passport authentication always returns missing credentials

app-generator / api-server-nodejs

Nodejs API Server - Express / SQLite / TypeORM | AppSeed

https://appseed.us/boilerplate-code/nodejs-starter/

Other

227 stars 87 forks source link

passport authentication always returns missing credentials #2

Closed NomadXD closed 3 years ago

NomadXD commented 4 years ago

`router.post('/login', auth.optional, (req, res, next) => { const { body: { user } } = req; console.log(req.body); const result = Joi.validate(user, userSchema);

if (result.error) {
    return res.status(422).json({
        errors: result.error
    });
}
console.log('login');
return passport.authenticate('local', { session: false }, (err, passportUser, info) => {
    console.log(err);
    console.log(info);
    if (err) {
        return next(err);
    }

    console.log(passportUser);

    if (passportUser) {
        const user = {
            _id: passportUser.id,
            email: passportUser.email,
            name: passportUser.name,
            surname: passportUser.surname,
            token: generateJWT(passportUser)
        };

        return res.json({ user });
    }

    return res.status(400).send(info);
})(req, res, next);

});`

passport.authenticate always says missing credentials. From the call back err is set to null, user is set to false and info is set to missing credentials. I searched stackoverflow and google but could not find a solution. It always returns missing credentials.

ghost commented 4 years ago

Face the same issue.. i checked and their local strategy middleawre not even invoke.

muracevic commented 4 years ago

Have you tried creating the user first? /api/users/signup It looks for the user in the DB. Worked for me after creating user.

app-generator commented 4 years ago

Hello Guys, As @muracevic suggests, users should be created first. Let me know if the problem persists. Thank you!

Feel free to join the AppSeed community on Discord to talk interactively.

morph1904 commented 4 years ago

I have the same issue. I have created the user and can see the user in the DB, I have also noticed that the password is not hashed, but stored plaintext. When hitting the API endpoint api/users/login with a JSON object in the body with the email and password I get

{ "message": "Missing credentials" }

morph1904 commented 4 years ago

I worked out the issue.

The login function requires that the body JSON object be formatted as this:

{ "user": { "email": "user@email.com", "password": "password123" } } Passing the body as: { "email": "user@email.com", "password": "password123" }

Will cause this error.

You can fix this by amending /config/passport.js and change lines 16 and 17 from this: usernameField: 'user[email]', passwordField: 'user[password]',

To this: usernameField: 'email', passwordField: 'password',

There is still the issue that the password is not being hashed in the database though. I would not be comfortable using this in a production evironment until that issue is resolved.

app-generator commented 3 years ago

Hello guys, Really sorry for this huge delay. This product enters into active support & versioning.

This issue is patched in v0.0.2 - As mentioned in the README file, the registration & login flow can be tested via curl:

Create user

$ curl -X POST -H 'Content-Type: application/json' \
  -d '{"username":"test1","password":"pass", "email":"test1@whatever.us"}' \
  http://localhost:3000/api/users/signup

Login user

$ curl -X POST -H 'Content-Type: application/json' \
  -d '{"email":"test1@whatever.us", "password":"pass"}' \
  http://localhost:3000/api/users/login