MongoDB TokenStore for Passwordless
npm install @remy/passwordless-mongostoreForked to upgrade bcrypt
---
This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website https://passwordless.net for more details.
Tokens are stored in a MongoDB database and are hashed and salted using bcrypt.
First, install the module:
$ npm install passwordless-mongostore --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
``javascript
var passwordless = require('passwordless');
var MongoStore = require('passwordless-mongostore');
var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(new MongoStore(mongoURI));
passwordless.addDelivery(function (
tokenToSend,
uidToSend,
recipient,
callback
) {
// Send out a token
});
app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());
`
`javascript`
new MongoStore(uri, [options]);
- uri: _(string)_ MongoDB URI as further described in the MongoDB docs
- [options]: _(object)_ Optional. This can include MongoClient options as described in the docs and the ones described below combined in one object as shown in the example
Example:
`javascript`
var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(
new MongoStore(mongoURI, {
server: {
auto_reconnect: true,
},
mongostore: {
collection: 'token',
},
})
);
- [mongostore.collection]: _(string)_ Optional. Name of the collection to be used. Default: 'passwordless-token'
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.
$ npm test`
Florian Heinemann @thesumofall