Application Error
An error occurred in the application and your page could not be served. Please try again in a few moments.

If you are the application owner, check your logs for details.

Hello, there's a way to use Mustache + partials instead of jade as template engine?
Thanks.

Hello.

I am getting this error. I have tried installing python modules but I have a strong feeling that this isn't going to help and that I have to do something outside of node.js

This is an image of the error:
Any help would be appreciated. Thank you!

documentation says this:

exports.db = {
url: 'mongodb://127.0.0.1/',
name: 'test',
collection: 'users' // collection name for MongoDB
};

But how/where do I set username + password for the connection to mongodb server?

You mention in the docs:

You need a config.js somewhere in your app.

But its not mentioned where this file is to be referenced or placed.

Much of lockit is configurable. Thanks for that!

However, there are a few things that are still hard-coded, such as some of the error messages.

It would be great if these were also customizable.

Find a solution for rendering / passing in custom views / jade files.

next(err) instead console.log(err)

Thanks for this.

A couple questions:

I got this working with mailgun and cloudant and it just works, what do you recommend to write the actions after every action, redirection and stuff? how do you really secure a route? how do i change what happen on user registration? i want the database created at registration to be called something different and hace a particular design on it, how can i accomplish this?

I've tried to get the example app up and running but keep getting the following message:

Error: Cannot find module 'xtend'

Node v0.10.24
NPM v1.3.21
grunt-cli v0.1.11

Thanks.

Hi all, I am working on my first nodejs project so I'm still pretty new to all this, but I really enjoy working with lockit.

I'm trying to make the login persistant by changing the cookie expiration date, and can't find the solution... Should it be added as a config var ?

Instead of rendering views with res.render use res.json to communicate with the client.

In the config activate REST by setting exports.rest = true.

Hi zemirco,
I want to use a restful lockit with a non-restul lockit, which feeds all static pages while listen to ajax requests. There is no option to disable restful lockit from rendering, which make restful lockit won't work with non-restful lockit.
There are two approach to make it work, one is add options to add restful routers to a non-restful lockit, and the other is to add an option to disable rendering. I think the second approach is more clear.

Add one line to Lockit.prototype.rest

if (!this.config.rest.index) return;

This will prevent render pages if config.rest.index is not set.

Then I can use lockit as follow:

var Lockit = require('Lockit');
var express = require('express');
var restConfig;
var config;
var lockit = new Lockit(config);
var restLockit = new Lockit(restConfig);
app = express();
app.use(lockit.router)
app.use(restLockit.router);

Hi @zemirco. Awesome project! This is exactly what I've been looking for.

I was wondering if it would be possible to support a the ability to specify a custom adapter module? It looks like the getDatabase function restricts the possible adapter modules to the existing lockit-*-adapter family. My use case is I have a project that uses knex to access a postgress database and I'd like to keep all of my table migrations managed in the same place. So I'm a little wary about letting the lockit-sql-adapter sync a table under the hood with sequelize.

var Lockit = require('lockit');
var lockit_a = new Lockit(config_a);
var lockit_b = new Lockit(config_b);
console.log(lockit_a.config === lockit_b.config);

This will output a true, and it's caused by the code in lockit/index.js, line 34:

this.config = extend(true, configDefault, this.config);

All instances' config is point to configDefault.

Is there any method I can call to return who i am logged in on browser side? I need this information to pass to different form on the page.

I see no configuration option in the documentation for this... What is the default expire time for each session?

Also, I noticed that if you log in twice with the same account on two different browsers (let's call them session1 and session2) and you log out from session2, then you will stay logged in in session1. Is this on purpose? I think it's a security problem.

It looks like name is intended to be username, and not the user's name, as it must be unique. Email must also be unique. It is common, and arguably a better user experience to only require email, as it already must be unique, instead of requiring two fields that have to be unique. Also, a user may forget the username they invented for your site---because it has to be unique for your site, so someone else could have taken the one they wanted---but they are less likely to forget their email address, and if email address requires verification, then nobody else can take their email address on your site.

Personally, I'd much rather just treat email address as username, and dispense with username field.

I suppose I could hack it by creating a hidden field and have javascript copy the email address into the username field just before form submit ... but I'd rather not even have a username field in my database.

Nope, can't hack it that way. Gives error: "Username may not contain any non-url-safe characters." .. but you can still hack it, just with a hack that looks worse by the minute .. javascript runs encodeURIComponent on the email address first, or you might just replace @ with -at- .. then pastes it into the hidden field.

