Beginning Node.js – local authentication with Passport-Local Mongoose – part 6

Disclaimer: This is a series about me, creating a web application in Node.js. The completed example is available here.

I have a deep respect for all those developers out there that write fantastic modules I can use in my projects. One little gem is passport-local-mongoose. I’ve written about it before but as you see I’m doing it again.

What is passport-local-mongoose?

You can plug-in passport-local-mongoose into your Mongoose Userschema. This decorates the User object with a set of methods. E.g.

  • authenticate
  • register
  • setPassword
  • serialize
  • deserialize

It also hashes the passwords. This saves a lot of work.

What we should work on

  • Users should be able to register
  • Users should be able to authenticate
  • Users should be able to change their password
  • Users should be able to change their e-mail address
  • There should be a ‘forgot password’ procedure
  • Users should be able to delete their accounts

This article covers only ‘register’ and ‘authenticate’. You can go ahead and clone the restaurant github repo for a full example.

To add local authentication to your app you’ll need to run:

When we’re done, this should be the file structure of the app:
├── app
│   ├──
│   ├── controller.user.js
│   ├──
│   ├── model.user.js
│   ├──
│   └── routes.user.js
├── main.js
├── node_modules
│   ├── body-parser
│   ├── cookie-parser
│   ├── express
│   ├── express-session
│   ├── mongoose
│   ├── passport
│   ├── passport-local
│   └── passport-local-mongoose
├── package.json
└── public
├── index.html
└── index.html~

Create the User model

This is the minimum. By plugging in passport-local-mongoose into your user model you’ll get a username and a password property for free. And a whole lot of methods nonetheless, as we will see later.

Create a file named model.user.js and put it in the app folder:

Of course, you may add your own properties to the model:

Now let’s hook up Passport in our app.


Let’s create a user controller which contains the register, the login and the getLogin functions (to check if a user has logged in).
Create a file named controller.user.js and put it in the app folder:

What happens?
1. User.authenticate and User.register:
The User.authenticate and User.register are functions we get from passport-local-mongoose. I just took this code as an example.

2. Check if a user is logged in with ‘if(req.user)’
If a user is logged in, the req.user property is populated with the user object.
So if it exists, the user is logged in.


Add this file to main.js, like so:

This will be your completed main.js:

Let’s try this

Install Postman or another REST API test tool.

  • Don’t forget to configure the headers: Content-Type application/json

First, let’s register a user (click POST):


Second, let’s login:


Check the login status:


The end of this series

This is where this series end. I hope anyone will enjoy this and at least learns something from my struggles. I know I did!
Your feedback is more than welcome by the way.

Beginning Node.js – REST API with a Mongodb backend – part 3

This is the sequel to this article. I’m building a REST API from the ground up with Node.js and Express.js 4. I’m adding functionality as I go. I’m starting with Node.js, then I’m adding Express and now I’m adding Mongoose. In the next articles I will be adding Passport.js for authentication and start building a frontend, either with Angular of Ember.

Things have changed slightly since my former series, see here. That’s because Express.js version 3 has evolved to version 4. The main difference between version 3 and 4 is that version 3 contains middleware (JSON parsers, session support and so on). In version 4 you need to add the middleware yourself. That means installing body-parser, session and so on with NPM.

In my former article we used a JSON string with data. Now let’s use a real data backend: MongoDb. Mongoose is an ORM for MongoDb for Node.js, so let’s add the module to the project:

We also need to install the body-parser, which parses JSON bodies for Express.

Next, copy all of this to your main.js file:

Now run it with the following command:

What happened?

Let’s dissect the code from the previous paragraph:

We added and instantiated the prerequisites and connected to our MongodB instance

We create a Schema for our Food class:

And then we are ready to define our CRUD methods, e.g.

Using the API with Curl

You can add a menu item with the following command:

Issue a get: