Passwordless-MongoStore-bcrypt.js
This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means.
Tokens are stored in a MongoDB database and are hashed and salted using bcrypt.js. This is an alternative to the bcrypt-node version as the bcrypt-node maintainers have discontinued maintenance and recommend bcrypt.js instead.
Usage
First, install the module:
$ npm install passwordless-mongostore-bcryptjs
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = ;var MongoStore = ; var mongoURI = 'mongodb://localhost/passwordless-simple-mail';passwordless; passwordless; app;app;Initialization
uri options;- uri: (string) MongoDB URI as further described in the MongoDB docs
- [options]: (object) Optional. This can include MongoClient options as described in the docs and the ones described below combined in one object as shown in the example
Example:
var mongoURI = 'mongodb://localhost/passwordless-simple-mail';passwordless;Options
- [mongostore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'
Note that with v3 of Mongo, this is now the name of both the database and the collection that are created.
Hash and salt
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore-crypt.js uses bcrypt.js with automatically created random salts. To generate the salt 10 rounds are used.
Tests
$ npm test
License
Author
Florian Heinemann @thesumofall
Minor updates by Hugh Rundle