Passport and Passport Local req.isAuthenticated always returns false

Question

I haven't been able to track this down, but for my set up, isAuthenticated always returns false even after a successful login. Here's the passport code:

req.isAuthenticated = function() {
  var property = 'user';
  if (this._passport && this._passport.instance._userProperty) {
    property = this._passport.instance._userProperty;
  }

  return (this[property]) ? true : false;
};

But in a quick look around I don't see the _userProperty proeprty anywhere in the local strategy (sorry if I didn't look hard enough), so I suppose that might be why it's always returning false?

I'd leave a code sample of my application code, but I feel it's probably easier to have a quick look at the repo for my work in progress: passport api token sessionless

Ultimately, my goal is to have logout work properly for that boilerplate project (which it currently it doesn't).

Answer 1

Apologies if my original question is not that useful in the first place, but...

I found that my combination of passport, passport-local, and passport-local-mongoose, a solution was to simply create an invalidation method on my mongoose Schema (that has the passportLocalMongoose "plugged in", and when my /logout route gets hit I essentially remove that user's token. Here's that method:

Account.statics.invalidateUserToken = function(email, cb) {
    var self = this;
    this.findOne({email: email}, function(err, usr) {
        if(err || !usr) {
            console.log('err');
        }
        usr.token = null;
        usr.save(function(err, usr) {
            if (err) {
                cb(err, null);
            } else {
                cb(false, 'removed');
            }
        });
    });
};

I presume it's more interesting to see this in context so again please feel free to refer to the repo listed in question...hope this helps someone.

Also, if a core from one of the aformentioned libs wants to suggest a better way I'd of course love to refactor my code to make it idiomatic; if not, this approach seemed to work.

Answer 2

I guess you forgot to put: req.login(...) inside passport.authenticate('local', function(...){}).

See here (at the end of the page)