Passport "Hello World" always fails

Question

I have the following:

import {Router} from 'express';
import passport from 'passport';
import {Strategy} from 'passport-local';
import pg from 'pg';
import {pgUri} from '../environment';

let loginRouter = Router();

passport.use(new Strategy((username, password, done) => done(null, true)));
//{
//    pg.connectAsync(pgUri)
//        .then(([client, release]) => {
//            return client.queryAsync('select * from users where "user" = $1::TEXT', [username])
//                .finally(release);
//        })
//        .tap(result => console.log(result.rows))
//        .then(result => done(null, true));
//}));

loginRouter.get('/', (request, response) => response.render('login'));
loginRouter.post('/', passport.authenticate('local', {successRedirect: '/',
                                                      failureRedirect: '/login'}));

export default loginRouter;

It's an express route file that defines the simplest possible authentication scheme. The above always redirects back to /login, indicating a failure.

What I've tried

• Changing failureRedirect to /loginFailed really redirects there. So the login does fail.
• Breakpoints and console.logs inside the function body do not get hit.
• Calling done with done(null, {foo: "bar"}) instead of true changes nothing.

Worth noting

• I'm using babel for ES6 support, but since this is the only part failing, and the breakpoints I can set (before passport.use) show expected values for all variables, I don't think that's the problem.
• The .get() route works as expected, displaying the form.

I have this in my bootstrap phase:

app.use(session({
    secret: "some-secret",
    resave: true,
    saveUninitialized: true
}));

app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser((user, done) => done(null, {foo: "bar"}));

passport.deserializeUser((user, done) => done(null, {foo: "bar"}));

Here's the form I'm using (directly copied from the passport example)

<form action="/login" method="post">
    <div>
        <label>Username:</label>
        <input type="text" name="username"/>
    </div>
    <div>
        <label>Password:</label>
        <input type="password" name="password"/>
    </div>
    <div>
        <input type="submit" value="Log In"/>
    </div>
</form>

I have no idea what went wrong here. Would appreciate any help.

Answer 1

You need to use something to parse the POST body.

Passport is designed to do literally one thing: authenticate requests. It delegates all other functionality—including parsing the POST body—to the application. They say this in their overview, but it's easy to underestimate the implications.

They come back to the topic in the Middleware section of their Configure page, so I recommend reading that.

I happen to use the body-parser module to handle this (read about it here).