// Handle login
app.post('/login', function (req, res, next) {
// Insert your own login mechanism
if (req.body.email !== '[email protected]') {
res.render('login', {
redirect: req.body.redirect,
client_id: req.body.client_id,
redirect_uri: req.body.redirect_uri
});
} else {
// Successful logins should send the user back to the /oauth/authorise
// with the client_id and redirect_uri (you could store these in the session)
return res.redirect((req.body.redirect || '/home') + '?client_id=' +
req.body.client_id + '&redirect_uri=' + req.body.redirect_uri);
}
});
I hate to ask for a gimme, but is this where I can plant a local username-password strategy? If I am trying to store a session with a bearer token, where do I plant this with X, (passport or something)? I have something like:
// model for oauth
model.getUser = function (username, password, callback) {
Models.User.find({
where: ['lower("Users"."username")=? AND "Users"."deletedAt" IS NULL', username.toLowerCase()]
}).success(function(user) {
if (!user) {
return callback('Unknown user ' + username );
}
user.verifyPassword(password, function(result) {
if (result)
return callback(null, user);
else
return callback('Invalid password');
});
})
};
//passport local stategy
passport.use(new LocalStrategy(
function(username, password, done) {
process.nextTick(function () {
Recommender.Models.User.find({
where: ['lower("Users"."username")=? AND "Users"."deletedAt" IS NULL', username.toLowerCase()]
}).success(function(user) {
if (!user) {
return done(null, false, { message: 'Unknown user ' + username });
}
user.verifyPassword(password, function(result) {
if (result)
return done(null, user);
else
return done(null, false, { message: 'Invalid password' });
});
})
});
}
));
to verify a user. Can you organize my thoughts on what i should be doing on the app.post('/login') route? Maybe I am way off... Thanks for making good code available to guys trying to do side projects with full time jobs!