npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

apollo-passport-local-strategy

v1.0.2

Published

Local strategy using email address and hashed, bcrypted password

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shohamgiladshohamgilad

Keywords

apollopassportapollo-passportauthauthenticationapollo-passport-strategy

Readme

apollo-passport-local-strategy

Forked from apollo-passport/local Local strategy using email address and hashed, bcrypted password.

npm Circle CI Coverage Status MIT License

Copyright (c) 2017 by Gilad Shoham, released under the MIT license.

New Features in this fork (Highlights)

  • Add option to define input apUserInput (outside) for creating new users with your desired fields
  • Add account verification token during create user
  • Add apVerifyAccount mutation to verify the account
  • Add recoverPasswordRequest mutation to create reset password token
  • Add options to pass hooks method (onCreateUserEnd, onBeforeStoreRegisteredUser, onRecoverPasswordRequestEnd, onVerifyAccountEnd, onRecoverPasswordEnd, onLoginEnd) (for example to send verification emails)
  • Improve errors format (Add error code)
  • Allow users without services to register even if their email already exist (Merge with existing user) for case that the user added from outside and not really registered

Align user schema (email field) with passport recommended structure from here

Add register date during merge with existing user

New Features in this fork (Usage)

Use my fork of apollo-passport-mongodb-driver

npm install apollo-passport-mongodb-driver

Import my version of local strategy

First, make sure to install my version of local strategy:

npm i --save apollo-passport-local-strategy

In apollo-passport docs, you will see this line:

import { Strategy as LocalStrategy } from 'passport-local';

It should be replaced by:

import { Strategy as LocalStrategy } from 'apollo-passport-local-strategy/lib/index';

(If you don't do this, the options like hooks will not work)

Mutation and types signatures

const typeDefinitions = `
type RootMutation {
  apCreateUserEmailPassword (input: apUserInput!): PassportResult,
  apVerifyAccount (userId: String, verificationToken: String!): SimpleError,
  apRecoverPasswordRequest (email: String): String,
  apRecoverPassword (userId: String!, token: String!, newPassword: String!): String,
  apUpdateUserPassword (userId: String!, oldPassword: String!, newPassword: String!): String,
  apLoginEmailPassword (email: String!, password: String!): PassportResult
}

type SimpleError {
  errCode: String,
  errMessage: String
}
`;

Define apUserInput

You should define your own userInput type (named apUserInput). This way you can define what ever fields you want to be part of the registration process. You have to make sure that you have email and password fields, because the library used them internally.

Example:

`input apUserInput {
  # User email
  email: String!
  # User password
  password: String!
  # User first name
  firstName: String!
  # User last name
  lastName: String!
  # office phone number
  phone: String
  # Personal mobile phone number
  mobilePhone: String
}
`;

Account verification token during create user

During create user the library will add these fields to the new user:

  • verificationToken - The token generated using this code:
crypto.randomBytes(20, (err, buf) => {
  var token = buf.toString('hex');
});

verificationTokenExpiration - An expiration to account verification token (Will be used during verify account), defalut to be 1 month. You can change it via configuration.

verified - Will be set to false during creation, and will be change to true on verify account.

Recover Password Request mutation to create reset password token

A new mutation to generate tokens for reset password. The tokens will be generated the same way as the account verification token. The name of the token fields will be:

  • resetPassToken
  • resetPassTokenExpiration Once a reset password request has been submitted, the verified will be change to false again. If the user has never verified his account the account verification token will be deleted. (The reason beyond is that if the user has the reset password token i assume he got it the same way as the verify account, therefor it can be used to verify the account as well). If the user will try to verify his account after reset password, he will get an error that reset password is in progress.

New error

This new error currently used only on apVerifyAccount mutation. This will give you better way to handle those errors in the client side. List of the possible errors:

{
  errCode: 'USER_NOT_EXIST',
  errMessage: 'No such user id',
}

{
  errCode: 'RESET_PASS_IN_PROGRESS',
  errMessage: 'Reset password is in progress',
}

{
  errCode: 'TOKEN_NOT_VALID',
  errMessage: 'Verification token not valid',
}

{
  errCode: 'TOKEN_EXPIRED',
  errMessage: 'Verification token expired',
}

Allow users without services to register

During the create user there is a check if the user exist. If the user exist but without any service the new user will be merged with the existing one. The reason beyond this, is if you collect some user details from other users or from external source, maybe you want someone to invite other user, you want to create this user, but still let him register and define his passowrd.

New options (hooks / tokensExpirationLength)

The hooks will be called with the user as argument. Default for tokensExpirationLength is 1 week for both (verification and reset pass). The length is at SECONDS and not milliseconds.

Here is an example for one hook and changing the tokens expiration length:

import { Strategy as LocalStrategy } from 'apollo-passport-local-strategy/lib/index';

const onRegisterUserHook = function(user){
    logService.log('user registered');
    mailService.sendVerificationMail(user);
}

const onLoginEndHook = function(user){
    logService.log('user logged in');
    UserService.updateLastLogin(user._id);
}

const MONTH = 60 * 60 * 24 * 7 * 4;

const apolloPassportLocalOptions = {
  usernameField: 'email',
  passwordField: 'password',
  hookMethods: {
    onCreateUserEnd: onRegisterUserHook,
    onBeforeStoreRegisteredUser: onBeforeStoreRegisteredUserHook,
    onRecoverPasswordRequestEnd: onRecoverPasswordRequestEndHook,
    onRecoverPasswordEnd: onRecoverPasswordEndHook,
    onUpdatePasswordEnd: onUpdatePasswordEndHook,
    onVerifyAccountEnd: onVerifyAccountEndHook,
    onLoginEnd: onLoginEndHook,
  },
  // Set the expiration to be 4 weeks
  tokensExpirationLength: {
    verification: MONTH,
    resetPass: MONTH,
  },
};

const apolloPassport = new ApolloPassport({
  db: MongoDBDriver,            
  jwtSecret: 'my special secret',   
  authPath: '/ap-auth',            
});

apolloPassport.use('local', LocalStrategy, apolloPassportLocalOptions);

Features

  • Authenticate users with an email and password.
  • Passwords stored in the database are encrypted with bcrypt.

Usage

See https://github.com/gadicc/apollo-passport.

Note: you don't usually need a special apollo-passport-xxx package for every passport strategy. apollo-passport-local is a special case because of it's dependencies, e.g. bcrypt and some client-side hashing.

$ npm i --save passport-local apollo-passport-local-strategy

Server

import { Strategy as LocalStrategy } from 'apollo-passport-local-strategy/lib/index';

// Your previously created ApolloPassport instance...
apolloPassport.use('local', LocalStrategy /*, options */);

Client

import ApolloPassportLocal from 'apollo-passport-local-strategy/lib/client';

// Your previously created ApolloPassport instance...
apolloPassport.use('local', ApolloPassportLocal);