braitsch / node-login Goto Github PK

I don't get a confirmation mail on the live-demo page!
Any ideas?

I've just started with nodejs and security.
Checking out the code I saw you store plain password in the cookie. Is it true? Does it introduce a security issue? Is there another way to do it? thanks

Why you don't use mongoose to connect to DB? Could make the application more simple, not?

There are a few fixes that need to be fixed either in here or on your own if you are someone who is looking to use this code.

1. The delete account method does not check for authorization, so you can delete anybodies account.
2. The reset-password logic is also abusable in the same way, many of the calls are, go thru and fix at your own discretion.
3. Make sure to code in some xsrf tokens or cors rulings. These methods are susceptible to cross-site request forgeries.

How to get database connectivity to the MongoDB site and Mongodb file for use locally?

This is a mysql branch of node login great if you can take a look at it.

https://github.com/pasindud/node-login/tree/mysql

The registering of two users can overlap such that two users with the same username or email are in the database. I suggest adding an index to the email and username fields in the database.

Error: /home/somenath/node-exp/node-login/app/server/views/layout.jade:1 > 1| !!! 5 2| html 3| head 4| title Node.js Login !!! is deprecated, you must now use doctype at Object.Lexer.doctype (/home/somenath/node_modules/jade/lib/lexer.js:248:13) at Object.Lexer.next (/home/somenath/node_modules/jade/lib/lexer.js:833:15) at Object.Lexer.lookahead (/home/somenath/node_modules/jade/lib/lexer.js:113:46) at Parser.lookahead (/home/somenath/node_modules/jade/lib/parser.js:111:23) at Parser.peek (/home/somenath/node_modules/jade/lib/parser.js:88:17) at Parser.parse (/home/somenath/node_modules/jade/lib/parser.js:126:26) at Parser.parse (/home/somenath/node_modules/jade/lib/parser.js:140:24) at parse (/home/somenath/node_modules/jade/lib/jade.js:95:62) at Object.exports.compile (/home/somenath/node_modules/jade/lib/jade.js:152:9) at Object.exports.render (/home/somenath/node_modules/jade/lib/jade.js:256:15)

installed all dependencies.
jade, emailjs,stylus, mongodb, moments.

Would you be able to help me in finding what's going on with the code ? or am I missing something from my end ?

Quickest help would be highly appreciated.

i am getting the following error though i have added email on the email-dispatcher.js

' ERROR : code 5
ERROR : smtp undefined
ERROR : previous Error: getaddrinfo EAI_FAIL [email protected]
at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:64:26) {
errno: 'EAI_FAIL',
code: 'EAI_FAIL',
syscall: 'getaddrinfo',`

I couldn't find this awesome module on NPMjs.org. Is there a npm module for it yet? Thanks.

If a user change username in the account setting page, using firebug for example, can modify the account of other user.

Fix: in the update route use the user from req.session.user instead the req.param('user'),

You may want to look into this. Me=n00b - can't contribute for now. Thanks for sharing.

When app starts, i have this output:
[Error: failed to connect to [localhost:27017]]

I don't know if it's something that I'm doing wrong. Then the app just don't work. :/ please help me if you can.

Thanks. :)

Switch to bcrypt or something that's not badly broken and insecure.

http://blog.codinghorror.com/speed-hashing/

After cloning the code and running the app locally, everything was working great until I created a new user and clicked submit. Instead of creating the user, the app did nothing (unless there was some error in the for, in which case it would alert me that my password wasn't long enough etc.)

User once logged in, goes to another tab and opens localhost:3000 he should see the update and delete page and not the login page.

This is because the file email-dispatcher.js has the following line hardcoded:

var link = 'https://nodejs-login.herokuapp.com/reset-password?e='+o.email+'&p='+o.pass;

If you are testing on localhost:3000 eMail points to the wrong link in herokuapp.com.

You can add this as en external variable also, as you did for EMAIL_HOST,EMAIL_USER and EMAIL_PASS

Regards,

J

Since no one else is getting this, I have a feeling that I am doing something really stupid. Anyways, so I installed this as per instructions (Not very hard considering it was four lines to type), and when I try to run app.js, I get this error:

events.js:72
throw er; // Unhandled 'error' event
^
Error: listen EACCES
at errnoException (net.js:884:11)
at Server._listen2 (net.js:1003:19)
at listen (net.js:1044:10)
at Server.listen (net.js:1110:5)
at Object. (C:\socialdonut\Socket\ap
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)

Can you help me fix it?

I've done some debugging, but can't trace the problem, probably due to inexperience with node. Problem appears to be in /app/server/router.js (function around line 144).

The callback function(o) inside of AM.updatePassword() doesn't seem to be getting the result of the query, so 'o' is always null when if(o) happens, even though the password was successfully changed, and so an error 400 gets sent instead of 'ok' 200.

