That`s works but it`s half way solution, because in ideal we want derby.js to render everything.
There is a static rendering in derby.js, you can find it in app/server/serverError.js but to connect it to everyauth it`s needed to change everyauth or derby`s static rendering. I`m not sure how to do it best. Hope that derby team will consider this.

пятница, 12 октября 2012 г., 12:30:26 UTC+4 пользователь Matt написал:

László Bácsi

unread,
Oct 26, 2012, 10:35:10 AM10/26/12
to der...@googlegroups.com
I haven't checked but isn't it possible to drop the extension and have the everyauth login page on another endpoint, maybe just /login?

Владимир Махаев

unread,
Oct 26, 2012, 10:46:03 AM10/26/12
to der...@googlegroups.com
It would be possible to pass undefined like an extension to expressApp.engine function if it does not check for dot in extension.
So not possible.

пятница, 26 октября 2012 г., 18:35:36 UTC+4 пользователь Laszlo Bacsi написал:

László Bácsi

unread,
Oct 26, 2012, 10:59:42 AM10/26/12
to der...@googlegroups.com
I meant if it's possible to configure everyauth so that it uses /login as the login page and not /login.html.

Владимир Махаев

unread,
Oct 26, 2012, 11:22:33 AM10/26/12
to der...@googlegroups.com
I see no way.

пятница, 26 октября 2012 г., 19:00:09 UTC+4 пользователь Laszlo Bacsi написал:

Andrea Di Mario

unread,
Oct 26, 2012, 11:29:57 AM10/26/12
to der...@googlegroups.com
Hi, thanks, now works with .html, now i've problems with jade and everyauth.password.loginFormFieldName that seems not defined, I'm looking for that.

Best regards.

Tyler Renelle

unread,
Nov 5, 2012, 4:38:44 PM11/5/12
to der...@googlegroups.com
Matt & (Vladimir?) are right, Everyauth's "password" module handles view rendering (via res.render) directly, and so expects to be tied to a view engine (jade) and view files. Integration with Derby's mustache-offshoot templating system will have be built either as an express-compatible view engine (since even static routes use Derby's engine), or as an exception in Everyauth's password.js file. I think the latter is the best method, maybe password.js can expose a configurable - like dontRender - which would bypass all rendering code and leave passing variables to views to our own devices (which we'd do via model.set("_errors", errors), for example).

I came across this trying to implement a working example of password login in my authentication example. My thoughts then were: Ok, then let's not use password module as Everyauth middleware, but instead let's create our own custom middleware that calls functions from password module just to reuse some logic. However, all the methods are chained promises, so I don't think they're accessible to be called directly.

So as it stands, even with Vladimir's html-engine hack, I don't think everyauth/password and derby are compatible. So here are next step options
  • Create pull request for Brian a la previous mentioned modifications (dontRender configurable, or something)
  • Handle user registration and login with custom code, not Everyauth. It shouldn't be too difficult, I'm not sure that everyauth adds too much in the way of password login (I use Everyauth for its social-network api integration)
  • Or use Passport

Tyler Renelle

unread,
Nov 7, 2012, 12:18:41 PM11/7/12
to der...@googlegroups.com
Keep an eye on my auth example. I'm trying to separate code out into a node module "derby-auth". Having a lot of trouble with password authentication, so please fork if you have any insights. My plans are to play around with providing my own everyauth.submodule called derbyPassword (in ./lib) which re-uses a bunch of password.js code, but makes it compatible with Derby. If this proves too difficult, I'm going to replace Everyauth with Passport. 

Tyler Renelle

unread,
Nov 14, 2012, 1:08:09 AM11/14/12
to der...@googlegroups.com
At long last, it lives: auth-example, which uses the new derby-auth npm module. Very rough around the edges, so please pull-request the shit out of that bad boy. But for the most part I have registration / login working, plus sample oauths with Github, Linkedin, Twitter, & Facebook.


