Installations

npm install passport-remember-me

Pull Requests

Open

10

Total

17

Closed

7

Issues

Open

14

Total

18

Closed

4

Releases

Unable to fetch releases

Developer

jaredhanson

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>= 0.4.0

Typescript Support

No

Node Version

NPM Version

1.1.62 Statistics

219 Stars

9 Commits

101 Forks

11 Watching

1 Branches

1 Contributors

Updated on 18 Oct 2024

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

741,824

Last day

-13.7%

151

Compared to previous day

Last week

12.5%

849

Compared to previous week

Last month

-9.7%

3,644

Compared to previous month

Last year

-33.1%

49,097

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

2

pkginfo passport

Dev Dependencies

2

mocha chai

Versions

Passport-Remember Me

Passport strategy for authenticating based on a remember me cookie.

This module lets you authenticate using a remember me cookie (aka persistent login) in your Node.js applications. By plugging into Passport, remember me authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-remember-me

Usage

Configure Strategy

The remember me authentication strategy authenticates users using a token stored in a remember me cookie. The strategy requires a verify callback, which consumes the token and calls done providing a user.

The strategy also requires an issue callback, which issues a new token. For security reasons, remember me tokens should be invalidated after being used. The issue callback supplies a new token that will be stored in the cookie for next use.

passport.use(new RememberMeStrategy(
  function(token, done) {
    Token.consume(token, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      return done(null, user);
    });
  },
  function(user, done) {
    var token = utils.generateToken(64);
    Token.save(token, { userId: user.id }, function(err) {
      if (err) { return done(err); }
      return done(null, token);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'remember-me' strategy, to authenticate requests.

This is typically used in an application's middleware stack, to log the user back in the next time they visit any page on your site. For example:

app.configure(function() {
  app.use(express.cookieParser());
  app.use(express.bodyParser());
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(passport.authenticate('remember-me'));
  app.use(app.router);
});

Note that passport.session() should be mounted above remember-me authentication, so that tokens aren't exchanged for currently active login sessions.

Setting the Remember Me Cookie

If the user enables "remember me" mode, an initial cookie should be set when they login.

app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
  function(req, res, next) {
    // issue a remember me cookie if the option was checked
    if (!req.body.remember_me) { return next(); }

    var token = utils.generateToken(64);
    Token.save(token, { userId: req.user.id }, function(err) {
      if (err) { return done(err); }
      res.cookie('remember_me', token, { path: '/', httpOnly: true, maxAge: 604800000 }); // 7 days
      return next();
    });
  },
  function(req, res) {
    res.redirect('/');
  });

Security Considerations

If not managed correctly, using a "remember me" cookie for automatic authentication increases a service's exposure to potential security threats. There are a number of techniques to reduce and mitigate these threats, and it is a matter of application-level policy to asses the level of risk and implement appropriate counter measures.

The following list is recommended reading for understanding these risks:

Examples

For a complete, working example, refer to the login example.

Tests

$ npm install
$ make test

Credits

Jared Hanson

License

The MIT License

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

SAST

Determines if the project uses static code analysis.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

3

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More