passwordless-mongostore-bcryptjs

    1.1.1 • Public • Published

    Passwordless-MongoStore-bcrypt.js

    This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means.

    Tokens are stored in a MongoDB database and are hashed and salted using bcrypt.js. This is an alternative to the bcrypt-node version as the bcrypt-node maintainers have discontinued maintenance and recommend bcrypt.js instead.

    Usage

    First, install the module:

    $ npm install passwordless-mongostore-bcryptjs

    Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

    var passwordless = require('passwordless');
    var MongoStore = require('passwordless-mongostore-bcryptjs');
     
    var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
    passwordless.init(new MongoStore(mongoURI));
     
    passwordless.addDelivery(
        function(tokenToSend, uidToSend, recipient, callback) {
            // Send out a token
        });
     
    app.use(passwordless.sessionSupport());
    app.use(passwordless.acceptToken());

    Initialization

    new MongoStore(uri, [options]);
    • uri: (string) MongoDB URI as further described in the MongoDB docs
    • [options]: (object) Optional. This can include MongoClient options as described in the docs and the ones described below combined in one object as shown in the example

    Example:

    var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
    passwordless.init(new MongoStore(mongoURI, {
        server: {
            auto_reconnect: true
        },
        mongostore: {
            collection: 'token'
        }
    }));

    Options

    • [mongostore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'

    Note that with v3 of Mongo, this is now the name of both the database and the collection that are created.

    Hash and salt

    As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore-crypt.js uses bcrypt.js with automatically created random salts. To generate the salt 10 rounds are used.

    Tests

    $ npm test

    License

    MIT License

    Author

    Florian Heinemann @thesumofall
    Minor updates by Hugh Rundle

    Install

    npm i passwordless-mongostore-bcryptjs

    DownloadsWeekly Downloads

    0

    Version

    1.1.1

    License

    MIT

    Unpacked Size

    13.7 kB

    Total Files

    7

    Last publish

    Collaborators

    • hughrun