Already made a change suggested by someone else to use accounts.findAndModify() instead of accounts.save(), which fixes a Type error being reported to the console, but doesn't change the functionality (password is still successfully changed, but user still sees an inaccurate error "I'm sorry, something went wrong".

app.post('/reset-password', function(req, res) {
...
...
...
AM.updatePassword(email, nPass, function(o){
if (o){ <<-- always null, even when password was successfully changed
res.send('ok', 200);
} else{
res.send('unable to update password', 400);
}
})
});

I made a fork (nogin) as I thought you were no longer maintaining, and I also wanted to refactor so the project could be used as an npm dependency without need for modifying the source.

If you are interested in these changes, I would be happy to collaborate, e.g., in setting up an organization where we could collaborate. (The changes are I feel too substantial for me to re-submit as new PRs here.)

Hi,

How to add a new field in signup page and insert the value to the DB. also need to verify that field with the Login credentials.

Thanks,
Arun

Hi,
I just cloned this project, am getting this issue "[Error: failed to connect to [localhost:27017]]", but sever is listening to the port. I checked with server.js, connection.js files seems everything is fine. Please help me to comeout from this issue.

Hello,

thanks first for your amazing masterpiece of login system.

I just feel compelled to inquire of how to apply this server to my personal front-end login page without pre-existing front login page you've made...

Thank you kindly.

It alerts "sorry, there was a problem. Please try again later."

On console

What can be done for it ?

route.js 175 line

Change
AM.deleteAccount(req.body.id, function (e, obj) {"
To
AM.deleteAccount(req.session.user._id, function (e, obj) {"

Looks like you saved the username and password in cookies in plain text? is that safe?

Hi @braitsch,

This project is probably the best mvc login I have seen.
Do you have any plans on expanding on this perhaps a crud way of managing each user like a administration panel?

As what title said.

Express server listening on port 8080 in development mode
connected to database :: login-testing
Error: EACCES, open '/opt/lampp/htdocs/node-login/app/public/css/style.css'

i get this error when i navigate to localhost:8080

In your EmailDispatcher https://github.com/braitsch/node-login/blob/master/app/server/modules/email-dispatcher.js you send reset link lik ethe following:

var link = 'http://node-login.braitsch.io/reset-password?e='+o.email+'&p='+o.pass;

Although that password is hashed I think it's not secure send it to client. It would be more secure as generate another hashed string. What do you think about it?

Hi, the https://nodejs-login.herokuapp.com/ website is down. The reason this repo was successful is because of that quick demo site. Please fix it asap.

I think the reason this site is not working is because heroku discontinued some of its most useful add-ons like mlab database add-on.

Login without remember-me option as It will redirect to /home but even if session is assign then also while re-traversing index page It wont redirect to /home so to Fix this
Inside routes.js replace this function with this function which is below

app.get('/', function(req, res){

 // This one is for If session is assign so redirect it 
	if(req.session.user)
	{
		res.redirect('/home');
	}
// check if the user has an auto login key saved in a cookie //
	else if (req.cookies.login == undefined){
		res.render('login', { title: 'Hello - Please Login To Your Account { For Exp} ' });
	}
	else{
// attempt automatic login //
		AM.validateLoginKey(req.cookies.login, req.ip, function(e, o){
			if (o){
				AM.autoLogin(o.user, o.pass, function(o){
					req.session.user = o;
					res.redirect('/home');
				});
			}	else{
				res.render('login', { title: 'Hello - Please Login To Your Account' });
			}
		});
	}
});

i put my mongodb conncetivity link on mongoose.connect('mongodb://localhost/ManualAuth', { useMongoClient: true }); but i cnnot connected with it and also register.ejs register button not working what should i do now.

Hello, what should I do if I wanted to use an external DB? Like something hosted on MongoHQ service

Did you also try to integrate Mongoose?

Hi, i am new to node.js. I wanted to know whether I could link pages to my html pages after user sign in. Because your code is based on jade and js. I tried to include my html page in a jade file I created (index.jade). It still shows "I'm sorry, the page or resource you are searching for is currently unavailable" .
Can I get any suggestion from you?

I've cloned your repo (thanks, btw) afterwards, i've tried:

• npm install -d
• npm install

but i've some problems, and a lot of warns, obviously, it's impossible to run the project. :/
i've tried to run it anyway, so i can get a message error and it seems to be some issue with bycript module.
I would help but i'm such a n00b with node yet. So if you can figure out what's wrong and fix it. it would be awesome!

Have you considered adding a second password input box to verify the user's password?

Also, would be cool if the email address had to be verified.

These two features would make this already excellent module a perfect user login solution.

If you have no plans to add these features in the near future I might have a go myself.
Would be easier for the original author though!

Hi,

What is your license usage for your work?

Thanks,

I don't know how to find the data set in the localhost.

show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
node-login 0.000GB

There is nothing in the database.How to find the data?

Hey,

First of all, thanks for a great example. I have a potential issue with it though. The reset password link looks like this:

'http://node-login.braitsch.io/reset-password?u='+o.pass;

What happens if two users have the same password? The hash should be the same, right, so AM.setPassword should fail on "findOne" in that case.