Develop Reference

Error: Failed to serialize user into session with Node Js, Passport and Mysql Database

I'm using Mysql Database for my Node Js Application. Using the Passport for the Authentication. This is my Passport.js File.
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var mysql = require('mysql');
var connection = mysql.createConnection({
host : "localhost",
user : "root",
password : "",
database: "cafe"
});
connection.connect(function(err){
if(err) throw err;
else console.log("Passport Server Connected");
});
passport.serializeUser(function(user, done) {
console.log("In Serialize !"+ user.ID);
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser(function(id, done) {
connection.query("select * from user where id = "+id,function(err,rows){
console.log("Inside Deserialize ---> "+rows[0]);
done(err, rows[0]);
});
});
// https://gist.github.com/manjeshpv/84446e6aa5b3689e8b84
// Passport with mysql database
passport.use('local-signup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) {
connection.query("select * from user where email = '"+email+"'",function(err,rows){
console.log(rows);
console.log("above row object");
if (err)
return done(err);
if (rows.length > 0) {
// return done(null, false, req.flash('signupMessage', 'That email is already taken.')); // Not Working
return done(null, false, {message : 'Email Id Already Taken !'}); //Default Json Unauthorised
} else {
// if there is no user with that email
// create the user
var newUserMysql = new Object();
newUserMysql.email = email;
newUserMysql.password = password; // use the generateHash function in our user model
console.log(newUserMysql);
var insertQuery = "INSERT INTO user ( email,password ) VALUES ('"+ email +"','"+ password +"')";
console.log(insertQuery);
connection.query(insertQuery,function(err,rows){
newUserMysql.id = rows.insertId;
if(err) throw err;
// console.log("Error is "+ err);
// console.log(insertQuery);
return done(null, newUserMysql);
});
}
});
// connection.end();
}));
passport.use('local-login', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form
connection.query("SELECT * FROM `user` WHERE `email` = '" + email + "'",function(err,rows){
if (err)
return done(err);
if (!rows.length) {
// return done(null, false, req.flash('loginMessage', 'No user found.')); // req.flash is the way to set flashdata using connect-flash
return done(null, false, {message: 'No User Found! '});
}
// if the user is found but the password is wrong
if (!( rows[0].password == password )){
// return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
return done(null, false, {message: 'Oops! Wrong Password! '});
}
// all is well, return successful user
console.log(" Inside callback of local-login -> "+rows[0]);
return done(null, rows[0]);
});
}));
// module.exports;
As per my Application, Whenever I'm creating a new User in Signup Page, it's Successfully creating the User and the session is created by calling the Serialize and Deserialize function.
But when I try to LogIn the user, it's creating this Error.
Only Serialize is working and Deserialize function is not called in Login Process.
However if I disable the Session with session:false, it's logging me in, but without session which I don't want.
Here's my routes file.
var express = require('express');
var router = express.Router();
async = require('async');
var csrf = require('csurf');
var passport = require('passport');
var csrfProtection = csrf();
router.use(csrfProtection);
// Profile Routes
router.get('/profile',function(req,res,next){
res.render('user/profile');
});
// SIGN UP Routes
router.get('/signup',function(req,res,next){
var messages = req.flash('error');
// console.log("In Get Route "+ messages +" is the Error"); //req.flash not working.
res.render('user/signup', {csrfToken:req.csrfToken(), messages: messages , hasError: messages==undefined ?false :messages.length>0});
});
router.post('/signup',passport.authenticate('local-signup',{
successRedirect:'/user/profile',
faliureRedirect : '/user/signup',
// faliureMessage:'Not Valid',
faliureFlash:true,
// session:false
}));
//Sign In
router.get('/signin',function(req,res,next){
var messages = req.flash('error');
// console.log("In Get Route "+ messages +" is the Error"); //req.flash not working.
res.render('user/signin', {csrfToken:req.csrfToken(), messages: messages , hasError: messages==undefined ?false :messages.length>0});
});
router.post('/signin',passport.authenticate('local-login',{
successRedirect:'/user/profile',
faliureRedirect : '/user/signin',
faliureFlash:true,
// session:false,
}));
//Log Out
router.get('/logout',function(req,res,next){
req.logOut();
res.redirect('/');
});
module.exports = router;
If I may ask, my flash isn't also working. Any Help on that will be appreciated.
PS - Please note that my Sign Up is working fine, so basically the session is being created and serialize and deserialize functions are also working fine. The problem is in Login Session only

