Passwordless-MongoStore

This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website https://passwordless.net for more details.

Tokens are stored in a MongoDB database and are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-mongostore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

``

javascript

var passwordless = require('passwordless');

var MongoStore = require('passwordless-mongostore');



var mongoURI = 'mongodb://localhost/passwordless-simple-mail';

passwordless.init(new MongoStore(mongoURI));



passwordless.addDelivery(

    function(tokenToSend, uidToSend, recipient, callback) {

        // Send out a token

    });

    

app.use(passwordless.sessionSupport());

app.use(passwordless.acceptToken());





Initialization

javascript

new MongoStore(uri, [options]);



 uri: (string)* MongoDB URI as further described in the MongoDB docs

 [options]: (object)* Optional. This can include MongoClient options as described in the docs and the ones described below combined in one object as shown in the example



Example:

javascript

var mongoURI = 'mongodb://localhost/passwordless-simple-mail';

passwordless.init(new MongoStore(mongoURI, {

    server: {

        auto_reconnect: true

    },

    mongostore: {

        collection: 'token'

    }

}));





$3

 [mongostore.collection]: (string)* Optional. Name of the collection to be used. Default: 'passwordless-token'



Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.



Tests

$ npm test`

License

MIT License

Author

Florian Heinemann @thesumofall

Usage

$ npm install passwordless-mongostore --save

Passwordless

javascript
var passwordless = require('passwordless');
var MongoStore = require('passwordless-mongostore');

var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(new MongoStore(mongoURI));

passwordless.addDelivery(
function(tokenToSend, uidToSend, recipient, callback) {
// Send out a token
});

app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());

Initialization

javascript
new MongoStore(uri, [options]);

uri: (string)* MongoDB URI as further described in the MongoDB docs
[options]: (object)* Optional. This can include MongoClient options as described in the docs and the ones described below combined in one object as shown in the example

Example:

javascript
var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(new MongoStore(mongoURI, {
server: {
auto_reconnect: true
},
mongostore: {
collection: 'token'
}
}));

$3

[mongostore.collection]: (string)* Optional. Name of the collection to be used. Default: 'passwordless-token'

Hash and salt

As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.

passwordless-mongostore-openshift

Passwordless-MongoStore

Usage

Initialization

$3

Hash and salt

Tests

License

Author

passwordless-mongostore-openshift

Passwordless-MongoStore

Usage

Initialization

$3

Hash and salt

Tests

License

Author