tl;dr: I went on a search of Node.js/Express.js authentication tutorials. All of them were incomplete or made a security mistake in some way that can potentially hurt new users. This post explores some common authentication pitfalls, how to avoid them, and what to do to help yourself when your tutorials don’t help you anymore. I am still searching for a robust, all-in-one solution for authentication in Node/Express that rivals Rails’s Devise.
Update (Aug 7): RisingStack has reached out and no longer stores passwords in plaintext in their tutorial, opting to move to bcrypt in their example codes and tutorials.
... read the whole story at hackernoon.com.