Authenticating username and password fails - client session

Question

I am trying to adapt some code taken from:

https://github.com/expressjs/express/blob/master/examples/auth/index.js

and incorporate into a login form. The issue is that when running the code and selecting the login button the following is logged in the console:

POST /login
Authenticating undefined:foobar
Authentication failed, please check your  username and password. (use "tj" and "foobar")

I'm unsure as to why the user is being returned as undefined when I am inputting tj and foobar as the login and password.

HTML:

<div class="login">
      <form method="post" action="/login">
        <p><input type="text" name="login" value="" placeholder="Username"></p>
        <p><input type="password" name="password" value="" placeholder="Password"></p>
        <p class="remember_me">
          <label>
            <input type="checkbox" name="remember_me" id="remember_me">
            Remember me on this computer
          </label>
        </p>
        <p class="submit"><input type="submit" name="commit" value="Login"></p>
      </form>
</div>
<div class="login-help">
      <p>Forgot your password? <a href="/">Click here to reset it</a>.</p>
</div>

JS:

/**
 * Module dependencies.
 */
var express = require('express');
var hash = require('./pass').hash;
var bodyParser = require('body-parser');
var session = require('client-sessions');
var app = module.exports = express();

// dummy database
var users = {
  tj: { name: 'tj' }
};

// when you create a user, generate a salt
// and hash the password ('foobar' is the pass here)
hash('foobar', function (err, salt, hash){
  if (err) throw err;
  // store the salt & hash in the "db"
  users.tj.salt = salt;
  users.tj.hash = hash;
});

// check if user is logged in, if not redirect them to the index
function requireLogin (req, res, next) {
  if (!req.user) {
    res.redirect('/');
  } else {
    next();
  }
};

// Authenticate using our plain-object database
function authenticate(name, pass, fn) {
  if (!module.parent) console.log('Authenticating %s:%s', name, pass);
  var user = users[name];
  // query the db for the given username
  if (!user) return fn(new Error('cannot find user'));
  // apply the same algorithm to the POSTed password, applying
  // the hash against the pass / salt, if there is a match we
  // found the user
  hash(pass, user.salt, function(err, hash){
    if (err) return fn(err);
    if (hash == user.hash) return fn(null, user);
    fn(new Error('invalid password'));
  });
}

app.post('/login', function (req, res){
  console.log("POST /login")
  authenticate(req.body.username, req.body.password, function(err, user){
    if (user) {
      // Regenerate session when signing in
      // to prevent fixation
      req.session.regenerate(function(){
        // Store the user's primary key
        // in the session store to be retrieved,
        // or in this case the entire user object
        req.session.user = user;
        /*req.session.success = 'Authenticated as ' + user.name
          + ' click to <a href="/logout">logout</a>. '
          + ' You may now access <a href="/restricted">/restricted</a>.';*/
        res.redirect('/queryInterface.html');
      });
    } else {
      console.log('Authentication failed, please check your '
        + ' username and password.'
        + ' (use "tj" and "foobar")');
      res.redirect('/');
    }
  });
});

Answer 1

You are seeing the user as undefined because you are using req.body to access an undefined input field.

You are authenticating with req.body.username, but your input field has the name login.

req.body is populated with the names of your input fields. Your input should look like this when trying to access the username by req.body.username.

<input type="text" name="username" value="" placeholder="Username">