Derby user email/password login

118 views
Skip to first unread message

Eduard Camaj

unread,
Nov 5, 2012, 11:38:42 AM11/5/12
to der...@googlegroups.com

It seems that basic functionality such as user login, can not be done in simple manner: to have username and password field in form on client and based on that to create store.readPathAccess model access rights. Also, how to check if user is logged in to implement access rights on routes?

Based on examples and (poor) DerbyJS documentation, if I understood it correctly, you have to implement login in server module (lib/server/*) because:

  1. store.readPathAccess must be used in server side
  2. you want to store data in model session (which can be read only on server side)

But many questions arise:

  1. if it has to be done on server side, how to get and store client form data on server side without having problem with second item below on the list (I have done it with manually submitting data to server-only route, but can not then save it in model with local key because I have to redirect to client route after that and local model data is lost)
  2. how to read later that data if it must be stored in session?
  3. even if the store access rights for model is managed, how to check if this specific user is logged in when in client routes?

I'm quite confused at the moment... liked Derby principles, but this authentication problems are playing with my nerves seriously.

I know I may not be quite clear, but there are many points to go in details and if anyone can help I'll gladly give more required info.

Thank you, Eddie

László Bácsi

unread,
Nov 5, 2012, 2:41:33 PM11/5/12
to der...@googlegroups.com
Previous discussions here on authentication may be of help. There are good examples of using everyauth with Derby, for example Tyler's habitrpg.com (source: https://github.com/lefnire/habitrpg). I believe he's also working on a cleaner example which will also include user/login support.

László

Eduard Camaj

unread,
Nov 5, 2012, 4:32:50 PM11/5/12
to der...@googlegroups.com
Thanks for answering.

Yes, I saw that and examined the source and the way he has done it, but that is actually easier because he (everyauth) gets data from server side (facebook, server requests) and then without redirects able to set local model data for login state in client side, so no problems with client - server data passing and then using that to identify user in future, connect him to his data, hiding other's users data, identifying login state and such. 

It seems that some "hacky" ways are needed here for something as basic as that. 
But, although experienced, I didn't looked in every detail in sources and I'm new to Derby and Node, so it might be I'm not seeing something.

Any thoughts would be appreciated. 

Thanks,
Eddie

Tyler Renelle

unread,
Nov 5, 2012, 4:43:19 PM11/5/12
to der...@googlegroups.com
Eddie, see this discussion. To my knowledge, everyauth/password & derby aren't presently compatible. Now, one option is to try to integrate Passport, but I think you still may butt up against your particular issues - model vs client data exposure. I'll post back here if I think of something.

Carl-Johan Blomqvist

unread,
Nov 5, 2012, 4:47:57 PM11/5/12
to der...@googlegroups.com
Hey guys,

Sorry I don't have time to explain it really, but check out this gist: https://gist.github.com/4020551 which consists of code from a working implementation (as far as I know anyway) of local username/password-based authentication.

Cheers

Eduard Camaj

unread,
Nov 5, 2012, 5:04:29 PM11/5/12
to der...@googlegroups.com
Thanks guys for reply.

Carl-Johan, yeah I solved it like that too, but don't your _user model get lost after redirect? Mine sure does. :) that is local model variable and is deleted upon redirect. In my code at least. Didn't try yours.

Thanks

Carl-Johan Blomqvist

unread,
Nov 5, 2012, 5:08:30 PM11/5/12
to der...@googlegroups.com
I don't think so - it's run on every request to the server (like any other middleware) so it will get re-set. The key is to save something on the session object (req.session.something).

Eduard Camaj

unread,
Nov 5, 2012, 5:11:05 PM11/5/12
to der...@googlegroups.com
Yeah, that was my logic too and did it in similar way. Then I must have a bug somewhere.
Thanks, will check it out.
Reply all
Reply to author
Forward
0 new messages