Just can't get Passport.js to work

Question

edit: sorry it's so long now, added in the compiled JS! I also added Kevs suggestions.

I am developing a MEAN stack application (MongoDB, ExpressJS, Angular, NodeJS) and having a good time with it, especially with coffee script. My issue is that I can't get passport.js to work, every time it returns {success: false}. When I do a console.log in my LocalStrategy function it seems it's never even being called. Any idea why?

Some snippets

server.coffee (main file)

...
Account = mongoose.model 'account'

passport.use 'local-login', new LocalStrategy (_username, password, done) ->
  Account.findOne {username:_username}, (error, user) ->
    if error
      done error
    if not user
      done null, false, {message:'Incorrect username.'}
    done null,user
passport.serializeUser (user, done) ->
  console.log 'serialize user'
  if user
    done null, user
passport.deserializeUser (id, done) ->
  Account.findOne({_id:id}).exec (error, user) ->
    if user
      return done null, user
    else
      return done null, false
...

compiled js

...
Account = mongoose.model('account');

  passport.use('local-login', new LocalStrategy(function(_username, password, done) {
    return Account.findOne({
      username: _username
    }, function(error, user) {
      if (error) {
        done(error);
      }
      if (!user) {
        done(null, false, {
          message: 'Incorrect username.'
        });
      }
      return done(null, user);
    });
  }));

  passport.serializeUser(function(user, done) {
    console.log('serialize user');
    if (user) {
      return done(null, user);
    }
  });

  passport.deserializeUser(function(id, done) {
    return Account.findOne({
      _id: id
    }).exec(function(error, user) {
      if (user) {
        return done(null, user);
      } else {
        return done(null, false);
      }
    });
  });
...

routes.coffee

...
  app.post '/login', (request, result, next) ->
    auth = passport.authenticate 'local-login', (err, user) ->
      if err
        next err
      if not user
        result.send {success:false}
      request.logIn user, (err) ->
        if err
          next err
        result.send {success:true}
    auth request, result, next
...

compiled js

...
    app.post('/login', function(request, result, next) {
      var auth;
      auth = passport.authenticate('local-login', function(err, user, info) {
        if (err) {
          next(err);
        }
        if (!user) {
          result.send({
            success: false
          });
        }
        return request.logIn(user, function(err) {
          if (err) {
            next(err);
          }
          return result.send({
            success: true
          });
        });
      });
      return auth(request, result, next);
    });
...

mongo.coffee

...
  accountSchema = mongoose.Schema {
    username: String
    firstname: String
    lastname: String
    email: String
  }

  Account = mongoose.model 'account', accountSchema

  Account.find({}).exec (error, collection) ->
    if collection.length == 0
      Account.create {
        username: 'alex'
        firstname: 'Alex'
        lastname: 'Hxxx'
        email: 'axxxxx@gmail.com'
      }
...

compiled js

  module.exports = function(config) {
    var Account, accountSchema, db;
    mongoose.connect("mongodb://" + config.db_host + "/" + config.db_name);
    db = mongoose.connection;
    db.on('error', function() {
      return console.error('Database connection error');
    });
    db.once('open', function() {
      return console.log('Database connection established');
    });
    accountSchema = mongoose.Schema({
      username: String,
      firstname: String,
      lastname: String,
      email: String
    });
    Account = mongoose.model('account', accountSchema);
    return Account.find({}).exec(function(error, collection) {
      if (collection.length === 0) {
        return Account.create({
          username: 'alex',
          firstname: 'Alex',
          lastname: 'Hxxx',
          email: 'axxxxxxxxx@gmail.com'
        });
      }
    });
  };

express.coffee

...
  app.use cookie-parser(config.cookiesecret)
  app.use session {secret: config.sessionsecret}
  app.use passport.initialize()
  app.use passport.session()
  app.use bodyParser()
...

compiled js

...
  app.use(cookie-parser(config.cookiesecret));
  app.use(session({
    secret: config.sessionsecret
  }));
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(bodyParser());
...

my angular login controller

app.controller 'loginCtrl', ['$scope', '$http', ($scope, $http) ->
  $scope.login = (username, password) -> 
    $http.post('/login', {username: username, password: password}).then (response) ->
      console.log response.data
      if response.data.success
        console.log "Logged in as #{username}"
      else
        console.log "Failed to login as #{username}"
]

compiled js

  app.controller('loginCtrl', [
    '$scope', '$http', function($scope, $http) {
      return $scope.login = function(username, password) {
        return $http.post('/login', {
          username: username,
          password: password
        }).then(function(response) {
          console.log(response.data);
          if (response.data.success) {
            return console.log("Logged in as " + username);
          } else {
            return console.log("Failed to login as " + username);
          }
        });
      };
    }
  ]);

and my login form (jade):

h3 Login
  form(ng-controller="loginCtrl")
    .row
      .columns.small-12.large-12
        form
          label Username
          input(placeholder="username",name="username",type="text",ng-model="username")
          label Password
          input(placeholder="password",name="password",type="password",no-model="password")
          div(align="center")
            button.button(ng-click="login(username,password)") Login
            span  
            a.button(href="/user/Register") Register

The sample user is being created fine so mongoose is okay and is all set up before I start working with passport. I've followed a few different tutorials and it's driving me crazy!

Answer 1

You're not setting the initial parameter of passport.use and passing the req back to the callback for example - from my code:

passport.use('local-login', new LocalStrategy({
    // by default, local strategy uses username and password, we will override with email
    usernameField : 'email',
    passwordField : 'password',
    passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) {

    // asynchronous
    // User.findOne wont fire unless data is sent back
    process.nextTick(function() {

      db.Account.findOne( { ...

You can then authenticate using:

passport.authenticate('local-login',function(err,user,info){

In your case you are calling passport.authenticate 'local' so your first parameter in passport.use should be 'local' so that it calls the correct strategy

Answer 2

My passport strategies are almost identical, with one exception: serializing user to its _id property. I suspect that might be the problem, since in your deserialize method you are using the _id directly, but passing done null, user in serialize.

passport.serializeUser (user, done) ->
  if user
    done null, user?._id

Answer 3

I think its even simpler than the answers posted here. you need if error? and if not user? with the ?s. Without the ?s, it does a true/false check, but with the ?s it does a null check which is what you want.

Try this code:

Account = mongoose.model 'account'

passport.use 'local-login', new LocalStrategy (_username, password, done) ->
    Account.findOne {username:_username}, (error, user) ->
        if error?
            done error,null
        else if not user?
           done null, false, {message:'Incorrect username.'}
        else
           done null,user
passport.serializeUser (user, done) ->
   console.log 'serialize user'
   if user?
       done null, user._id
passport.deserializeUser (id, done) ->
    Account.findOne({_id:id}).exec (error, user) ->
        if user?
            return done null, user
        else
            return done null, false