Is there easy way to add authorization to lockit? Authentication is important, authorization should be part of security package.

old

lockit(app);

new

app.use(lockit);

Where each module makes use of the new Router

var express = require('express');
var router = express.Router();

router.get('/signup', function(req, res, next) {
  // ...
});

module.exports = router;

No more passing around app.

I have tried asin this post http://stackoverflow.com/questions/25320313/couchdb-with-nodejs-authentication-solution and as the instructions on the readme, and i cant keep it running

sequelize query-generator.js line 42 InnoDB --- MyISAM
create-table-tests.js line 71 ,72 InnoDB --- MyISAM

Hey!

I'm testing lockit and want to know about the login process...

How can I read about this process?

Is there a more complete documentation?

Thank you!

It seems that the emailSettings are not being passed on to the smtpTransport, since I specified them and digging in to Email.prototype.send, line 58, the emailSettings are not being passed on and, due to that, I got an ECONNREFUSED:

// send email with nodemailer
var transporter = nodemailer.createTransport(that.transport(options)); // options are not including my emailSettings
transporter.sendMail(options, function(err, res){
  if(err) return done(err);
  transporter.close(); // shut down the connection pool, no more messages
  done(null, res);
});

I noticed on my mongodb installation for lockit that an index is set for user's id. That's good. However, lockit does not seem to set an unique index for username and email address which it should in my opinion or is there a specific reason not to do so?

It's really really easy to get this error, including if you just make a new express app using defaults and try the quick-start with lockit as per the instructions in lockit's readme:

npm start

lockit no db config found. Using SQLite.
lockit no email config found. Check your database for tokens.

/signup

..fill in the form and submit it..

->

Unhandled rejection Error: Cannot find module 'lockit-template-blank'
    at Function.Module._resolveFilename (module.js:338:15)
    at Function.Module._load (module.js:280:25)
    at Module.require (module.js:364:17)
    at require (module.js:380:17)
    at new module.exports (/Users/dhall/projects/myapp/node_modules/lockit/node_modules/lockit-signup/node_modules/lockit-sendmail/index.js:16:19)

hi,thanks for the module.i would like to ask if you have plan to add role based access to this module.thanks

Hi,

how can I check who the user is after he logged in?
I mean, when I hit another route, what method is available to get the user who logged in?
I checked the lockit-utils, but there is nothing like this there.
In most cases I'll need to know who the user calling a method is.
Thanks.

The package.json for lockit-signup and lockit-forgetpassword still point at 1.1.0 instead of 1.1.1 so on a fresh install of lockit the old version is used.

Hello, is there a known / easy way to use OAuth based authentication? e.g. https://github.com/dgrubelic/vue-authenticate/blob/master/example/server.js

I tried the "full example" code:

var config = require('./config.js');
var Lockit = require('lockit');

var app = express();

app.use(cookieParser());
app.use(cookieSession({
  secret: 'secret'
}));

var lockit = new Lockit(config);

app.use(lockit.router);

// you now have all the routes like /login, /signup, etc.
// and you can listen on events. For example 'signup'
lockit.on('signup', function(user, res) {
  console.log('a new user signed up');
  res.send('Welcome!');   // set signup.handleResponse to 'false' for this to work
});

When I started the server it complained that express was undefined, so I installed express via npm and added:

var express = require('express');

and changed:

app.use(cookieParser());
app.use(cookieSession({
  secret: 'secret'
}));

to this:

app.use(express.cookieParser());
app.use(express.cookieSession({
  secret: 'secret'
}));

But now I get this. What's wrong?

lockit no email config found. Check your database for tokens.
/Users/valmar/dev/node/todolist/node_modules/lockit/node_modules/lockit-signup/index.js:40
  router.get(route, this.getSignup.bind(this));
        ^
TypeError: Cannot read property 'get' of undefined
    at new module.exports (/Users/valmar/dev/node/todolist/node_modules/lockit/node_modules/lockit-signup/index.js:40:9)
    at new module.exports (/Users/valmar/dev/node/todolist/node_modules/lockit/index.js:41:16)
    at Object.<anonymous> (/Users/valmar/dev/node/todolist/server.js:12:14)
    at Module._compile (module.js:460:26)
    at Object.Module._extensions..js (module.js:478:10)
    at Module.load (module.js:355:32)
    at Function.Module._load (module.js:310:12)
    at Function.Module.runMain (module.js:501:10)
    at startup (node.js:129:16)
    at node.js:814:3

Thanks for writing Lockit, Mirco. You've included most of the features I'm looking for and it saves me from writing a lot of boilerplate code.

I think this component could benefit a lot from Passport.js integration, because it provides a uniform API for lots of authentication strategies. I would like to integrate Google and Facebook login into my application.

