MongoDB Authentication

1.

MongoDB
Authentication
Vadym Makhonin
March 2018
CONFIDENTIAL
1

2.

AGENDA OF THE LECTURE
• SQL vs NoSQL
• MongoDB
• Mongoose
• Authentication
• Passport.js
CONFIDENTIAL
2

3.

SQL VS
NOSQL
CONFIDENTIAL
3

4.

RELATIONAL DATABASE PROBLEMS
• Scalability
• Flexibility
NoSQL databases solve these problems
CONFIDENTIAL
4

5.

NOSQL DATABASE PROBLEMS
• No join
• No data integrity
• No transaction
CONFIDENTIAL
5

6.

WHERE SQL IS IDEAL
• logical related discrete data requirements
which can be identified up-front
• data integrity is essential
• standards-based proven technology with
good developer experience and support
CONFIDENTIAL
6

7.

WHERE NOSQL IS IDEAL
• unrelated, indeterminate or evolving data
requirements
• simpler or looser project objectives, able
to start coding immediately
• speed and scalability is imperative
CONFIDENTIAL
7

8.

MONGODB
CONFIDENTIAL
8

9.

MONGODB
MongoDB is an open source, document-oriented
database designed with both scalability and
developer agility in mind.
CONFIDENTIAL
9

10.

MONGODB COMPRASION TO SQL
SQL
MongoDB
database
database
table
collection
row
document
CONFIDENTIAL
10

11.

MOGNODB CLI
DEMO
CONFIDENTIAL
11

12.

MONGODB CLI
• show dbs
• use <DB_NAME>
• show collections
• help / db.help() /db.collection.help()
CONFIDENTIAL
12

13.

MONGODB CLI CRUD
• db.collection.insert(document)
• db.collection.find(query, projection)
• db.collection.update(query, update, options)
• db.collection.remove(query, options)
CONFIDENTIAL
13

14.

MONGODB DRIVERS
An application communicates with MongoDB by
way of a client library, called a driver, that
handles all interaction with the database in a
language appropriate to the application.
npm install mongodb
CONFIDENTIAL
14

15.

MOGNODB NATIVE DRIVER
DEMO
CONFIDENTIAL
15

16.

ORM, ODM
ORM (Object-Relational Mapping), ODM (Object Document
Mapper) - programming technique for converting data
between incompatible type systems in databases and
object-oriented programming languages. This creates, in
effect, a "virtual object database" that can be used from
within the programming language.
ORM – for relational databases, ODM – for NoSQL
databases.
Most popular ORM in Node.js – Sequelize.
CONFIDENTIAL
16

17.

MONGOOSE
CONFIDENTIAL
17

18.

MONGOOSE
Mongoose provides a straight-forward, schema-based
solution to model your application data. It includes built-in
type casting, validation, query building, business logic
hooks and more, out of the box.
CONFIDENTIAL
18

19.

MONGOOSE
DEMO
CONFIDENTIAL
19

20.

MONGOOSE API
• mongoose.connect(url, options)
• mongoose.Promise
• mongoose.Schema
• mongoose.model(name, schema)
• mongoose.plugin(func, options)
CONFIDENTIAL
20

21.

SCHEMA API
const schema = new Schema(definition, options)
• schema.methods
• schema.statics
• schema.virtual(name, options)
• schema.pre/post(method, callback)
• schema.plugin(func, options)
CONFIDENTIAL
21

22.

SCHEMA DEFINITION
• type
String
Number/Date
• required
• lowercase
• min
• default
• uppercase
• max
• unique
• trim
• validate
• match
• enum
CONFIDENTIAL
22

23.

AUTHENTICATION
CONFIDENTIAL
23

24.

AUTHENTICATION
• Authentication - is the process of actually
confirming truth identity.
• Authorization - is the function of specifying
access rights to resources related to information
security and computer security in general and to
access control in particular.
CONFIDENTIAL
24

25.

AUTHENTICATION METHODS
• HTTP
• Forms
• One-Time Password(two-factor authentication)
• API key
• Token-based
CONFIDENTIAL
25

26.

HOW TOKEN BASED WORKS
• User Requests Access with Username / Password
• Application validates credentials
• Application provides a signed token to the client
• Client stores that token and sends it along with
every request
• Server verifies token and responds with data
CONFIDENTIAL
26

27.

TOKEN-BASED AUTHENTICATION
Token formats:
Standards:
• SWT
• OAuth
• JWT
• OpenID Connect
• SAML
• SAML
• WS-Federation
CONFIDENTIAL
27

28.

PASSPORT.JS
CONFIDENTIAL
28

29.

PASSPORT
Passport is Express-compatible authentication
middleware for Node.js.
Passport's sole purpose is to authenticate requests,
which it does through an extensible set of plugins
known as strategies. The API is simple: you provide
Passport a request to authenticate, and Passport
provides hooks for controlling what occurs when
authentication succeeds or fails.
CONFIDENTIAL
29

30.

PASSPORT MAIN CONCEPTS
• Strategies
• Sessions
• Middleware
CONFIDENTIAL
30

31.

PASSPORT API
• passport.initialize / session()
• passport.use()
• passport.serializeUser / deserializeUser()
• passport.authenticate()
• req.login / logout()
CONFIDENTIAL
31

32.

PASSPORT.JS
DEMO
CONFIDENTIAL
32

33.

THANK YOU!
CONFIDENTIAL
33