On Wednesday, 19 September 2012 09:04:48 UTC-4, Andrea Di Mario wrote:

Andrea Di Mario

unread,
Nov 14, 2012, 4:39:27 AM11/14/12
to der...@googlegroups.com
Hi, a great work, only on derby-examples/authentication/lib/server/index.js:66:58 you wrote authoConf, instead authConf.

Really thanks.
Best regards.

Tyler Renelle

unread,
Nov 14, 2012, 9:03:04 AM11/14/12
to der...@googlegroups.com
Fixed, thanks Andrea

Tyler Renelle

unread,
Nov 14, 2012, 12:43:42 PM11/14/12
to der...@googlegroups.com
update: example has been moved to derby-auth/example


On Wednesday, 19 September 2012 09:04:48 UTC-4, Andrea Di Mario wrote:

Matteo Brunati

unread,
Nov 15, 2012, 5:39:41 AM11/15/12
to der...@googlegroups.com
Hi Tyler!
Thanks for your work! I'm approaching Derby for a new project in these days, and without your work it would have been really more painful ;)

Looking around in the source code, I found a typo and JSLint proposed me some coding improvements in index.js. I don't know if you want to consider them:
- line #4: "savedStrageties" should be "savedStrategies" ;)
- lines #44, #148, #202, #234: add ";"
- line #234: remove ";"

Best regards,
Matteo

Matteo Brunati

unread,
Nov 15, 2012, 6:08:57 AM11/15/12
to der...@googlegroups.com
Hi,
Sorry for my first reply, but after sending it I've noticed that you made quite substantial changes... :/

So:
* for derby-auth/index.js:
  - the "savedStrategies" typo is not there any more since you changed the variable in "_strategies"
  - some ";" are still missing, but they changed line number: #12, #35, #62, #75, #180, #236
  - there's still the unnecessary ";" at line 268
* for example/lib/server/index.js:
  - again missing some ";", in lines #9, #12, #24, #20
* As for running the example, in the README.md file in the derby-auth/example folder, I would suggest to remember people they have to run "npm install" in both the derby-auth/ and the derby-auth/example directories.

I Apologize if my points are too silly! I hope my eventual next posts will be more "constructive" ;)

Regards,
Matteo

Tyler Renelle

unread,
Nov 15, 2012, 9:07:34 AM11/15/12
to der...@googlegroups.com
These points are absolutely not silly, JSLint suggestions are quite constructive. However, I would recommend future modifications to be Github pull requests for these reasons: (1) creates trackable trail, (2) can be tested (there are not tests now, but later), (3) cuts down on code in forums. Also, more and more sites have begun tracking coder "clout" by their Github activity, so pull requests will improve your "online score" :)

Matteo Brunati

unread,
Nov 15, 2012, 9:45:43 AM11/15/12
to der...@googlegroups.com
Ok, I got your points and I totally agree with you! :)

Matteo
Message has been deleted
Message has been deleted

Dennis Torres

unread,
Nov 15, 2012, 3:43:49 PM11/15/12
to der...@googlegroups.com
Does (or will) derby-auth support multi page apps? When I change pages model.session is undefined so it fails.

Tyler Renelle

unread,
Nov 15, 2012, 3:45:35 PM11/15/12
to der...@googlegroups.com
Woa, model.session is unset between pages? :o That seems like a bug. I'll look into it when I get the chance

Zeph .

unread,
Nov 15, 2012, 4:07:44 PM11/15/12
to der...@googlegroups.com
Don't believe session info is available on the client. You might want to set up the model with user info in one of the route middleware.

Dennis Torres

unread,
Nov 15, 2012, 4:42:50 PM11/15/12
to der...@googlegroups.com
Yea. I altered my routes to check if session is available and if so to store userId and loggedIn properties on private model paths. Using the model path works just fine.

Tyler Renelle

unread,
Nov 15, 2012, 5:12:21 PM11/15/12
to der...@googlegroups.com
but.. but.. pull requests! :,(
Reply all
Reply to author
Forward
0 new messages