Using node.js / expressjs / mongoose / mongoose-auth / everyauth. All versions are up to date.

I’m trying to use a database table to whitelist users by email address during development, but I want the primary method of auth to be facebook. I’m looking to have mongoose-auth only create the account if the facebook email is found in alpha_whitelist. This creates accounts as expected for addresses that are in the table, but it times out and crashes the server if the user is not in the whitelist.

findOrCreateUser:   function (sess, accessTok, accessTokExtra, fbUser) {
    var promise = this.Promise(),
        User = this.User()();
        // TODO Check user in session or request helper first
        // e.g., req.user or sess.auth.userId
        User.findOne({'fb.id': fbUser.id}, function (err, foundUser) {
            if(foundUser)
                return promise.fulfill(foundUser);
            alpha_whitelist.findOne(
                {email: fbUser.email},
                function(err,doc) {
                    if(doc) {
                        console.log("CREATING");
                        User.createWithFB(fbUser, accessTok, accessTokExtra.expires, function (err, createdUser) {
                            console.log(err,createdUser);
                            if (err) return promise.fail(err);
                            return promise.fulfill(createdUser);
                        });
                    } else {
                        console.log('Denied');
                        //not sure what to do here... i need to break the auth chain and redirect the user back to '/'
                    }
                });
        });
        return promise;
    }

It seems that no matter what I put there, it fails and crashes the server. I’m clearly missing something. Any help would be appreciated.