Passwordless-RedisStore

This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website for more details.

Tokens are stored in a Redis database and are hashed and salted using bcrypt.

Usage

First, install the module:

$ npm install passwordless-redisstore --save

Afterwards, follow the guide for Passwordless. A typical implementation may look like this:

``javascript
var passwordless = require('passwordless');
var RedisStore = require('passwordless-redisstore');

passwordless.init(new RedisStore(6379, '127.0.0.1'));

passwordless.addDelivery(
function(tokenToSend, uidToSend, recipient, callback) {
// Send out a token
});

app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());
`

Initialization

`javascript
new RedisStore([port], [host], [options]);
`
[port]: (Number)* Optional. Port of your Redis server. Defaults to: 6379
[host]: (String)* Optional. Your Redis server. Defaults to: '127.0.0.1'
[options]: (Object)* Optional. This can include options of the node.js Redis client as described in the docs and the ones described below combined in one object as shown in the example

Example:
`javascript
passwordless.init(new RedisStore(6379, '127.0.0.1', {
// option of the node.js redis client
auth_pass: 'password',
// options of RedisStore
redisstore: {
database: 15,
tokenkey: 'token:'
}
}));
`

$3

[redisstore.database]: (Number)* Optional. Database to be used. Defaults to: 0
[redisstore.tokenkey]: (String)* Optional. Keys to be used. UIDs will be appended. Defaults to: 'pwdless:UID'

Hash and salt

As the tokens are equivalent to passwords (even though only for a limited time) they have to be protected in the same way. passwordless-redisstore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.

Tests

$ npm test`

License

MIT License

Author

Florian Heinemann @thesumofall