1

I'm trying to pass login information from a form via angular to a back-end express endpoint. The passport middleware that is doing the authentication fails every time and goes to the failure redirect. The trouble is that I can't find via documentation what POST parameters it's expecting, or what it's doing with them. Is this a failure of the strategy I'm using (a plugin via userapp.io) or is the actual username/password wrong?

The login endpoint looks like this:

router.post('/login', passport.authenticate('userapp', {
    failureRedirect: '#/login',
    failureFlash: 'Invalid username or password',
    successFlash: 'Welcome!' }),
    function (req, res) {
            res.cookie(SESSION_TOKEN, req.user.token);
            res.redirect('/');
        });

(Note that this is eventually connected to /auth/login, which matches the post action below)

The form that submits to that endpoint looks like this:

<form method='post' action='/auth/login'>
    <input name="login" placeholder="Username"><br>
    <input name="password" placeholder="Password" type="password"><br>
    <p><button type="submit">Log in</button></p>

    <p ng-show="loading"><img src="https://app.userapp.io/img/ajax-loader-transparent.gif"></p>
    <p ng-show="error">{{ error.message }}</p>
</form>

Is this submitting the data to the endpoint correctly, and how can I go about further debugging what's happening? Observed behavior right now is simply that login fails and the user ends up at the failureRedirect.

Another option I'm aware of is to use the ua-login directive shown in this example instead of my own form. The trouble there is that there seems to be some undocumented configuration magic; using the ua-login directive results in attempts for the client to post to a non-existant URL. Existing tutorials don't seem to indicate what configuration is necessary to make ua-login work.

FrobberOfBits
  • 17,634
  • 4
  • 52
  • 86
  • you can log `req.body` before giving everything to passport. just add another function before that that logs the parameters and calls `next()`. `router.post('/login', function (req, res, next) { console.log(req.body); next(); }, passport.authenticate('userapp' .....` – Aᴍɪʀ Dec 21 '15 at 21:38
  • And the action of your form is `/auth/login` while the route is `/login`. Is that intentional? – Aᴍɪʀ Dec 21 '15 at 21:39
  • @Amir the action is intentional; note in the question that the route is setup as /login but it's connected at /auth by another component. Also if the route were wrong the failure redirect wouldn't be happening, it would just 404. On the extra piece of middleware, I can add that -- but I already know what the request body is because my form specifies it. What I don't know is what the passport middleware is expecting to do the right thing. – FrobberOfBits Dec 21 '15 at 21:42
  • Passportjs expects two fields `username` and `password`. You can change yours from `login` to be `username` and see if the problem is solved. You can also change that defaults. I'll post the link to the docs in a minute. – Aᴍɪʀ Dec 21 '15 at 21:44
  • I posted that as an answer, hope it helps. If not, I'd be pleased to help you digging and finding the root of the problem. – Aᴍɪʀ Dec 21 '15 at 21:48

1 Answers1

1

You can change the default parameters (which is username and password) where you define the strategy.

According to the docs:

passport.use(new LocalStrategy({ // or whatever you want to use
    usernameField: 'login',    // define the parameter in req.body that passport can use as username and password
    passwordField: 'password'
  },
  function(username, password, done) { // depending on your strategy, you might not need this function ...
    // ...
  }
));

For that specific strategy you've mentioned (userapp), I looked at the source code. You can find those values here. If usernameField or passwordField is not present, the default value (username and password) will be used.

Aᴍɪʀ
  • 7,623
  • 3
  • 38
  • 52