Accessing session in everyauth.password?

Question

I'm working on a node express app, and I've got it working well with the Facebook authentication already. I'm now attempting to enable our own email/password login and running it to a roadblock. With Facebook I am able to access and write to the session during auth:

everyauth.faceboook
    // Basic stuff
    .findOrCreateUser( function( sess, accessToken, extra, fbUser) {
        var promise = this.Promise();
        sess.myvar = myvar

        // Find user in DB, etc
        promise.fulfill(fbUser);
        return promise()

This works great as I can save some stuff I need later to the session right in this method. But I'm not sure how to do the same thing when using everyauth password login:

everyauth.password
    // Basic stuff
    .authenticate( function(email, password) {
        var promise = this.Promise();             
        // Create new user in DB, etc

        // Now I need to save stuff to the session but I'm not sure how to access
        // it in here...
        promise.fulfill(newUser)
        return promise

So is there any way to access the session in the authenticate and login methods (which use the same API) of everyauth.password?

score 0 · Accepted Answer · answered Jun 24 '12 at 14:10

0

You can't access the session from your .authenticate function, and what you're trying to do here feels wrong. Your .authenticate function should simply be looking up the user by the login parameter, validating that the password parameter matches the user's password and then returning the user object for that user via the callback. If you want to use everyauth to also create users you should be using the .validateRegistration and .registerUser functions.

answered Jun 24 '12 at 14:10

JohnnyHK

305,182
66
621
471

Okay - thanks. I am definitely misusing the authenticate function right now and will change that. But if I want to use .registerUser to create a new user - can I access the session in there at least? – BlueMoon Jun 24 '12 at 22:33
No, you cannot. So that's a good sign that what you're trying to do is a little unusual. You may need to implement your own `.addToSession` function that performs the standard functions and whatever else you need done as well. What are you saving in the session that can only be determined during user creation? – JohnnyHK Jun 24 '12 at 23:15
Basically I was planning to save a flag in the session that indicates whether the user is a new one (i.e. just went through registration) or a returning user. I think the better way to do this, based on what you've said, is likely to store that in the user model itself, and then I can access it through req.user on the next page when I need to determine to display the new user flow or not. – BlueMoon Jun 25 '12 at 18:49
Right -- putting that information in the user object would be the typical way to handle this. – JohnnyHK Jun 25 '12 at 18:52

Accessing session in everyauth.password?

1 Answers1