Discussion on: Password-based authentication with GraphQL and Passport

View post

First of all thanks for your post.
I think that I am having this issue: github.com/apollographql/apollo-se...

I am trying to run a User.findOne({ email }) inside the newGrapQLLocalStrategy, but for some reason, the User model is empty. Even if i try to import it in the scope.

passport.use(
new GraphQLLocalStrategy((email, password, next) => {
console.log(🎫 ${JSON.stringify(User)} 🚔 👮‍♂)
User.findOne({ email })
.then(user => !user
? next(null, false, 'Invalid email or password')
: user.checkPassword(password) //bcrypt
.then(match => !match
? next(null, false, 'Invalid email or password')
: next(null, user)
)
)
.catch(error => next(error))
}),
);

Do I need to apply for the middleware passport.authenticate as it said in the Github issue?? how??

Josue Valenica • Feb 24 '20 • Edited

nevermind... it works, was an error with... oh, not I don't know what was it... I mean, it works in the playground, but for the console: console.log(🎫 ${JSON.stringify(User)} 🚔 👮‍♂)
returned:

🎫 undefined 🚔 👮‍♂

was a ghost? 👻

Johannes Kettmann • Feb 25 '20

Thanks for your comments Josue! Not sure what the error was. I cannot really understand it from the code that you shared. It's indeed strange that the console.log says User is undefined but the next line User.findOne works. If you still have a problem would you mind sharing the code in a codesandbox? Would be much easier to debug ;-)

Josue Valenica • Feb 25 '20 • Edited

Oh, thanks for the offer... in fact for the same reason, the register doesn´t work ( i will be working on that the next 3 hours).

You can check the public repo here:
github

and the passport config

I am getting confused with the async function .save() from mongoose and the async login/logout with passport

you can check it in the user resolver

So far is working...

I have an other questions...

¿How do you know that the user is logged?. Can I check that in a resolver? where is that? in the context?.

With passport session, we had a collection for all those sessions and had access with something like this:

module.exports.isAuthenticated = (req, res, next) => {
  if (req.isAuthenticated()) {
    next();
  } else {
    next(createError(401));
  }
}

a simpel middleware.
Can I check for my user if is authenticated??

something like this: context.req.isAuthenticated()

Yeap, it works, but it restart after changing anything (nodemon).

Btw, checking the context.req object we have something:

sessionStore: MemoryStore {
    _events: [Object: null prototype] {
      disconnect: [Function: ondisconnect],
      connect: [Function: onconnect]
    },
    _eventsCount: 2,
    _maxListeners: undefined,
    sessions: [Object: null prototype] {
      'cedef8ba-c26e-4995-832a-614e57c3f85c': '{"cookie":{"originalMaxAge":null,"expires":null,"httpOnly":true,"path":"/"},"passport":{"user":"5e557091952b47f3f126a0a5"}}'
    },
    generate: [Function (anonymous)],
    [Symbol(kCapture)]: false
  },
  sessionID: 'cedef8ba-c26e-4995-832a-614e57c3f85c',
  session: Session {
    cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true },
    passport: { user: '5e557091952b47f3f126a0a5' }
  },

Can I store this in a database, like passport use to do with passport.session()