krakenjs / kraken-example-with-passport Goto Github PK

Is there a way to extend this example to show a common OAuth2 strategy? I upgraded to the latest KrakenJS and rebuilt the controllers from pre 1.x version app, and changed auth.js and other /lib/ files like spec.js, crypto.js, user.js.

Now if I wanted to use an OAuth strategy I assumed all I would have to do was:

• npm install the additional strategy module
• add the strategy export to auth.js
• change the spec.js to use the new strategy export from auth.js
• add callback route with passport.authorize({some strategy name}, ...) that redirects to logged in view

Every step of the way the app failed, complaining about one thing after another. I finally had to comment out all the spec.js and user.js mentions and create a new oauth.js lib and import in index.js main server file. It still failed complaining about not finding the strategy name.

I then imported passport in index.js and declared it to .use(new strategy export) and it got further and now I get the following errors:

Internal server error

The URL /auth/callback?code=zrmmdTI1j2QSP2Ht had the following error failed to obtain access token (status: 403 data: {"error":"invalid_grant","error_description":"Invalid authorization code"})

I then added express-session and cookie-parser thinking for some reason during redirects it was losing the code or token, but still same error. Is there any way to extend this app and show a working example of a popular OAuth strategy instead of just the Mongo-based local strategy so others can see what might be wrong or what missing pieces or NPM dependencies Kraken needs?

Thanks so much!

Environment :
Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-48-generic x86_64)
node v0.12.2
npm v2.7.4
node-gyp v1.0.3

npm i fails on installing bcrypt

Here's the error :
gyp ERR! build error
gyp ERR! stack Error:makefailed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/home/ubuntu/.nvm/versions/node/v0.12.2/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:269:23)
gyp ERR! stack at ChildProcess.emit (events.js:110:17)
gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:1074:12)
gyp ERR! System Linux 3.13.0-48-generic
gyp ERR! command "node" "/home/ubuntu/.nvm/versions/node/v0.12.2/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /home/ubuntu/kraken-examples/with.passport/node_modules/bcrypt
gyp ERR! node -v v0.12.2
gyp ERR! node-gyp -v v1.0.3
gyp ERR! not ok
npm ERR! Linux 3.13.0-48-generic
npm ERR! argv "/home/ubuntu/.nvm/versions/node/v0.12.2/bin/node" "/home/ubuntu/.nvm/versions/node/v0.12.2/bin/npm" "i" "bcrypt"
npm ERR! node v0.12.2
npm ERR! npm v2.7.4
npm ERR! code ELIFECYCLE

Instead of going through the hassle of debugging node-gyp issues, an easy fix is to change the version in package.json to "^0.8.1", which is probably better anyway.

I was just going through the repo and recreating the setup for passport-local on one of my projects and when i go to my /login route i'm getting the message below. Inside of the cli i also get undefined for req.flash. Wondering if there is anything i'm missing. I did the following

1. Added connect-flash to the config.json
2. Installed the npm package connect-flash
3. Setup all the lib files exactly the same
4. Included the LocalStrategy within my login controller

controllers/login/index.js

'use strict';

var LoginModel = require('../../models/login');
var passport = require('passport');

module.exports = function(router) {
  var model = new LoginModel();

  router.get('/', function(req, res) {
    console.log(req.flash); // undefined
    model.messages = req.flash('error');
    res.render('login', model);
  });

  router.post('/', function(req, res) {
    console.log(req, res);

    passport.authenticate('local', {
      successRedirect: req.session.goingTo || '/',
      failureRedirect: '/login',
      failureFlash: true
    })(req, res);  // seems to be erroring here.
  });

};

At this point i've went through most of the files and can't seem to trace why the req object wouldn't include flash. Let me know if you need to see anything else specifically, Thanks!

It seems that it would be better to use the built-in crypto module. It's basically a binding to OpenSSL, a fast, stable, secure, and well-vetted crypto library. Bonus: one less external dependency---and one that has to be BUILT at that (things that need node-gyp create slower npm i times, always nice to avoid).

If you're looking to encrypt data, all you have to do is call crypto.createCipher, which returns a readable/writable Stream. Write data into the stream and it will emit data events with the encrypted data.

For example:

var stream = crypto.createCipher('aes192', 'mysecretpassword');
stream.on('data', function(enc) {
    // enc is a `Buffer` with a chunk of encrypted data
});

stream.write('some secret data');
stream.end();

Hey I just started trying Kraken out and I'm seeing this repo to config passport into Kraken.

