Link to home
Start Free TrialLog in
Avatar of Isaac
IsaacFlag for United States of America

asked on

express passportjs confusion

Hello All,

I am reading a book called express.js Blueprints.  I am trying to wrap my mind around understanding authentication using passport.  serializing and deserializing is not registering to me.  I have just started learning node and express js so that's a big reason why.

Here's a code from the book on setting up passport.  Starting with line 5, can someone please break down what's happening?  Where is the "user" parameter coming from in the serializeUser function?  Where did "user.id" come from?

var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var User = require('mongoose').model('User');

passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, done);
});

passport.use(new LocalStrategy(function(email, password, done) {
User.findOne({
email: email
}, function(err, user) {
if (err) return done(err);
if (!user) {
return authFail(done);
}
if (!user.validPassword(password)) {
return authFail(done);
}
return done(null, user);
});
}));

Open in new window

Avatar of Isaac
Isaac
Flag of United States of America image

ASKER

I am even looking at the code on passport.js site 'Configure' section.
How does the username and password get passed to the function?

var passport = require('passport')
  , LocalStrategy = require('passport-local').Strategy;

passport.use(new LocalStrategy(
  function(username, password, done) {
    User.findOne({ username: username }, function (err, user) {
      if (err) { return done(err); }
      if (!user) {
        return done(null, false, { message: 'Incorrect username.' });
      }
      if (!user.validPassword(password)) {
        return done(null, false, { message: 'Incorrect password.' });
      }
      return done(null, user);
    });
  }
));

Open in new window

Avatar of Julian Hansen
In answer to your first question

The serialize and deserialize functions are used to save user data to passport and retrieve it again. When you login the user object (details associated with your user) are only available at authentication time. That means if you want to get user info relating to the user account after login you need to save those values in the session (or query them each time which would require you save at least a unique ID linked to the user).
The serialize method is where you tell passport what data you want it to save in the session relating to the user. The deserialize function is where you ask passport to give that data back to you.

It is explained in detail in the docs here http://passportjs.org/docs#sessions

With reference to your second question - the username and password is handled differently depending on the strategy you use. In the case of one of the in-built strategies passport handles that for you. In the case of a custom strategy you setup a form with username and password fields and then create a route that sends this to passport.

You can read more about this here http://passportjs.org/docs#configuration
Avatar of Isaac

ASKER

Where does the 'user.id' come from?  

passport.serializeUser(function(user, done) {
done(null, user.id);
});

Open in new window

Is it checking the database?  I don't have a 'user' field in my mongo db.
I'm trying to use 'local-strategy' and 'passport-local-mongoose'.
Avatar of Isaac

ASKER

>>When you login the user object (details associated with your user) are only available at authentication time.

Is the user object created when they try to sign into the database?
ASKER CERTIFIED SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial