florianheinemann / passwordless-mongostore

Token store for Passwordless using MongoDB
https://passwordless.net
MIT License
34 stars 29 forks source link

Passwordless-MongoStore

This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website https://passwordless.net for more details.

Tokens are stored in a MongoDB database and are hashed and salted using bcrypt. If you have trouble installing bcrypt (esp. on Windows) you could also consider using the slower but pure-JS version of MongoStore.

Usage

First, install the module:

$ npm install passwordless-mongostore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

var passwordless = require('passwordless');
var MongoStore = require('passwordless-mongostore');

var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(new MongoStore(mongoURI));

passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });

app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

new MongoStore(uri, [options]);

Example:

var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(new MongoStore(mongoURI, {
    server: {
        auto_reconnect: true
    },
    mongostore: {
        collection: 'token'
    }
}));

Options

Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.

Tests

$ npm test

License

MIT License

Author

Florian Heinemann @thesumofall