I've looked at the documentation in passport.js and the passport-local strategy seems markedly incomplete.
If you have a populated base of Users who have their passwords in whatever form, then from that it's plain from the docs at http://passportjs.org/docs/username-password how to let people try to log in, get a useful failure message (and, from a usability perspective, nicely inform which one it was of a username or password that didn't match), and if they've given valid credentials, log in.
However, there is a sort of CRUD set of basic functionality surrounding username-password authentication. Often it is desired for people to be able to create their own accounts; also if they have forgotten their passwords, they should be able to request a "reset password" link and be able to get to the point of being able to log in without having a plaintext password emailed to them. All of this is a bit of a chore, but it is a base that needs to be covered like various applications need CRUD to be covered.
The documentation I've read about passport-local doesn't discuss this, and what I was looking for looked like a way with Mongoose to manually reinvent this quasi-CRUD side of username-password authentication. I don't know if this a limitation of passport-local or the docs.
If I want to have routine features for a public website with accounts that people can create for themselves, and I'm already using Express.js and (negotiably) Passport.js, what are my options?
Thanks,
If you're looking for a full CRUD user management system, you can't really beat something like Stormpath.
Using their express.js library instantly gives you a full CRUD system (with Node / Express / Restify / Loopback / Python / Django / Flask / etc...) libraries for managing / working with your users.
Here's their express.js library docs: https://docs.stormpath.com/nodejs/express/
Essentially, what they do is:
It's very feature complete, and well documented.
I'm the author of the above library, so I'm a bit biased, but it's honestly quite useful =)