# Passwordless-MongoStore-bcrypt.js

This module provides token storage for [Passwordless](https://github.com/florianheinemann/passwordless), a node.js module for express that allows website authentication without password using verification through email or other means.

Tokens are stored in a MongoDB database and are hashed and salted using [bcrypt.js](https://github.com/dcodeIO/bcrypt.js). This is an alternative to the [bcrypt-node version](https://www.npmjs.org/package/passwordless-mongostore-bcrypt-node) as the `bcrypt-node` maintainers have discontinued maintenance and recommend `bcrypt.js` instead.

## Usage

First, install the module:

`$ npm install passwordless-mongostore-bcryptjs`

Afterwards, follow the guide for [Passwordless](https://github.com/florianheinemann/passwordless). A typical implementation may look like this:

```javascript
var passwordless = require('passwordless');
var MongoStore = require('passwordless-mongostore-bcryptjs');

var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(new MongoStore(mongoURI));

passwordless.addDelivery(
    function(tokenToSend, uidToSend, recipient, callback) {
        // Send out a token
    });

app.use(passwordless.sessionSupport());
app.use(passwordless.acceptToken());
```

## Initialization

```javascript
new MongoStore(uri, [options]);
```
* **uri:** *(string)* MongoDB URI as further described in the [MongoDB docs]( http://docs.mongodb.org/manual/reference/connection-string/)
* **[options]:** *(object)* Optional. This can include MongoClient options as described in the [docs]( http://mongodb.github.io/node-mongodb-native/api-generated/mongoclient.html#mongoclient-connect) and the ones described below combined in one object as shown in the example

Example:
```javascript
var mongoURI = 'mongodb://localhost/passwordless-simple-mail';
passwordless.init(new MongoStore(mongoURI, {
    server: {
        auto_reconnect: true
    },
    mongostore: {
        collection: 'token'
    }
}));
```

### Options
* **[mongostore.collection]:** *(string)* Optional. Name of the collection to be used. Default: 'passwordless-token'

Note that with v3 of Mongo, this is now the name of both the database and the collection that are created.

## Hash and salt
As the tokens are equivalent to passwords (even though they do have the security advantage of only being valid for a limited time) they have to be protected in the same way. passwordless-mongostore-crypt.js uses [bcrypt.js](https://github.com/dcodeIO/bcrypt.js) with automatically created random salts. To generate the salt 10 rounds are used.

## Tests

`$ npm test`

## License

[MIT License](http://opensource.org/licenses/MIT)

## Author

Florian Heinemann [@thesumofall](http://twitter.com/thesumofall/)  
Minor updates by [Hugh Rundle](https://www.hughrundle.net)
