derbyparty / derby-login Goto Github PK

I'm requiring derby-login components like so in my app app.use(require('derby-login/components/noAuth'));.

In my templates, I use the views <view is="auth:login"></view> and <view is="auth:register"></view>, but when I click the login or register buttons it always calls the resetpassword route and I get an error on the front-end: "secret field missing".

I don't know if this is because resetpassword is the last component being loaded in noAuth and overwrites all of the other components:

module.exports = function(app, options) {
  app.component(require('./login'));
  app.component(require('./recoverPassword'));
  app.component(require('./register'));
  app.component(require('./resetPassword'));
};

derby version: ^0.10.3

getUserByEmail transfroms the email to lower case.
But registration doesn't transform email to lower case.
So it is possible to register [email protected] and then [email protected]

Hi,
Switching from version 0.2 to 0.3 the login module seems to not accept the urlWhiteList in the configuration object (which was added with pull request #10 ).

Is it intended to be this way?
Would it be possibile to get that behaviour back?

Thanks for your work!

I took clean derby-login-example application and made one successfull registration (with email). In MongoDB I had one unconfirmed 'local' account.

After that I tried to register with new email. It caused registration providerExists error: 'User is already registered with this provider'.

After successfull confirmation of first account this error disappeared.

Could you help or explain me this issue?

Hello.
In config/login.js I overrided request hook, for example:

hooks :{
    request: function(req, res, userId, isAuthenticated, done) {
        //denide work resourse for all not authenticated users
        var work_url = config.WORK_URL;
        if (!isAuthenticated && req.url.substring(0, work_url.length) == work_url){
            return res.redirect(this.options.loginUrl);
        };

       if (false && !isAuthenticated && req.method === 'GET' &&
            req.url !== this.options.confirmRegistrationUrl &&
            req.url !== this.options.loginUrl &&
            req.url !== this.options.registrationConfirmedUrl &&
            req.url.indexOf(this.options.recoverPasswordUrl) !== 0 &&
            req.url.indexOf('/auth/') !== 0) {
                return res.redirect(this.options.loginUrl);
        };
       done();
}, ...

When I make request in http://localhost:5555/work/smthsubres it works (in this case I wrote url in browser's url field).
But if I have got link on my root page like

<a href="/work/smthsubres">work link</a>

and use it, in this case hook don't works and not-authenticated users must to make requests in work resourse.

Could you explain, I do something wrong? Or it is lib's bug or feature?

zhe@zhe-X550CL:~/projects/nodes/derby-login-example$ npm start

[email protected] start /home/zhe/projects/nodes/derby-login-example
node server.js

Master pid 28526

/home/zhe/projects/nodes/derby-login-example/server.js:38
app.writeScripts(store, publicDir, {extensions: ['.coffee']}, function(e
^
TypeError: Object # has no method 'writeScripts'
at bundleApp (/home/zhe/projects/nodes/derby-login-example/server.js:38:11)
at /home/zhe/projects/nodes/derby-login-example/node_modules/async/lib/async.js:125:13
at Array.forEach (native)
at _each (/home/zhe/projects/nodes/derby-login-example/node_modules/async/lib/async.js:46:24)
at Object.async.each (/home/zhe/projects/nodes/derby-login-example/node_modules/async/lib/async.js:124:9)
at /home/zhe/projects/nodes/derby-login-example/server.js:30:11
at module.exports (/home/zhe/projects/nodes/derby-login-example/server/express.js:49:3)
at /home/zhe/projects/nodes/derby-login-example/server.js:25:3
at Racer.Derby.run (/home/zhe/projects/nodes/derby-login-example/node_modules/derby/lib/Derby.server.js:14:5)
at Object. (/home/zhe/projects/nodes/derby-login-example/server.js:9:7)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:906:3

The wrong way, redirect by default to "/login" for all queries.

// Request hook executes on every request before it goes to app, it's good place
    // to restrict access to some urls
    request: function(req, res, userId, isAuthenticated, done) {
      // Redirect all unAuth GET requests to loginUrl
      if (!isAuthenticated && req.method === 'GET' &&
        req.url !== this.options.confirmRegistrationUrl &&
        req.url !== this.options.loginUrl &&
        req.url !== this.options.registrationConfirmedUrl &&
        req.url.indexOf(this.options.recoverPasswordUrl) !== 0 &&
        req.url.indexOf('/auth/') !== 0) {
        return res.redirect(this.options.loginUrl);
      }
      done();
    },

Привет.
Здесь показано как инициировать RPC но без авторизации пример не полный, можно ли как-то вытащить сессию и текущего пользователя из client?

I have this route:

app.get '/', (page, model, params, next) ->
  user = model.get '_session.user'
  # ...

When page is rendered on the client side user is undefined.

@vmakhaev can you help me with this issue?

Hi,
I found a strange behaviour when my login is autofill by the browser.

Basically when the page is loaded and the browser (firefox 35.0.1) fills the user and password for me.
If I click the Login button right away the "missing credentials" error is given to me.
On the server side I receive email and password as undefined.
I believe this is because the model didn't received the input by the user, so data[field] = this.model.get(field) in the base class returns undefined.

The strange thing is that if I than remove both fields, start typing the user and select the one I want from the browser saved credentials dropdown, and the browser fills up the fields for me, then I can succesfully login - even though I didn't filled up the password at all, and I partially filled the email field.

To solve this behaviour I tried to get the field data directly from the dom, with somehting like data[field] = this.model.get(field) || this.dom.getElementById(field).value, but there's no such function, as I didn't find other functions which allows me to get a dom element refence from the dom object inside a component.

Any Idea? Is it happening only to me?

Thanks a lot!
Cheers

Hi @vmakhaev,
As a further enhancement I would suggest to use scrypt instead of bcrypt. At the moment it seems the best choince for password hashing against software and hardware cracking.
Of course this is not a necessary change, just the cherry on the top of the cake ;)
When I'll have a little bit of time, I'll try to make a pull request if you didn't do it yet.

Thanks again for all your work!
Cheers, M.

This issue is for discussion more than an issue itself.

About the error handling, I think would be better to use our Error class with two data fields: type and message.
This would allow us to check which kind of error we receive from the API against predefined keywords, instead of checking strings as we need to do now, which would allow us to support localization in errors more easily.

If you agree I may do a PR to be discussed.

As I can see, route '/auth/login' (https://github.com/derbyparty/derby-login/blob/master/lib/routes.js#L35) provides custom callback for passport.authenticate. As a result, after success login, I'm getting to / instead of what I've set in options.passport.successRedirect.

Is it possible to define custom redirect urls after having logged in with a provider?

Example: To login, now I send the user to "/auth/facebook". After they have logged in I'd like to send them to different locations based on the situation.
I can't simply define a session variable before they reach /auth/facebook, and then read it after login, because the login process changes the session id (and therefore the session is lost after login).

Ideally I could define a redirect url by sending the users to "/auth/facebook?redirect=%2Fmy-fancy-redirect" and derby-login would handle it for me.

Hello,

I am using GitHub OAuth on derby-login v1.1.1 . Authentication seems to work correctly after I access /auth/github. However, logging out does not seem to work. I tried /auth/logout and /auth/github/logout. None of these seem to set _session.loggedIn to false or delete it.

I noticed that the logout function deletes the user id on the Express session object

Am I missing something? Any suggested ways to achieve logging out? Thank you.