PassportJS Local Strategy

It's my first time implementing passport strategies (using this tutorial https://scotch.io/tutorials/easy-node-authentication-setup-and-local) and I think I made a small mistake that cause a weird problem. First time login with email and password, no problem (db connected, user login successful) second time with same email and password I get rangeError: Invalid status code: 1 and crash nodemon.
I tried to find more info on this error but there really isn't any out there. I did come across someone else with similiar issue but no one answered his question since October. Anyone care to take a crack at this?
routes.js
app.post('/login', passport.authenticate('local'), function (req, res {
console.log("passport user" + req.user);
res.status(200).json({
user: req.user
});
});
app.get('/user/auth', auth.isAuthenticated, function (req, res) {
if (req.user) {
res.status(200).json({
user: req.user
});
} else {
res.sendStatus(401);
}
});
app.post("/api/user", function (req, res) {
const user = req.body;
console.log(user);
User.findOne({ 'local.email': user.email },
function (err, result) {
if (err) {
console.log(err);
handleError(err, res);
return;
}
if (result) {
res.status(500).send("Email already exists in database");
} else {
var newUser = new User();
newUser.local.password = createHash(user.password);
newUser.local.email = user.email;
newUser.local.name = user.name;
newUser.local.mobile = user.mobile;
newUser.save(function (err, result) {
res.status(201).send("User added to database");
});
}
});
});
auth.js
passport.use(new LocalStrategy({ // redefine the field names the strategy (passport-local) expects
usernameField: 'username',
passwordField: 'password',
passReqToCallback : true
}, function(req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error
if (err)
return done(err);
// check to see if theres already a user with that email
if (user) {
return done(null, false, req.flash('signupMessage', 'That email is already taken.'));
} else {
// if there is no user with that email
// create the user
var newUser= new User();
// set the user's local credentials
newUser.local.email= email;
newUser.local.password = newUser.generateHash(password);
// save the user
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}
var isAuthenticated = function(req, res, next) {
//console.log("isAuthenticated(): ", req.user);
if (req.isAuthenticated()) {
next(); //good moves to the next one
}
else {
res.sendStatus(401);
}
}
return {
isAuthenticated: isAuthenticated,
}
};
user.js
var mongoose = require('mongoose');
var bcrypt = require('bcrypt-nodejs');
// define the schema for our user model
var userSchema = mongoose.Schema({
local: {
id: String,
email: String,
password: String,
name: String,
mobile: String
},
google: {
id: String,
token: String,
email: String,
name: String
}
});
// methods ======================
// generating a hash
userSchema.methods.generateHash = function(password) {
return bcrypt.hashSync(password, bcrypt.genSaltSync(8), null);
};
// checking if password is valid
userSchema.methods.validPassword = function(password) {
return bcrypt.compareSync(password, this.local.password);
};
// create the model for users and expose it to our app
module.exports = mongoose.model('User', userSchema);
html
<div class="panel panel-default">
<div class="panel-body">
<form name='loginForm' ng-submit='ctrl.login()' novalidate>
<div class="form-group">
<input class="form-control" type="text" name="username" placeholder="EMAIL" id="username" ng-model='ctrl.user.username'></div>
<div class="form-group">
<input class="form-control" type="password" name="password" placeholder="PASSWORD" id="password" ng-model='ctrl.user.password'></div>
<div class="form-group">
<input id="submit" name="submit" type="submit" class="btn btn-full btn-block" value="Log In"></div>

Does input field containing email for signup in passport-local have to have attribute 'name = username'?

