Users - dlochrie/bula GitHub Wiki
Users Overview
Authentication With Passport
Passport provides a very powerful, and easy to use authentication middleware that allows us to use OpenID, OAuth1, and OAuth2 service providers to authenticate our users.
Some of the benefits of using these providers are:
-
Security. Some of the bigger providers like Google, Facebook, and Twitter have large teams of developers whose primary focus is security. Using these providers means that we don't have to work as hard to do that ourselves (this does NOT mean we are off the hook as far as any security goes, though - it is always our job to be conscious to write secure apps).
-
Convenience. Some (or Most) of our users already have tons of accounts and logins to keep track of. Unless it absolutely necessary to make them have to register yet another account, they can use one the accounts they already have.
One thing to point out, however, is that Passport also provides a Local Strategy which provides a mechanism to authenticate our users solely through our application. At this point, however, Bula does not support this (it should be easy enough to setup, though).
Anatomy of the User Object
On the session (req.session), the user looks like this:
req.session.user = {
session: {
passport: {
user: {
id: 1,
displayName: 'Firstname Lastname',
slug: 'firstname-lastname',
email: '[email protected]',
created: '2014-06-15T20:47:59.000Z',
updated: '2014-06-15T20:47:59.000Z'
}
}
}
}
As a local (res.locals), a user would look like this:
res.locals.user = {
id: 1,
displayName: 'Firstname Lastname',
slug: 'firstname-lastname',
email: '[email protected]',
created: '2014-06-15T20:47:59.000Z',
updated: '2014-06-15T20:47:59.000Z'
}