I am using express with cookie-parser and trying to save cookies using cookie parser and I am only able to save them in app.get but not in app.post.
The cookiess are able to be saved here:
router.get('/login', function(req,res){
res.sendFile('/Users/samkirkiles/Desktop/AWSDemo/views/login.html');
//**** These cookies do save
res.cookie('username',"username")
res.cookie('password',"password")
//****
});
When I try to call the same code res.cookie('username',"uesrname") in router.post, everything runs but the cookies are not saved.
router.post('/login', function(req,res,next){
var mysql = require('mysql')
var connection = mysql.createConnection({
host : 'localhost',
user : 'root',
password : 'password',
database : 'users'
});
var username = req.body.username
var password = req.body.password
connection.query('SELECT username,password FROM accounts WHERE username=? AND password=?;', [username,password], function (error, results, fields) {
if (error) throw error;
if(results.length >= 1){
console.log("Login successful with given username to VerifyUserLoggedIn: " + username)
// ***** These cookies do not save
res.cookie('username',username)
res.cookie('password',password)
//***********
}else{
console.log("Login unsuccessful with given username to VerifyUserLoggedIn: " + username)
}
});
});
Does anyone know why the cookies would not be saved in router.post but they would be saved in router.get?
Related
I am very new to web development, and have been using Google as a guide.
If I put a wrong login that does not match what I have in my database, the website just gets stuck and keeps trying to “load”. I also am confused on how to do token-based authentication for login and would love some more guidance on that, the guide I am following talks about database encryption and OAuth 2.0 with Google.
If the user logs in with a username and password that is not correct, I just want it to give an error and reload back to login.ejs.
Thank you for any help!
The issue might be you are not returning anything when foundUser is null or if the password doesn’t match.
If there is any error you can redirect it to the /login route with query param (err) which can be read by the client using JS at page load. If there is a nonempty query param err then read it and show it in some popup.
res.redirect("/login?err=The username does not exist");
//connect to mongodb
mongoose.connect("mongodb://localhost:27017/userDB", {
useNewUrlParser: true
});
const userSchema = {
username: String,
password: String
};
const User = new mongoose.model("User", userSchema);
app.get("/", function(req, res) {
res.render("home"); //render home.ejs
});
app.get("/login", function(req, res) {
res.render("login"); //render login.ejs
});
app.post("/login", function(req, res) {
const username = req.body.username;
const password = req.body.password;
try {
User.findOne({
username: username
}, function(err, foundUser) {
if (err || !foundUser) {
return res.redirect("/login?err=The username does not exist");
}
if (foundUser.password !== password) {
// you can use bcryptjs for hashing and comparing hashed values.
return res.redirect("/login?err=The username or password is invalid");
}
res.redirect("/counter");
});
} catch (error) {
res.redirect("/login?err=something went wrong!");
}
});
You can read more about handling authentication in nodeJS here. also check passportjs
Having an awful time trying to compare passwords using bcryptjs so I can sign a JWT but trying to login I can't compare to sign the token and send to the client.
Problem
I can hash a password and store into the DB, where I'm having issues is using the .compare() method and passing in the hash parameter. I'm not quite sure what to pass in as the hash value.
Technology:
NodeJS: 5.4.1
bcryptjs: 2.3.0
express: 4.14.0
body-parser: 1.15.2
MongoDB: 3.2.5
mongoose: 4.6.1
user.routes.js
var express = require('express');
var router = express.Router();
var jwt = require('jsonwebtoken');
var bcrypt = require('bcryptjs');
var salt = bcrypt.genSaltSync(10);
var config = require('../config/database');
User = require('../models/user.model.js');
// Create new User
router.post('/', function(req, res){
var user = req.body;
if(!req.body.email || !req.body.password){
res.json({success: false, message: 'Please pass email and password'});
} else {
User.addUser(user, function(err, user){
if(err){
res.send(err);
}
bcrypt.genSalt(10, function(err, salt){
bcrypt.hash(user.password, salt, function(err,hash){
user.password = hash;
user.save();
console.log('new user', user);
res.json({success: true, message: 'Create user successful'});
})
})
});
}
});
Getting errors during password compare:
// Authenticate a User
//email: test#test.com
//password: password
router.post('/login', function(req, res){
User.findOne({ email: req.body.email }, function (err, user){
if (err){
res.send(err);
}
if(!user){
res.json({ success: false, message: 'Authentication failed. User not found'});
} else if (user) {
// where does this hash value get defined and passed in?
bcrypt.compare(req.body.password, hash, function(err, res){
if(user.password != req.body.password){
console.log('password incorrect');
//res.json({ success: false, message: 'Authentication failed. Password incorrect'});
} else {
var token = jwt.sign({
email: user.email
}, config.secret, {
expiresIn: 60 // expressed in seconds
});
console.log('token contents', token);
res.json({
success: true,
message: 'Enjoy your token!',
token: token
});
}
});
}
});
});
The hash value that you have to pass to the compare method is the one you got when you called bcrypt.hash method. I suppose you saved that hash associated to the user in some DB, so you have to get that hash and pass it to compare method as second parameter.
I think you are doing wrong the comparison in the callback of the compare method. You shouldn't compare passwords, the compare method does that for you. You just have to check if res is true or false. If it is true, then passwords are the same, other case they are different.
If you have more doubts about the implementation in this article you have a very simple example about that:
https://solidgeargroup.com/password-nodejs-mongodb-bcrypt?lang=es
It is written with promises, but it's very easy to understand.
I have a basic login form and want to authenticate whether a user's email exists in the db, but am not sure of the syntax for angular + node.
Main.js I have a ng-click on the submit button which runs this function. I get the email from the input and somehow need to pass this on to check the db?
