passport local strategy not getting called

51
votes

I'm sure I'm missing something really obvious here, but I can't figure this out. The function I've passed to the LocalStrategy constructor doesn't get called when the login form gets submitted.

Code:

var express = require('express');
var http = require('http');
var path = require('path');
var swig = require('swig');
var passport = require('passport');

var LocalStrategy = require('passport-local').Strategy;

passport.serializeUser(function(user, done) {
  console.log('Serialize user called.');
  done(null, user.name);
});

passport.deserializeUser(function(id, done) {
  console.log('Deserialize user called.');
  return done(null, {name: 'Oliver'});
});

passport.use(new LocalStrategy(
  function(username, password, done) {
    console.log('local strategy called with: %s', username);
    return done(null, {name: username});
  }));

var app = express();

app.set('port', process.env.PORT || 3000);
app.set('view engine', 'swig');
app.set('views', __dirname + '/views');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser('asljASDR2084^^!'));
app.use(express.session());
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(require('less-middleware')({ src: __dirname + '/public' }));
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.errorHandler({ dumpExceptions:true, showStack:true }));

app.engine('swig', swig.renderFile);

app.post('/auth', passport.authenticate('local'));
app.get('/login', function(req, res) {
  // login is a simple form that posts username and password /auth
  res.render('login', {});
});

http.createServer(app).listen(app.get('port'), function(){
  console.log('Express server listening on port ' + app.get('port'));
});

The form on my /login page is cut and pasted from the passport docs except that I changed it to submit to /auth instead of /login:

<form action="/auth" method="post">
    <div>
        <label>Username:</label>
        <input type="text" name="username"/>
    </div>
    <div>
        <label>Password:</label>
        <input type="password" name="password"/>
    </div>
    <div>
        <input type="submit" value="Log In"/>
    </div>
</form>

When I sumit the login form, the following gets logged

GET /login 200 5ms - 432b
POST /auth 401 6ms

Note that "local strategy called" is never logged.

Why isn't the function I passed to LocalStrategy getting called?

15
node.jsexpresspassport.js

15 Answers

83
votes

I recently came across this problem and it can be caused by a number of things. First thing to check is ensuring that the bodyParser is set up for express, which I see that you have done.

app.use(express.bodyParser());

The next thing is ensuring that the form you are submitting to the route contains both a username AND password, and the user must also enter something in both fields. I was stumped for a bit testing it and not actually putting anything in the password field while testing :) Passport requires BOTH to execute the LocalStrategy verification function passed to passport.authenticate('local').

Your example also seems to be set up to capture both username and password properly, but in any case, you should try testing that the body is being parsed properly even without passport:

app.post('/auth', function(req, res){
  console.log("body parsing", req.body);
  //should be something like: {username: YOURUSERNAME, password: YOURPASSWORD}
});

Else

Did you try adding a request handler to your /auth route?

app.post('/auth', passport.authenticate('local'), function(req, res){
  console.log("passport user", req.user);
});

or

app.post('/auth', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/auth' }));
44
votes

I encountered the same problem when I set up my own route handler from which I called passport.authenticate (). I forgot that passport.authenticate returns middleware that must be invoked, so just calling passport.authenticate isn't sufficient. Then I replaced 

router.post("/",
 function(req,res,next){
   passport.authenticate("local", function(err, user, info){

    // handle succes or failure

  }); 
})

with

router.post("/",
 function(req,res,next){
   passport.authenticate("local", function(err, user, info){

    // handle succes or failure

  })(req,res,next); 
})
22
votes

You get 401 when you using different username, password input fields than the default ones. You have to provide that in your LocalStrategy like this :

passport.use(new LocalStrategy({
    usernameField: 'login',
    passwordField: 'password'
  },

  function(username, password, done) {
  ...
  }
));

Default is username and password I think. See the docs here.

9
votes

I think you submit the form with username or password field empty.

If you fill both inputs then submit, LocalStrategy will be called.

8
votes

For Express 4.x:

// Body parser
var bodyParser = require('body-parser');

app.use(bodyParser.urlencoded({ extended: false })) // parse application/x-www-form-urlencoded
app.use(bodyParser.json()) // parse application/json

c.f. https://github.com/expressjs/body-parser

5
votes

I also banged my head for the same problem for few hours. I was having everything in place as told by other answers like 1. Form was returning all fields. 2. body parser was setup correctly with extended:true 3. Passport with every setting and configuration.

But i have changed username field with phoneNumber and password. By changing code like below solved my problem

  passport.use('login', new LocalStrategy(
    {usernameField:'phoneNumber',
    passwordField:'password'},
    function (username, password, done) {

    // your login goes here
    })

);

If anyone want i can write the whole authentication procedure for phonenumber using mongodb and passport-local.

Thanks @user568109

4
votes

My problem was, that I had the enctype='multipart/form-data'. Just change that to multipart='urlencoded'. And I think that will solve it.

1
votes

To capture both username and passport make sure to add:

app.use(express.urlencoded());

In my case, I was using app.use(express.json()); and was posting the username and password from <form>.

0
votes

It's possible your request wasn't formatted properly (particularly the body of it) and your username and password weren't being sent when you thought they were.

Here is an example of an API call wrapper that enforces your request body is parsed as json:

Api = {};
Api.request = (route, options) => {
  options = options || {};

  options.method = options.method || 'GET';
  options.credentials = 'include';

  if (options.method === 'POST') {
    options.headers = {
      'Accept': 'application/json',
      'Content-Type': 'application/json',
    };
    options.body = JSON.stringify(options.data) || '{}';
  }

  fetch(absoluteUrl + '/api/' + route, options)
    .then((response) => response.json())
    .then(options.cb || (() => {}))
    .catch(function(error) {
      console.log(error);
    });
};

It can be used this way: 

Api.request('login', {
  data: {
    username: this.state.username,
    password: this.state.password
  },
  method: 'POST',
  cb: proxy((user) => {
    console.log(user);
  }, this)
});
0
votes

For me everything was setup properly.. The issue was that I was collecting form data and then creating a json from form data and send it like JSON.stringify(formdatajson) to server. (For me login form was a popup on screen)

I Found my mistake by debugging passportjs...

If you also have same problem and none of the above solution seems working for you then debug passportjs.

open 

strategy.js

put debugger in below method. 

Strategy.prototype.authenticate

Check what form data is coming for you. Hope this help ...

0
votes

  1. npm install passport-local

  2. var passport = require('passport') , LocalStrategy = require('passport-local').Strategy;

According to passportjs.org and it worked for me!

0
votes

Yet another possiblity: For me I had accidentally defined my routes before my body-parser middleware so body-parser was never active for the login route.

0
votes

Hope it always someone - in my case it was the fact that I tried I used passport middleware before cookieParser and express-session ones This was my code:

passportConfig(app);
app.use(cookieParser());
app.use(session({ secret: 'bla' }));

Changed passportConfig to be down and it worked:

app.use(cookieParser());
app.use(session({ secret: 'bla' }));
passportConfig(app);
0
votes

For me it wasn't working because i'd set different name in my login form to that in my passport.js ,It worked for me when i changed user.name in serializeUser to user.username.

passport.serializeUser(function (user, done) {
    done(null, user.username)
})

passport.deserializeUser(function (username, done) {
    Users.findOne({
        username: username
    }).then((user) => {
        if (!user) {
            return done(new Error("No such user"))
        }
        return done(null, user)
    }).catch((err) => {
        done(err)
    })
})
0
votes

Check your form in your views if you included a name property in the form or input type and it corresponds to the arguments passed to the localStrategy callback function.