Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Travis Webb
    @tjwebb
    @aars sails-(auth|permissions) are now in the official sails.js docs, in the policies section. I aim to get them in more places; currently they are the de facto official packages, since we at balderdash are recommending them to people who ask
    They are relatively new (1.0 release is only a month or so old) so full traction may take a little time
    Aaron Heesakkers
    @aars
    @ghaiklor I invited you to this room to hopefully discuss some improvements on sails-auth. (@tjwebb). I’ve got some “free time” the coming weeks and would love to contribute. What I would like to see/do:
    • decouple frontend-related stuff. (redirects, flash errors, etc)
    • Use generators/templates to prevent the need to edit node_modules (or override large pieces of code)
    • A better/clearer passportjs implementation?
    • jwt (or other token) authentication/generation.
    • do not break sails-permissions when doing this :)
    Eugene Obrezkov
    @ghaiklor
    Hi ) Yeah, no problem. Feel free to ask questions about passport. I'm going to implement more strategies with token, so I cant participate for now )
    And of course I cant forgot my yeoman generator )
    Aaron Heesakkers
    @aars
    Great! I’ll play around with your generator soon and see what I can pick up from it. Looks good.
    Aksimaya
    @Aksimaya
    Hey guys.. what is the difference between sails-auth (by tjwebb) & sails-generate-auth (by kasperisager) ? which one should i install better? i see that sails-generate-auth seems more complete because it has /views/auth/*.ejs for frontend. any idea @tjwebb ?
    Aaron Heesakkers
    @aars
    Those views are very simple and by the looks of it only used for demonstration purposes. But, it is a good question why sails-auth doesn’t have them, since it does redirect to in the AuthController, suggesting there is a frontend dependency.
    You could probably drop in these views as-is.
    Aksimaya
    @Aksimaya
    @aars tx.. will try to drop it. I just a little bit confused which one i should follow for the future version :D
    @aars you will code the jwt ? cool.. cant wait to use it :) so that i can test the permission with postman, no need to build the frontend first. Btw, i just using sails-auth, so sorry if to much comments / questions.
    *build frontend to make a login system as there is sessionAuth policy
    Aaron Heesakkers
    @aars
    No prob. I’ve ran into some questions and issues as well, I’m not using a frontend in sails so I didn’t need the views or the redirects. I haven’t implemented jwt yet, I simply generate and assign a token after authentication that is then used in a Authorization header. I wrote a simple custom passportJs strategy for that.
    Not to make things more complicated for you, but you should also take a look at @ghaiklor’s sails-generate-rest-api. It’s built specifically for REST api’s that do not contain a frontend, and has a very nice and clean AuthController for example. You can probably scroll up here in gitter to see the conversations tjwebb and him had.
    There is a lot if fine-tuning going on.
    You’re probably gonna "get your hands dirty” before having a ful auth setup the way you want it.
    Aksimaya
    @Aksimaya
    yes.. true.. hehe.. before i found the sails-auth, i've coded myself for about three days, Inspired by stormpath which seems has a complete default user module. But i love sails more.. it more beautyfull (for me) :)
    Eugene Obrezkov
    @ghaiklor
    Hi guys. Just want to share news with you. I've done much more passport strategies, which adapted exactly for REST API. All of them already included in edge version of generator-sails-rest-api. You can find them in my repository list. Still in development and some cases could be wrong, but in general test cases is passing and problems can be only if some changes appears in social API :smiley:
    Aksimaya
    @Aksimaya
    @ghaiklor cool.. Will try it..
    Tristan F.
    @Esya
    Anyone here could give me some guidelines on how to use sails-auth to generate a token for my front app instead of relying on cookies once the user has logged-in ?
    I'm not quite sure how to do so, because the user still can login with multiple passport strategies, so I can't "just use passport-http-bearer"
    Tristan F.
    @Esya
    Just created a stackoverflow question which is more detailed.
    Travis Webb
    @tjwebb
    hey esya, I responded to your github issue. we can chat here also if you'd like
    Tristan F.
    @Esya
    @tjwebb Hey, I was about to answer!
    I was about to say : I am interested indeed, not quite sure how this should be implemented though, I'm going to have a better look at passport's documentation
    I'm already contributing on some other sails related repos like waterline, so ofc it'd be a pleasure
    Travis Webb
    @tjwebb
    ok cool. yea I'll also think about it some more. unfortunately I don't have a lot of experience working with jwt tokens
    Tristan F.
    @Esya
    Me neither, but it seems like it has many advantages
    This article finished convincing me about it
    Does passport only use the sessions for the serializeUser() deserializeUser() methods?
    Travis Webb
    @tjwebb
    new version published today with socket.io support
    Aaron Heesakkers
    @aars
    Awesomesauce!
    Jeroen Peerbolte
    @peerbolte

