Hi Geddy-types. I hope the new year is bringing new prosperity to everyone.
Is anyone else using an email login rather than a username? I've been attempting to do this using Geddy/Passport, but lots of stuff seems either missing or obscure enough that I haven't uncovered it.
All of my authentication is local, no oauth or openid, although I'd like to keep the option open for the future and possibly serve oauth some distant future day. Basically, my app needs to do a few things, authentication-wise:
1. I have a password change box, which asks the user to type in the old function and two copies of the new password. It then calls an ajaj function to check that the old pass is valid and if so change the user's password. Perusing through the libs, I didn't see a way to do this off the bat, so I threw up my hands and implemented it without geddy or passport.
2. My login page accepts an email address and password, or an option to create an account. If the email address is new, it goes to an account creation page.
I didn't find passport-local actually installed by default in Geddy, so I guess passport-local's good bits are somewhat well-integrated in auth and login. The Passport guide suggests the following example for email login (
http://passportjs.org/guide/configure/):
passport.use(new LocalStrategy({
usernameField:
'email'
,
passwordField:
'passwd'
},
function
(username, password, done) {
//
...
}
));
I installed passport-local and made a couple of minor changes:
this.login = function (req, resp, params) {
passport.use(new LocalStrategy({
usernameField: 'email',
passwordField: 'password'
},
function(username, password, done) {
User.first({ email: username, password: password }, function (err, user) {
done(err, user);
});
}
));
this.respond(params, {
format: 'html'
, layout: 'false'
, template: 'app/views/UserHome/eng/login'
});
};
Which didn't work. Okay, I backed that code out of login and tried it in auth.js instead. No joy. And although adding the new strategy breaks logging in with a username and password, my liberal sprinkling of console.logs weren't getting called inside login. Hum. I threw up my hands and concluded I should write my own email authentication, then remembered that I hadn't yet posted to this handy Geddy group. And here I yam. I'd like to use Geddy/Passport as much as possible. Can anyone point me in a more successful direction? Or point out something that should be painfully obvious?
Also, reading back through the old posts, I also noticed that someone had talked in 2013 about strengthening the auth mechanism with better salting. It looks to me like that was done, er, right? I didn't see it in the change log, so I thought I'd inquire. I've been considering user-specific salts.
Anyway, if you got this far, thanks for reading and thanks in advance for any suggestions!
Dave Klingler