I have local passport strategies set up to login and signup users, and I the way the current userflow works is that the user visits the signup page, enters their email address and password, and can login with those exact same credentials in the login view. Nothing fancy.
What I've noticed is that when I attempt to change the single line name attribute of the input field from 'username' to something like, 'email' to make it more readable, the code breaks with the message "Invalid user credentials" propagating via connect-flash. Every proof of concepts I've seen has had that input information be 'username', but when I change that single line and enter a distinct new email, signup no longer works.
Here is the view in question:
views/signup.ejs
<h1><span class="fa fa-sign-in"></span> Signup</h1>
<!-- show any messages that come back with authentication -->
<% if (message.length > 0) { %>
<div class="alert alert-danger"><%= message %></div>
<% } %>
<!-- LOGIN FORM -->
<form action="/users/signup" method="post">
<div class="form-group">
<label>Email</label>
<!-- the line directly below works -->
<input type="text" class="form-control" name="username">
<!-- but this line immediately below does not work! -->
<!-- <input type="text" class="form-control" name="email"> -->
</div>
<div class="form-group">
<label>Password</label>
<input type="password" class="form-control" name="password">
</div>
<button type="submit" class="btn btn-warning btn-lg">Signup</button>
</form>
Here is my local-signup strategy:
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
db.User.findById(id).then(function(user) {
done(null, user);
})
.catch(function(err){
done(err, null);
});
});
passport.use('local-signup', new LocalStrategy({
emailField : 'email',
passwordField : 'password',
passReqToCallback : true },
function(req, email, password, done){
if(req.session.user && req.session){
done(null, false, {message: 'User is already logged in, signup illegal'});
}
else{
db.User.findOne({ where: {email : email }})
.then(function(user) {
if(user !== null) {
done(null, false, {message: 'User already exists'});
}
else{
//create user yada yada
}
})
.catch(function(err){
return done(null, false, {message: err});
});
}
}
));
Is it absolutely required by passport.js that the attribute in the signup view for the signup strategy MUST be username? That strikes me as incredibly strange. Again, I'd like to emphasize the fact that literally the only change I made to the existing functional signup process was to change the attribute to 'email' instead of 'username'.

Though similar question have been asked a couple of times, they are without a really good answer in the context that PassportJS is to make authentication simple and so we can't expect those who are implementing it to delve deep into its code.
Passport-local is the Strategy that most people will utilize when using PassportJS. It typically expects a value of username and email as mentioned above.
If you go into node_modules/<path to passport-local>/strategy.js you will find more documentation on how to implement this.
`Strategy` constructor.
The local authentication strategy authenticates requests based on the
credentials submitted through an HTML-based login form.
Applications must supply a `verify` callback which accepts `username` and
`password` credentials, and then calls the `done` callback supplying a
`user`, which should be set to `false` if the credentials are not valid.
If an exception occured, `err` should be set.
Optionally, `options` can be used to change the fields in which the
credentials are found.
Options:
- `usernameField` field name where the username is found, defaults to _username_
- `passwordField` field name where the password is found, defaults to _password_
- `passReqToCallback` when `true`, `req` is the first argument to the verify callback (default: `false`)
The example that Jared Hanson, provided here that follows, is frankly inadequate as it doesn't even implement any of these features, thus, I've ommitted it, but if you look at the actual Strategy constructor's code, it's much clearer.
function Strategy(options, verify) {
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) { throw new TypeError('LocalStrategy requires a verify callback'); }
this._usernameField = options.usernameField || 'username';
this._passwordField = options.passwordField || 'password';
passport.Strategy.call(this);
this.name = 'local';
this._verify = verify;
this._passReqToCallback = options.passReqToCallback;
}
So, basically, it checks to see if you passed in the callback appropriately, and checks to see if you passed in an options object. This options object is then checked to see for configurations and it does so via short-circuiting with the || symbol. So if you don't pass in any configs it'll just default to the username and password params.
Thus, pass inside your local config as follows -- in this example I swap out username for email.
passport.use('local-signup', new LocalStrategy({
usernameField: 'email',
passwordField : 'password',
passReqToCallback : true
},
function(req, email, password, done){
if(req.session.user && req.session){
done(null, false, {message: 'User is already logged in, signup illegal'});
}
else{......
Finally, go into your model or database schema and make sure to change columns appropriately to match.
Extra info:
"Why do we need to configure PassportJS?" (answering because that same question occurred to me)
The answer is you need to configure it to your database needs; you might be using MySQL, or MongoDB or some other database and each PassportJS implementation has to suit that database somehow. The following are questions that PassportJS cannot figure out on its own without customization from the user.
Do I need to use an ORM?
What kind of error messages do I need to display?
What other fields do I need to accept?
TL;DR
pass in an options object to ur new local strategy config by changing expected params around as intended by the passport-local creator.