    Hi there. I'm trying to implement Dropbox oauth2 authentication by adding this in my config/passport.js

    _.merge(exports, {
        passport:{
            dropbox:{
                name: 'Dropbox',
                protocol: 'oauth2',
                strategy: require('passport-dropbox-oauth2').Strategy,
                options: {
                    clientID: 'xxx',
                    clientSecret: 'xxx',
                    callbackURL: '/auth/dropbox/callback' 
                }
            }
        }
    
    });

    However I'm getting the following error when visiting auth/dropbox:

    Error: Unknown authentication strategy "dropbox"
    Am I doing something wrong here?
    Travis Webb
    @tjwebb
    hmm
    I've never auth via dropbox. do other auth methods work, e.g. google?
    camikazegreen
    @camikazegreen
    @tjwebb I was just about to ask you about the bluebird dependency not existing in sails-auth, but I see that you just fixed it today. Keep up the good work!
    Travis Webb
    @tjwebb
    thanks! sorry about that issue. we changed the dependencies around to prepare for npm 3.0, which has breaking changes for peerDependencies
    Jeroen Peerbolte
    @peerbolte
    I’ve tested google auth, it works like a charm. dropbox seems to be having issues though..
    Jeroen Peerbolte
    @peerbolte

    Ok I figured out the issue: the name inside of the passport-dropbox-oauth2 strategy is "dropbox-oauth2", but it’s looking for “dropbox”. Is sails-auth using the key value of the passport (in config/passport.js) objects to indentify the name? Maybe it would be nice to be able to overwrite this?
    I fixed it by doing something like this:

     var passportObj = {passport:{}};
    
     passportObj.passport['dropbox-oauth2'] =  {
                name: 'dropbox-oauth2',
                protocol: 'oauth2',
                strategy: require('passport-dropbox-oauth2').Strategy,
                options: {
                    clientID: 'xxx',
                    clientSecret: 'xx',
                    callbackURL: '/auth/dropbox/callback'
                }
     };
    
    
    _.merge(exports, passport);

    Which works, but is not ideal. I can do auth via localhost:1337/auth/dropbox-oauth2. I could also change the name within the passport-dropbox-oauth2 module, but that’s not very clean..

    Jeroen Peerbolte
    @peerbolte
    another question: When I validate dropbox (and I already validated my google account) i get the error that the username / email already exists. Can I link these auths under one user?
    kplatter
    @kplatter
    @tjwebb I'm new to passport and am trying to use sails-permissions/sails-auth, and have installed and set it up correctly. Is there any guidance on where and how to do configuration? I see there are a lot of places to "extend with custom logic" but am a little lost as to what is expected where? I would like to start with just a local auth maybe via a json object or json file to get my feet wet.
    Travis Webb
    @tjwebb
    hey @kplatter have you read through the wiki yet? https://github.com/tjwebb/sails-permissions/wiki
    Artem
    @ArtKuz
    I want to disable the authentication by user name, so that the identifier can only email.
    How can I do to edit code in my project, but no in node_modules?
    // api/services/protocols/local.js
    
    var _ = require('lodash');
    var _super = require('sails-auth/api/services/protocols/local');
    
    function protocols () { }
    
    protocols.prototype = Object.create(_super);
    _.extend(protocols.prototype, {
    
      // Extend with custom logic here by adding additional fields and methods,
      // and/or overriding methods in the superclass.
    
      login : function (req, identifier, password, next) {
        var isEmail = validateEmail(identifier)
          , query   = {};
    
        if (isEmail) {
          query.email = identifier;
        }
        // disable identifier by username
        /*else {
          query.username = identifier;
        }*/
    
        sails.models.user.findOne(query, function (err, user) {
          if (err) {
            return next(err);
          }
    
          if (!user) {
            if (isEmail) {
              req.flash('error', 'Error.Passport.Email.NotFound');
            } else {
              req.flash('error', 'Error.Passport.Username.NotFound');
            }
    
            return next(null, false);
          }
    
          sails.models.passport.findOne({
            protocol : 'local'
            , user     : user.id
          }, function (err, passport) {
            if (passport) {
              passport.validatePassword(password, function (err, res) {
                if (err) {
                  return next(err);
                }
    
                if (!res) {
                  req.flash('error', 'Error.Passport.Password.Wrong');
                  return next(null, false);
                } else {
                  return next(null, user, passport);
                }
              });
            }
            else {
              req.flash('error', 'Error.Passport.Password.NotSet');
              return next(null, false);
            }
          });
        });
      }
    
      /**
       * For example:
       *
       * foo: function (bar) {
       *   bar.x = 1;
       *   bar.y = 2;
       *   return _super.foo.call(this, bar);
       * }
       */
    });
    
    module.exports = new protocols();
    This message was deleted