$scope.logIn = function() {
var email = $scope.formInfo.email;
$http.get('/findUser').success(function(response){
console.log('find user data');
console.log(response);
});
};
Server.js I have the connection to the db but am unsure of how to make the connection with the client and backend data or what the syntax is
app.get('/findUser', function(req, res){
//what do I do here?
db.rejoin_your_ex.find({ email: 'the user's email' }, function(err, docs){
res.json(docs);
});
});
Client Side
$scope.logIn = function() {
var email = $scope.formInfo.email;
$http({
url: '/findUser',
method: "GET",
params: {"email": email}
}).success(function(response){
console.log('find user data');
console.log(response);
});
};
Server Side
At backend, you can use Mongoskin module for mongodb specific queries.
var mongo = require('mongoskin');
var db = mongo.db("mongodb://localhost:27017/test");
db.bind('user');
app.get('/findUser', function(req, res){
//what do I do here?
db.user.find({ email: req.params.email }, function(err, user){
res.json(user);
});
});
Hope it helps you.
I have a node js/express.js server and I am attempting to create a login function for my website using passport.js. I am NOT using MongoDB to store user info. Instead, I want to use my own AmazonAWS RDS MySQL instance as my database. This means I cannot use Mongoose.
As a result, I need to query for users without Mongoose to verify their credentials in Passport.js. My RDS instance has a table called Users that contains users with just the userName and password. Each record (user) in the table is also assigned its own unique usersObjectID number. I am attempting to query the users based on the user-name that the end-user will input into the login form and matching that user-name with a record in the table.
This is my server-side code:
var connection = mysql.createConnection(
{
//database connection info
}
connection.connect(function(error)
{
if(error)
{
console.log('MySQL error: '+error);
}
else
{
console.log('Successfully connected to MySQL database');
}
});
passport.use(new LocalStrat({
usernameField: 'username',
passwordField: 'password'
},
function(username, password, done) {
//query user from DB
var usersObjectID = -1;
var tableLength = connection.query("select count(*) from Users");
console.log("this is the length of the table: "+tableLength);
for(var i = 0; i < tableLength; i++)
{
if(connection.query("select userName from Users where Users.usersObjectID = '"+i+"'") == username)
{
console.log(connection.query("select userName from Users where Users.usersObjectID = '"+i+"'"));
usersObjectID = i;
}
}
if(usersObjectID == -1)
{
//user not found
return done(null, false, {message: "The user is not exist"});
console.log("user does not exist");
}
else if(usersObjectID != -1 && connection.query("select userName from Users where Users.usersObjectID = '"+usersObjectID+"'") != connection.query("select password from Users where Users.usersObjectID = '"+usersObjectID+"'"))
{
// if password does not match
return done(null, false, {message: "Wrong password"});
console.log("password incorrect");
}
else
{
// if everything is OK, return null as the error
// and the authenticated user
return done(null, user);
console.log("successfully logged in");
}
}
));
This is my post method:
app.post('/login', function (req, res, next) {
var uname = req.body.username;
var pass = req.body.password;
var rem = req.body.remember_me;
console.log(uname+", "+pass+", "+rem);
// ask passport to authenticate
passport.authenticate('local', function(err, user, info) {
if (err) {
// if error happens
return next(err);
console.log("err");
}
if (!user) {
return res.redirect('/login');
console.log("!user");
}
// if everything's OK
req.logIn(user, function(err) {
if (err) {
return next(err);
}
console.log("ok");
return res.redirect('/');
});
})(req, res, next);
});
Here are my questions:
When I query
var tableLength = connection.query("select count(*) from QCBIMS.Users");
console.log("this is the length of the table: "+tableLength);
I get this result:
this is the length of the table: [object Object]
Why?
Would this be a good way to go about using an RDS instance for my user info and login function?
Encountered the same problem and solved it using the FF steps:
Use alias in the SELECT STATEMENT, like: "SELECT COUNT(*) AS total from QCBIMS.Users" Note: Using alias will make it easier to find it later
Select the first [key:value] pair from list & stringify as JSON: let resultStr=JSON.stringify(tableLength[0]) Note: I Used 'tableLength' from the query above. After stringify, result can be like
this: [{"total":"1541"}]
parse result as JSON: let itemPair = JSON.parse(resultStr)
get value using the 'alias' from SQL query: let value = itemPair[0].total
IF YOU WANNA SEE THE CONTENT OF THE [object Object], you can do this:
Object.keys(queryResult).forEach(function (key) {
console.log(JSON.stringify(queryResult[key]));
});
Why not use the query following way
connection.query('select count(*) as total from Users',function(err,rows){
var tableLength = rows[0];
// do the other stuff here
});
try
const count = rows.item(0)["count(*)"];
I want to have login/register function in my expressJS API.
So now im just inserting password and email into my database, i want this function to first check if user with this email is already in database - if yes, send response that user is logged.
If not, just insert him to database.
Is it possible to handle some errors in here?
I already have it:
exports.login = function(req, res){
var email = req.body.email;
var pwd = req.body.pass;
db.collection('users', function(err, collection) {
collection.insert({login:email, password: pwd}, {safe:true}, function(err, result) {
res.send("OK");
});
});
};\
and dont know what's next.
You can first try to find the user in your database. Assuming email is unique;
exports.login = function(req, res){
var email = req.body.email;
var pwd = req.body.pass;
db.collection('users', function(err, collection) {
if (err) return res.send(500, err);
collection.findOne({login:email}, function(err, user) {
// we found a user so respond back accordingly
if (user) return res.send('user logged in');
collection.insert({login:email, password: pwd}, {safe:true}, function(err, result) {
if (err) return res.send(500, err);
res.send("OK");
});
});
});
};
notice the return's before the res.send calls when handling errors.