# User Authentication With Passport and Express 4

This post demonstrate how to add user authentication to Node/Express with Passport.js.

If you’re interested in social authentication via Passport, please check out this blog post. Looking for an Express 3 authentication tutorial? Check out this post.

Before you start, make sure you have Node installed for your specific operating system. This tutorial also uses the following tools/technologies:

## Project Setup

Start by installing the Express generator, which we’ll use to generate a basic project boilerplate:

The -g flag means that we’re installing this globally, on our entire system.

Navigate to a convenient directory, like your “Desktop” or “Documents”, then create your app:

Check out the project structure:

This took care of the heavy lifting, adding common files and functions associated with all apps.

### Install/Update Dependencies

Update the package.json file to reference the correct dependencies:

Now install the dependencies:

### Sanity Check

Let’s test our setup by running the app:

Navigate to http://localhost:3000/ in your browser and you should see the “Welcome to Express” text staring back.

### Setup MongoDB

Install:

Then, in a new terminal window, start the MongoDB daemon:

## Edit app.js

### Update app.js

Update all of app.js with the following code (check the comments for a brief explanation):

## Mongoose

Let’s get the Mongoose up and running. Add a new file called account.js to a new directory called “models” with the following code:

You may be wondering about password security, specifically salting/hashing the password. Fortunately, the passport-local-mongoose package automatically takes care of salting and hashing the password for us. More on this further down.

### Sanity Check

Again, test the app:

Make sure you still see the same “Welcome to Express” text.

Within the “routes” folder, add the following code to the index.js file:

## Test

Fire up the server. Navigate to http://localhost:3000/ping. Make sure you do not get any errors and that you see the word “pong!”.

Update:

Update:

## Test Redux

Fire up the server and test! Register, and then login.

Remember how I said that we’d look at salting and hashing a password again? Well, let’s check our Mongo database to ensure that it’s working.

When I tested the user registration, I used “michael” for both my username and password.

Let’s see what this looks like in the database:

So, you can see that we have a document with five keys:

• username is as we expected - “michael”
• _id pertains to the unique id associated with that document.
• __v is the version # for that specific documents.
• Finally, instead of a password key we have both a salt and a hash key. For more on how these are generated, please refer to the passport-local-mongoose documentation.

## Unit/Integration tests

First, update the scripts object in package.json:

Now add a Makefile to the root and include the following code:

Take note of the spacing on the second line. This must be a tab or you will see an error.

Create a new folder called “test”, and then run make test from the command line. If all is well, you should see - 0 passing (1ms). Now we just need to add some tests…

Add a new file called test.user.js to the “test folder:

Now run make tests. You should see that it passed - 1 passing (43ms).

## Error handling

Right now we have some poorly handled errors that are confusing to the end user. For example, try to register a name that already exists, or login with a username that doesn’t exist. This can and should be handled better.

First, update the /register route so an error is thrown:

Then add the following code to the layout.jade template, just below the body tag:

Test this out.

## Conclusion

That’s it. Grab the code from the repository. Cheers!