0

Newbie here... I'm working on a password reset form so I'm only passing an email in my POST form. I'm getting a Missing credentials error msg and I'm not even getting to the strategy I made for this feature so I'm not getting to query against UserModel. What could be causing this error?

My code is as follows:

password_reset_request.html:

<div class="modal fade" id="passwordresetrequest-modal" tabindex="-1" role="dialog" aria-labelledby="passwordresetrequestLabel" aria-hidden="true" style="display: none;">
  <div class="modal-dialog">
        <div class="signup-modal-container">
      <form class="form-signin" action="/password_reset_request" id="password_reset_request_form" method="post">
        <h2 class="form-signin-heading">Request Password Reset for BIDS</h2>
        <label for="email" class="sr-only">Email address</label>
        <input type="email" name="email" id="email" class="form-control" placeholder="Email address" required="" autofocus="">
        <button class="btn btn-lg btn-primary btn-block" name="reset_request" type="submit">Send Password Reset Email</button>
      </form>
    </div>
    </div>
</div>

app.js:

var express = require("express");
var bodyParser = require("body-parser");
var passport = require("passport");
...
var app = express();
app.use(bodyParser.urlencoded({ extended: true }));
require("./config/passport")(passport);
...

index.js:

  app.post("/password_reset_request", function(req, res, next) {
    passport.authenticate("local-password-reset-request", function(err, user, info) {
      // NOTE: I'm getting a "null" value for my "err" param.
      // NOTE: the "info" param is where I'm getting my "message: 'Missing credentials'" message.
      if (err) {
        return next(err);
      }
      if (!user) {
        req.flash("error", "Reset failed, no such email.");
        return res.redirect("/");
      }
    })(req, res, next);
  });

passport.js:

  passport.use("local-password-reset-request", new LocalStrategy({
    usernameField: "email",
    passReqToCallback: true
  }, function(req, username, done) {
    new UserModel.User({ email: email }).fetch().then(function(user) {
      // if no user is found, return the message
      if (!user)
        return done(null, false, req.flash("loginMessage", "No user found."));

      var new_password = randomstring.generate({
        length: 12,
        charset: 'alphabetic'
      });

      user
        .set('password', UserModel.generateHash(new_password))
        .save()
        .then(function() {
          console.log('new_password: ' + new_password);
          // Mailer.sendNewPasswordMail(
          //   user.get("email"),
          //   new_password,
          //   req.headers.host
          // );
          return done(null, user);
        })
        ;

      return done(null, user);
    });
  }));
goterpsgo
  • 307
  • 2
  • 18

1 Answers1

0

Turns out when I use LocalStrategy I need to provide both a usernameField AND a passwordField. Since I'm not actually using that passwordField value I pass any non-blank value and simply ignore it.

goterpsgo
  • 307
  • 2
  • 18