Created
August 12, 2015 14:29
-
-
Save samuelhei/7371e62ae8f18e8811e6 to your computer and use it in GitHub Desktop.
Passport config for local authentication with Amazon Dynamodb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Passport config for local authentication with Amazon Dynamodb | |
| */ | |
| var passport = require("passport"); | |
| var LocalStrategy = require('passport-local').Strategy; | |
| var path = require('path'); | |
| var User = require(path.join(__dirname, '/class/User')); | |
| passport.serializeUser(function(user, done) { | |
| done(null, user.login); | |
| }); | |
| passport.deserializeUser(function(login, done) { | |
| //return the user object to callback done | |
| //Conect to Dynamodb | |
| var ddb = require('dynamodb').ddb({ | |
| accessKeyId: process.env.DYNAMODB_ACCESSKEYID, | |
| secretAccessKey: process.env.DYNAMODB_SECRETACCESSKEY, | |
| endpoint: process.env.DYNAMODB_ENDPOINT | |
| }); | |
| //return user by login | |
| ddb.getItem('user', login, null, {}, function(err, item, cap) { | |
| done(err, item); | |
| }); | |
| }); | |
| passport.use(new LocalStrategy( | |
| function(user, pass, done) { | |
| //Conect to Dynamodb | |
| var ddb = require('dynamodb').ddb({ | |
| accessKeyId: process.env.DYNAMODB_ACCESSKEYID, | |
| secretAccessKey: process.env.DYNAMODB_SECRETACCESSKEY, | |
| endpoint: process.env.DYNAMODB_ENDPOINT | |
| }); | |
| //return user by login | |
| ddb.getItem('user', user, null, {}, function(err, item, cap) { | |
| if (err) { | |
| //return the response from callback when an error happen | |
| return done(err); | |
| } else { | |
| if (item && User.hash(pass, item.salt) === item.hash) { | |
| //return the response from callback when the login is ok | |
| return done(null, item); | |
| } else { | |
| //return the response from callback when the login is invalid | |
| return done(null, false, { | |
| message: 'Login Invalid' | |
| }) | |
| } | |
| } | |
| }); | |
| })); | |
| module.exports = passport; |
On using the above code. I'm facing the " TypeError: callback.call is not a function issue"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In contrast to @julianbei - storing the salt as part of the protected credential is fine according to OWASP:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Basically it shouldn't matter if the salt is exposed - it's just meant to make it difficult for someone to quickly recover all passwords from a database. What is important is that every credential should have a unique salt - do not use one salt for all records. If you can build a rainbow table based on the same salt used for all credentials you can more easily recover all credentials en masse. If you're using bcrypt it will generate a unique salt per credential by default (the salt is normally part of the generated output), although you should ideally now use argon2.