Passport local strategy and cURL

First, make curl save cookies when you log in with

curl --cookie-jar jarfile --data "username=admin&password=admin" http://localhost:3000/login

Read the stored cookies when accessing /test:

curl --cookie jarfile "http://localhost:3000/test"

Some modifications to the app itself were needed before it worked on my machine (Ubuntu 12.04) with Node.js v0.10.26 and Express 3.5.0. I generated a new Express app with express --sessions nodetest and edited the code in app.js to be as you see below. Once I had the dependencies installed I ran the app and it worked with the curl commands.

app.js

var express = require('express');var routes = require('./routes');var user = require('./routes/user');var http = require('http');var path = require('path');var passport = require('passport');var LocalStrategy = require('passport-local').Strategy;var app = express();// Define the strategy to be used by PassportJSpassport.use(new LocalStrategy(    function(username, password, done) {        if (username === "admin" && password === "admin") // stupid example            return done(null, {name: "admin"});        return done(null, false, { message: 'Incorrect username.' });    }));// Serialized and deserialized methods when got from sessionpassport.serializeUser(function(user, done) {    done(null, user);});passport.deserializeUser(function(user, done) {    done(null, user);});// Define a middleware function to be used for every secured routesvar auth = function(req, res, next){    if (!req.isAuthenticated())        res.send(401);    else        next();};// all environmentsapp.set('port', process.env.PORT || 3000);app.set('views', path.join(__dirname, 'views'));app.set('view engine', 'ejs');app.use(express.favicon());app.use(express.logger('dev'));app.use(express.json());app.use(express.urlencoded());app.use(express.methodOverride());app.use(express.cookieParser('your secret here'));app.use(express.session());app.use(passport.initialize());app.use(passport.session());app.use(app.router);app.use(express.static(path.join(__dirname, 'public')));// development onlyif ('development' == app.get('env')) {    app.use(express.errorHandler());}app.get('/test', auth, function(req, res){    res.send([{name: "user1"}, {name: "user2"}]);});app.post('/login', passport.authenticate('local'), function(req, res) {    res.send(req.user);});http.createServer(app).listen(app.get('port'), function(){  console.log('Express server listening on port ' + app.get('port'));});

curl script

#!/bin/sh# curl-login.shrm jarfileecho --- logincurl --cookie-jar jarfile --data "username=admin&password=admin" http://localhost:3000/loginecho --- testcurl --cookie jarfile "http://localhost:3000/test"

Console log with curl output

$ node app &$ sh curl-login.sh--- loginPOST /login 200 2ms - 21b{  "name": "admin"}--- testGET /test 200 1ms - 60b[  {    "name": "user1"  },  {    "name": "user2"  }]

Note the use of

app.use(express.cookieParser('your secret here'));app.use(express.session());

in app.js. Sessions did not work without the above two lines.

The code in your question also lacks the part where you create an HTTP server but I assume that's just a copy-paste issue; I'm referring to

http.createServer(app).listen(app.get('port'), function(){  console.log('Express server listening on port ' + app.get('port'));});