Why doesn't {{user.username}} work in handlebars

Question

I need help using handlebars. I'm trying to insert an username into my index.hbs using {{user.username}}. The thing is that it shows me this:

Handlebars: Access has been denied to resolve the property "username" because it is not an "own property" of its parent.

const express = require('express');
const path = require('path');
const exphbs = require('express-handlebars');
const methodOverride = require('method-override');
const session = require('express-session');
const flash = require('connect-flash');
const passport = require('passport');

const app = express();
require('./database');
require('./config/passport');

//Configuracion
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'views'));

app.engine('.hbs', exphbs({
    defaultLayout: 'main',
    layoutsDir: path.join(app.get('views'), 'layouts'),
    partialsDir: path.join(app.get('views'), 'partials'),
    extname: '.hbs'    
}));

app.set('view engine', '.hbs');

//Middlewares
app.use(express.urlencoded({extended: false}));
app.use(methodOverride('_method'));
app.use(session({
    secret: 'clavesecreta',
    resave: true,
    saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());

app.use(flash());

//Variables
app.use((req, res, next) => {
    res.locals.success_msg = req.flash('success_msg');
    res.locals.error_msg = req.flash('error_msg');
    res.locals.error = req.flash('error');
    res.locals.user = req.user || null;
    next();
});

//Routes
app.use(require('./routes/index'));
app.use(require('./routes/videos'));
app.use(require('./routes/users'));

//Archivos estaticos
app.use(express.static(path.join(__dirname, 'public')));

//Iniciar server
app.listen(app.get('port'), () => {
    console.log('El servidor esta escuchando en el puerto', app.get('port'))
});

Here is where I get the user.username. I also insert my user.js model:

const mongoose = require('mongoose');
const { Schema } = mongoose;
const bcrypt = require('bcryptjs');

const UserSchema = new Schema({
    username: { type: String, required: true},
    email: { type: String, required: true},
    password: {type: String, required: true},
    date: {type: Date, default: Date.now}
});

UserSchema.methods.encryptPassword = async (password) => {
    const salt = await bcrypt.genSalt(10);
    const hash = bcrypt.hash(password, salt);
    return hash;
};

UserSchema.methods.matchPassword = async function (password){
    return await bcrypt.compare(password, this.password);
};

module.exports = mongoose.model('User', UserSchema)

Answer 1

I solved the problem by removing res.locals.user in app.js middleware, and moved it to the userAuthenticated function. And also add .toJSON() after req.user to serialized it.

Here's example code from my userAuthenticated function:

module.exports.userAuthenticated = function (req, res, next) {
    if (req.isAuthenticated()) {
        res.locals.user = req.user.toJSON() || null;
        return next();
    }
    res.redirect('/');
},