Passport JS passport http 401

I am trying to protect my js rest api sails with the passport of the http package, but at the moment I can not understand where the error is in my code. I used this repo and this tutorial to get an idea of ​​how this should work. My problem is that my code always returns 401. I do not know where to look for the error. If you need more information about my code, just comment. Bruno

EDIT: I found the source of the problem (using @Viktor). I just did not understand how HTTP-Basic authentication works. Now the problem is, how can I send my credentials and my data? If I just test routes using auth (...), they work ... But how can I add data? Or do I need to authenticate me first and send the data to the second request?

passport.js

var passport = require('passport');
var BasicStrategy = require('passport-http').BasicStrategy;
var bcrypt = require('bcrypt');

passport.serializeUser(function(user, done) {
  done(null, user.id);
});

passport.deserializeUser(function(id, done) {
  User.findOne({
    id: id
  }, function(err, user) {
    done(err, user);
  });
});

passport.use('user-authentication', new BasicStrategy(
  function(mail, password, done) {
    sails.log.error("hallo");
    User.findOne({
      mail: mail
    }, function(err, user) {
      if (err) {
        return done(err);
      }

      if (!user) {
        return done(null, false, {
          message: 'Incorrect email.'
        });
      }

      // Make sure the password is correct
      bcrypt.compare(password, user.password, function(err, isMatch) {
        if (err) {
          return done(err);
        }

        // Password did not match
        if (!isMatch) {
          return done(null, false, {
            message: 'Invalid Password'
          });
        }

        // Success
        return done(null, user);
      });
    });
  }
));

isAuthenticated.js

var passport = require("passport");


module.exports = function (req, res, ok) {
    passport.authenticate("user-authentication", {
        session: false
    }, function (err, user, info) {
        if (err || !user) {
            res.set("WWW-Authenticate", "Basic realm=\"Restricted\"");

            return res.send("You are not permitted to perform this action", 401);
        }

        req.session.user = user;
        return ok(null, user);

    })(req, res, ok);
};

policies.js

module.exports.policies = {
  '*': true,

  'UserController': {
    update: 'isAuthenticated'
  }
}

UserController.test.js

var request = require('supertest');
var async = require('async');

describe('UserController', function() {

  describe('#new()', function() {
    it('...', function (done) {
      request(sails.hooks.http.app)
      .post('/user/new')
      .send({ own_number: '654122', password: 'test', mail: 'test@test.com', device_id: '1234', numbers: [1234567] })
      .expect(200)
      .end(done);
    });
  });

  describe('#update()', function(){
    it('...', function (done) {
      async.series([

        function(callback){
          request(sails.hooks.http.app)
          .post('/contact/update')
          .send({ number: 1234, mail: "test@test.com", password: "test" })
          .expect(200)
          .end(callback);
        },

        function(callback){
          request(sails.hooks.http.app)
          .post('/user/update')
          .send({ numbers: [1234], mail: "tet@test.com", password: "test" })
          .expect(200)
          .end(callback);
        }
      ], done);
    });
  });

});