passport-local: Always return "missing credentials"

This is my implementation with coffeescript and Express 4

passport.use new LocalStrategy
   usernameField:'emailAddress'
,(username,password,done) ->
   console.log('credentials passed to passport' + username + '' + password)

  User.findOne emailAddress:username,(err,user) ->
    if err then return done(err)
    if not user
      return done(null,false,message:'Incorrect data')
    bcrypt.compare password,user.password, (err,isMatch) ->
      if err then return done(err)
      if isMatch then return done(null,user)
      else return done(null,false,message:'Incorrect data')

#Authenticate user
app.post '/api/v1/auth/login',(req,res,next) ->
  passport.authenticate('local',(err,user,info) ->
    error = err or info
    if error then return res.status(400).json {user:null,state:'failure',error:error}
    req.logIn user,(err) ->
      if err then return res.status(400).json {user:null,state:'failure',error:err}
      res.status(200).json {user:req.user,state:'success'}
  ) req,res,next

I’m also using a linkedIn-strategy

I testing with an angular app and also with

 curl -v -d '{"emailAddress":"test@test.cl","password":"test"}' http://127.0.0.1:8070/api/v1/auth/login --trace-ascii /dev/stdout -H "Content-Type: application/json"

But I only get this

{"user":null,"state":"failure","error":{"message":"Missing credentials"}}

can you see the problem?

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Comments: 18 (1 by maintainers)

Most upvoted comments

My problem was that I was using bodyParser to parse request body as json:

app.use(bodyParser.json());

If you have an html form and are posting username/password to the server, you need to ask bodyparser to parse urlencoded body:

app.use(bodyParser.urlencoded({ extended: false }));

+4
mansoor-omrani on May 21, 2020

i do not know if it would be helpful to somebody but : i solved the same problem by checking the password input name , it had a capital P !

+3
abayoss on Jun 8, 2019

my problem was not including the body-parser middleware. Thanks for the hint @GochoMugo

+3
sirkitree on Jul 27, 2015

Is your request body being parsed?

+3
GochoMugo on Jun 14, 2015

works with

passport.use(new LocalStrategy({
  usernameField: 'user[email]',
  passwordField: 'user[password]',
}, (email, password, done) => {

instead of

passport.use(
  new LocalStrategy(async (email: string, password: string, done: Function) => {
    const user: User | null = await User.findOne({ where: { email } })
    if (!user) {
      return done(null, false, { message: 'Incorrect email.' })
    }
    if (user.password !== password) {
      // todo user.validPassword
      return done(null, false, { message: 'Incorrect password.' })
    }
    return done(null, user)
  })
)
+1
guoxiangke on Aug 4, 2020

I have face same problem that {message : credential messing} but if I use Req.body.email it show abc@example.com But if I use console.log (usr + err)

false , null

+1
Saifaligour on Aug 21, 2018
Read more comments on GitHub
← passport-linkedin: InternalOAuthError - failed to obtain request token
passport: passport is empty in session but has user in sessionStore →