Lockit says it "comes with its own built-in views". This is sort-of correct. It is only correct if your express app uses the default view engine (jade). Lockit could actually render its own views with its own view-engine, independently of the main app. It might suffice to better document how to use your own views, and warn people that you will have to create custom views if you are not using jade as your view engine.

express --hbs --css stylus myapp
cd myapp && npm i
npm i lockit cookie-session

edit app.js to include

var cookieSession = require('cookie-session');
var Lockit = require('lockit');
var lockit = new Lockit();
...
app.use(cookieSession({secret: 'my super secret String'}));
app.use(lockit.router);

Visit localhost:3000/login

ERROR
Failed to lookup view "/Users/dhall/projects/myapp/node_modules/lockit/node_modules/lockit-login/views/get-login" in views directory "/Users/dhall/projects/myapp/views"

Explain me please why did you make logout using GET /logout?

It's not safe. Anyone can insert a picture <img src="http://yousite.com/logout" /> and your users will logged out.

It may be better to do POST /logout?

How do I change this in the config.js?

It would be beneficial to document or implement the ability to have more fields during user signup. Frequently, it would be preferable to have firstname + lastname instead of simply name.

This is pretty neat, however the way the DB configurations are currently setup I found it quite tricky to make it work with my Sails.js site using the Waterline ORM. Basically I could bypass the ORM to connect directly separately to Mongo or Postgres or whatever the ORM adapter in waterline is pointed to as well. But I'd much prefer a lockit waterline adapter and just let the ORM to deal with those details.

Just a thought,

please add: "lockit-template-blank": "0.0.2"
to dependenies (not devDependencies)

All examples except "angular" are missing the error.jade view.

Update: don't know what I was doing wrong, after cleaning node modules an reinstalling it works running out of the box, save the missing error.jade file... so ignore the rest. Sorry about the fuss!

They also do not refer to the latest version of lockit and lockit's components which should be required as everything has been changed for Express 4.

Running the examples OOTB does not work for me unless I in app.js change var Lockit = require('../../'); to var Lockit = require('lockit'); and update the dependencies in package.json. But maybe I'm confused and have missed something else.

I see that a db lockit/user is created for each user...
This is a problem, if you have thousand of users. What is this DB used for?
Can this be changed?
Thanks.

@zemirco could you modify the plugin lockit-mongodb-adapter to be able to use an existing connection to the mongodb? I use the mongoose in my application, and can share the existing connection with the Lockit.

I have tried to add “query” method into adapter.js.

However the closure function in “query” method passing invalid arguments to another function. I guess this issue is causing by waterline’s adapter.js

Here is the flow .

Step 1 (call the query method from waterline’s adapter.js

note that key is “query”

adapter[key].apply(self, args);

Step 2

query: function (connection, collection, options, values, cb) {
this.connect(connectionName, function(err, db) {
});
}

Step 3

“cb” here is supposed to received the callback function but receive the other arguments instead (etc: collectionname);

connect: function (connectionName, cb) {
return cb();
}

Cookie-based auth doesn't work on Phonegap or Chrome packaged apps. It also leaves vulnerability to CSRF attacks.

A better strategy for an Angular-type SPA is to store a token in LocalStorage:
https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/

I would like the options to use either json web tokens (which don't require any session store) or a Redis-based token system. This is very easy to implement with Passport.

https://github.com/roblevintennis/passport-api-tokens

If I have some time over the next week I'll send you a pull request.

Would lockit work with Express 4?

Thanks

Is there anyone that has got Lockit to work with sailsJS? Thanks

Hi,i have try to use

exports.db = mysql:// (user) : (password) @localhost:3306/user

But still cannot connect.This is the screenshot

Hi,

Instead of using a config.js file, I'm just constructing the config in my app.js for a quite prototype. I know I don't have an email config, but this error is strange, why does it point to index.js:38?

lockit no email config found. Check your database for tokens.
assert.js:86
  throw new assert.AssertionError({
        ^
AssertionError: missing path
    at Module.require (module.js:363:3)
    at require (module.js:384:17)
    at new module.exports (/vagrant/node_modules/lockit/index.js:38:44)
    at Object.<anonymous> (/vagrant/app.js:20:14)
    at Module._compile (module.js:460:26)
    at Object.Module._extensions..js (module.js:478:10)
    at Module.load (module.js:355:32)
    at Function.Module._load (module.js:310:12)
    at Function.Module.runMain (module.js:501:10)
    at startup (node.js:129:16)

Get type of database from exports.dbUrl. Use url module to parse the connection string.