Koa Passport authenticate

Question

I am making a simple signup app using Koa, koa-passport, passport-local and koa-joi-router which is only used to validate body json. Examples suggest the use of passport.authenticate like this:

router.route({
  method: 'post',
  path: '/signup',
  validate: {
    type: 'json',
    body: {
      username: Joi.string().required(),
      password: Joi.string().required()
    }
  },
  async handler(ctx, next) {
    const body: {
      username: string,
      password: string,
    } = ctx.request.body;

    try {
      await User.createAndSave(body.username, body.password);
      return passport.authenticate('local', async (error, user, info, status) => {
        if(error) {
          ctx.throw(500);
        } else if(user) {
          await ctx.login(user);
        } else {
          ctx.throw(400);
        }
      })(ctx, next);
    } catch {
      ctx.throw(500);
    }
  }
}

As you can see I first enter the user into my database and then call passport.authenticate but weirdly, do not pass the username or password of the user to it. So how is that function supposed to know which user I want it to find?

You aren't finding any user in this code. It's a user signup example, where username & password are sent to a route for signing up as part of request body. Makes sense? — Shumail
@Shumail But how does that function know how I've named those field. Instead of username it could be admin_username for example. Also, the user is in my database when the first call(User.createAndSave) is completed so there must be some finding being done on passport.authenticate, right? — Komninos

Komninos Komninos · Accepted Answer · 2019-09-19T18:57:02

After a bit of searching, I found that the username and password body field names are set in the passport-local package. Reference

Koa Passport authenticate

1 Answers