You need to tell Passport that you're going to use the email field as the username.
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
db.User.findById(id).then(function(user) {
done(null, user);
})
.catch(function(err){
done(err, null);
});
});
passport.use('local-signup', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField: 'email',
passwordField: 'password',
passReqToCallback: true
},
function(req, email, password, done){
if(req.session.user && req.session){
done(null, false, {message: 'User is already logged in, signup illegal'});
}
else{
db.User.findOne({ where: {email : email }})
.then(function(user) {
if(user !== null) {
done(null, false, {message: 'User already exists'});
}
else{
//create user yada yada
}
})
.catch(function(err){
return done(null, false, {message: err});
});
}
}
));
You can use a username in conjunction with an email by getting the field from the body.
req.body.username;

Authenticating username and password fails - client session

I am trying to adapt some code taken from:
https://github.com/expressjs/express/blob/master/examples/auth/index.js
and incorporate into a login form. The issue is that when running the code and selecting the login button the following is logged in the console:
POST /login
Authenticating undefined:foobar
Authentication failed, please check your username and password. (use "tj" and "foobar")
I'm unsure as to why the user is being returned as undefined when I am inputting tj and foobar as the login and password.
HTML:
<div class="login">
<form method="post" action="/login">
<p><input type="text" name="login" value="" placeholder="Username"></p>
<p><input type="password" name="password" value="" placeholder="Password"></p>
<p class="remember_me">
<label>
<input type="checkbox" name="remember_me" id="remember_me">
Remember me on this computer
</label>
</p>
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</div>
<div class="login-help">
<p>Forgot your password? Click here to reset it.</p>
</div>
JS:
/**
* Module dependencies.
*/
var express = require('express');
var hash = require('./pass').hash;
var bodyParser = require('body-parser');
var session = require('client-sessions');
var app = module.exports = express();
// dummy database
var users = {
tj: { name: 'tj' }
};
// when you create a user, generate a salt
// and hash the password ('foobar' is the pass here)
hash('foobar', function (err, salt, hash){
if (err) throw err;
// store the salt & hash in the "db"
users.tj.salt = salt;
users.tj.hash = hash;
});
// check if user is logged in, if not redirect them to the index
function requireLogin (req, res, next) {
if (!req.user) {
res.redirect('/');
} else {
next();
}
};
// Authenticate using our plain-object database
function authenticate(name, pass, fn) {
if (!module.parent) console.log('Authenticating %s:%s', name, pass);
var user = users[name];
// query the db for the given username
if (!user) return fn(new Error('cannot find user'));
// apply the same algorithm to the POSTed password, applying
// the hash against the pass / salt, if there is a match we
// found the user
hash(pass, user.salt, function(err, hash){
if (err) return fn(err);
if (hash == user.hash) return fn(null, user);
fn(new Error('invalid password'));
});
}
app.post('/login', function (req, res){
console.log("POST /login")
authenticate(req.body.username, req.body.password, function(err, user){
if (user) {
// Regenerate session when signing in
// to prevent fixation
req.session.regenerate(function(){
// Store the user's primary key
// in the session store to be retrieved,
// or in this case the entire user object
req.session.user = user;
/*req.session.success = 'Authenticated as ' + user.name
+ ' click to logout. '
+ ' You may now access /restricted.';*/
res.redirect('/queryInterface.html');
});
} else {
console.log('Authentication failed, please check your '
+ ' username and password.'
+ ' (use "tj" and "foobar")');
res.redirect('/');
}
});
});

You are seeing the user as undefined because you are using req.body to access an undefined input field.
You are authenticating with req.body.username, but your input field has the name login.
req.body is populated with the names of your input fields. Your input should look like this when trying to access the username by req.body.username.
<input type="text" name="username" value="" placeholder="Username">

can not set property of undefined in node.js

I have taken the code from here:
link
Snapshot of error:
I get error at newUser.local.email = email;
of this code:
passport.use('local-signup',
new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error
if (err)
return done(err);
// check to see if theres already a user with that email
if (user) {
return done(null, false, req.flash('signupMessage', 'That email is already taken.'));
} else {
// if there is no user with that email
// create the user
var newUser = new User();
// set the user's local credentials
newUser.local.email = email;
newUser.local.password = newUser.generateHash(password);
// save the user
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}));
In Sample------> models.
I have User.js that contains the schema for User sign up.
and looks like this:
var userSchema = new mongoose.Schema({
email: String,
password: String,
});
What looks wrong here?Can I please get some directions?