I've pretty much figured it out but now isAuthenticated is called when I go to root route ('/') and even on /login, which it shouldn't.

Is there something I'm missing? Where can I find the file where we control this?

Hi, and thanks for this extremely educational tutorial!

One question, I want to protect a route that looks like "/list/:listname", how do I add that to the access maps in auth.js? Do I have to?

Thanks again, Kraken is damn awesome!

So i just ran into a weird issue where in my schema for user i have a column that has a ref set to Purchases. Like the code below

purchases: [{ type: Schema.Types.ObjectId, ref: 'Purchase' }],

Within my lib/auth.js file when calling User.findOne i'm also calling populate('purchases') which i noticed is pulling in the purchases since i can console.log(user.purchases) fine within.exec()`

// Helper method to retrieve user from a local DB to ensure the provided password matches
exports.localStrategy = function() {
  return new LocalStrategy(function(username, password, done) {

    // Retrieve the user from the database
    User.findOne({ login: username })
      .populate('purchases')
      .exec(function(err, user) {
        console.log('user.purchases', user.purchases);
        if (err) return done(err);

        if (!user) {
          return done(null, false, {
            message: 'User not found'
          });
        }

        if (!user.passwordMatches(password)) {
          return done(null, false, {
            message: 'Incorrect Password'
          });
        }

        // If everything passes, return the retrieved user object
        done(null, user);
      });
  });
};

but for some reason when i use res.user within my controller or anywhere else it doesn't have the purchases populated it only shows the object id of the purchase. Is there something i'm missing or doing wrong? Let me know if you need more context. Thanks!

I can see this either way ... app.less has unused styles, but I can see that it might be convenient to keep app.less more or less the same across kraken-example-* projects.

For example, the following style rule caught my attention, since it is usually frowned upon to write style rules that have a trailing universal selector: .lang * { ... }

In this example using the 'auth' library routes that require authentication are specified, in this case they: /admin & /profile, but if I have the role of 'user' and there the route: /admin/whatever I can get on that route.

Sorry for my english

Hi,
It would be really great if this example was updated with newest kraken and passport.
Is that a possibility?

This is copied from https://github.com/krakenjs/kraken-examples/issues/42 on the original combined example repository. Will fix it here and close both once fixed. Please track progress here.

Original issue description from @klall

In https://github.com/krakenjs/kraken-examples/blob/master/with.passport/controllers/index.js#L27

this line exists:

    router.get('/admin', auth.isAuthenticated('admin'), auth.injectUser(), function(req, res) {

However, parameters such as 'admin' are not really used in https://github.com/krakenjs/kraken-examples/blob/master/with.passport/lib/auth.js#L57

As well don't we already invoke isAuthenticated for each route?

https://github.com/krakenjs/kraken-examples/blob/master/with.passport/config/config.json#L89

If I change the line to:

    router.get('/admin',  function(req, res) {

the code should work as expected no?

I noticed requirejs is a dependency, but I don't see where it is used. Perhaps there was a thought of using it, but it didn't materialize? (npm uninstall requirejs .. site runs fine without it, so do builds.)

It would be GREAT if this included a proper registration flow example. It could include the option of requiring email verification, and sending the registration email (to verify email address) using sendgrid or mandril (or insert_popular_email_service_here).

The AdminModel appears to be meaningless indirection. I removed it, and I also removed the unused reference to auth that is in controllers/index.js.

My controllers/index.js file now looks like this (notice that /admin simply uses profilemodel, because the admin is just a user who happens to have a role of admin):

'use strict';


var IndexModel = require('../models/index'),
    ProfileModel = require('../models/profile');


module.exports = function (router) {

    var indexmodel = new IndexModel();
    var profilemodel = new ProfileModel();

    router.get('/', function (req, res) {
        res.render('index', indexmodel);
    });

    router.get('/profile', function(req, res) {
        res.render('profile', profilemodel);
    });

    router.get('/admin', function(req, res) {
        res.render('admin', profilemodel);
    });

    /**
     * Allow the users to log out
     */
    router.get('/logout', function (req, res) {
        req.logout();
        res.redirect('/login');
    });

};

This is copied from https://github.com/krakenjs/kraken-examples/issues/40 on the original combined example repository. Will fix it here and close both once fixed. Please track progress here.

Original issue description from @aredridel
When running grunt test, "cryptConfig = config.get('bcrypt');" (ln 24, lib/spec.js) is coming up as undefined...

Uncaught TypeError: Cannot read property 'difficulty' of undefined

This issue cloned from krakenjs/kraken-js#302