Passwordless-MongoStore
This module provides token storage for Passwordless, a node.js module for express that allows website authentication without password using verification through email or other means. Visit the project's website https://passwordless.net for more details.
Tokens are stored in a MongoDB database and are hashed and salted using bcrypt. If you have trouble installing bcrypt (esp. on Windows) you could also consider using the slower but pure-JS version of MongoStore.
Usage
First, install the module:
$ npm install passwordless-mongostore --save
Afterwards, follow the guide for Passwordless. A typical implementation may look like this:
var passwordless = ;var MongoStore = ; var mongoURI = 'mongodb://localhost/passwordless-simple-mail';passwordless; passwordless; app;app;Initialization
uri options;- uri: (string) MongoDB URI as further described in the MongoDB docs
- [options]: (object) Optional. This can include MongoClient options as described in the docs and the ones described below combined in one object as shown in the example
Example:
var mongoURI = 'mongodb://localhost/passwordless-simple-mail';passwordless;Options
- [mongostore.collection]: (string) Optional. Name of the collection to be used. Default: 'passwordless-token'
Hash and salt
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore uses bcrypt with automatically created random salts. To generate the salt 10 rounds are used.
Tests
$ npm test
License
Author
Florian Heinemann @thesumofall