I have a basic login form and want to authenticate whether a user's email exists in the db, but am not sure of the syntax for angular + node.
Main.js I have a ng-click on the submit button which runs this function. I get the email from the input and somehow need to pass this on to check the db?
$scope.logIn = function() {
var email = $scope.formInfo.email;
$http.get('/findUser').success(function(response){
console.log('find user data');
console.log(response);
});
};
Server.js I have the connection to the db but am unsure of how to make the connection with the client and backend data or what the syntax is
app.get('/findUser', function(req, res){
//what do I do here?
db.rejoin_your_ex.find({ email: 'the user's email' }, function(err, docs){
res.json(docs);
});
});
Client Side
$scope.logIn = function() {
var email = $scope.formInfo.email;
$http({
url: '/findUser',
method: "GET",
params: {"email": email}
}).success(function(response){
console.log('find user data');
console.log(response);
});
};
Server Side
At backend, you can use Mongoskin module for mongodb specific queries.
var mongo = require('mongoskin');
var db = mongo.db("mongodb://localhost:27017/test");
db.bind('user');
app.get('/findUser', function(req, res){
//what do I do here?
db.user.find({ email: req.params.email }, function(err, user){
res.json(user);
});
});
Hope it helps you.
Related
I am very new to web development, and have been using Google as a guide.
If I put a wrong login that does not match what I have in my database, the website just gets stuck and keeps trying to “load”. I also am confused on how to do token-based authentication for login and would love some more guidance on that, the guide I am following talks about database encryption and OAuth 2.0 with Google.
If the user logs in with a username and password that is not correct, I just want it to give an error and reload back to login.ejs.
Thank you for any help!
The issue might be you are not returning anything when foundUser is null or if the password doesn’t match.
If there is any error you can redirect it to the /login route with query param (err) which can be read by the client using JS at page load. If there is a nonempty query param err then read it and show it in some popup.
res.redirect("/login?err=The username does not exist");
//connect to mongodb
mongoose.connect("mongodb://localhost:27017/userDB", {
useNewUrlParser: true
});
const userSchema = {
username: String,
password: String
};
const User = new mongoose.model("User", userSchema);
app.get("/", function(req, res) {
res.render("home"); //render home.ejs
});
app.get("/login", function(req, res) {
res.render("login"); //render login.ejs
});
app.post("/login", function(req, res) {
const username = req.body.username;
const password = req.body.password;
try {
User.findOne({
username: username
}, function(err, foundUser) {
if (err || !foundUser) {
return res.redirect("/login?err=The username does not exist");
}
if (foundUser.password !== password) {
// you can use bcryptjs for hashing and comparing hashed values.
return res.redirect("/login?err=The username or password is invalid");
}
res.redirect("/counter");
});
} catch (error) {
res.redirect("/login?err=something went wrong!");
}
});
You can read more about handling authentication in nodeJS here. also check passportjs
I am using express with cookie-parser and trying to save cookies using cookie parser and I am only able to save them in app.get but not in app.post.
The cookiess are able to be saved here:
router.get('/login', function(req,res){
res.sendFile('/Users/samkirkiles/Desktop/AWSDemo/views/login.html');
//**** These cookies do save
res.cookie('username',"username")
res.cookie('password',"password")
//****
});
When I try to call the same code res.cookie('username',"uesrname") in router.post, everything runs but the cookies are not saved.
router.post('/login', function(req,res,next){
var mysql = require('mysql')
var connection = mysql.createConnection({
host : 'localhost',
user : 'root',
password : 'password',
database : 'users'
});
var username = req.body.username
var password = req.body.password
connection.query('SELECT username,password FROM accounts WHERE username=? AND password=?;', [username,password], function (error, results, fields) {
if (error) throw error;
if(results.length >= 1){
console.log("Login successful with given username to VerifyUserLoggedIn: " + username)
// ***** These cookies do not save
res.cookie('username',username)
res.cookie('password',password)
//***********
}else{
console.log("Login unsuccessful with given username to VerifyUserLoggedIn: " + username)
}
});
});
Does anyone know why the cookies would not be saved in router.post but they would be saved in router.get?
Having an awful time trying to compare passwords using bcryptjs so I can sign a JWT but trying to login I can't compare to sign the token and send to the client.
Problem
I can hash a password and store into the DB, where I'm having issues is using the .compare() method and passing in the hash parameter. I'm not quite sure what to pass in as the hash value.
Technology:
NodeJS: 5.4.1
bcryptjs: 2.3.0
express: 4.14.0
body-parser: 1.15.2
MongoDB: 3.2.5
mongoose: 4.6.1
user.routes.js
var express = require('express');
var router = express.Router();
var jwt = require('jsonwebtoken');
var bcrypt = require('bcryptjs');
var salt = bcrypt.genSaltSync(10);
var config = require('../config/database');
User = require('../models/user.model.js');
// Create new User
router.post('/', function(req, res){
var user = req.body;
if(!req.body.email || !req.body.password){
res.json({success: false, message: 'Please pass email and password'});
} else {
User.addUser(user, function(err, user){
if(err){
res.send(err);
}
bcrypt.genSalt(10, function(err, salt){
bcrypt.hash(user.password, salt, function(err,hash){
user.password = hash;
user.save();
console.log('new user', user);
res.json({success: true, message: 'Create user successful'});
})
})
});
}
});
Getting errors during password compare:
// Authenticate a User
//email: test#test.com
//password: password
router.post('/login', function(req, res){
User.findOne({ email: req.body.email }, function (err, user){
if (err){
res.send(err);
}
if(!user){
res.json({ success: false, message: 'Authentication failed. User not found'});
} else if (user) {
// where does this hash value get defined and passed in?
bcrypt.compare(req.body.password, hash, function(err, res){
if(user.password != req.body.password){
console.log('password incorrect');
//res.json({ success: false, message: 'Authentication failed. Password incorrect'});
} else {
var token = jwt.sign({
email: user.email
}, config.secret, {
expiresIn: 60 // expressed in seconds
});
console.log('token contents', token);
res.json({
success: true,
message: 'Enjoy your token!',
token: token
});
}
});
}
});
});
The hash value that you have to pass to the compare method is the one you got when you called bcrypt.hash method. I suppose you saved that hash associated to the user in some DB, so you have to get that hash and pass it to compare method as second parameter.
I think you are doing wrong the comparison in the callback of the compare method. You shouldn't compare passwords, the compare method does that for you. You just have to check if res is true or false. If it is true, then passwords are the same, other case they are different.
If you have more doubts about the implementation in this article you have a very simple example about that:
https://solidgeargroup.com/password-nodejs-mongodb-bcrypt?lang=es
It is written with promises, but it's very easy to understand.
I'm making a simple webapp with facebook login.
If the facebook login button on my page is clicked,
FB.api(
'/me',
'GET',
{"fields":"id,name,birthday,gender"},
function(response) {
$.post('fb_login', response, "json");
}
);
is called, and a router handles '/fb_login' request; in the router the server checks the id of json object is already in its DB. If not, res.render('signup', ...) should be called.
However it didn't work. I already checked that res.render() was called, but the page 'signup.jade' didn't show up.
Here is my source code of router.
var express = require('express');
var router = express.Router();
var mysql = require('mysql');
var pool = mysql.createPool({
host: 'localhost',
user: 'root',
password: '1012'
});
/* GET home page. */
router.post('/', function(req, res, next) {
var userid = req.body.id;
if (userid) {
pool.getConnection(function(err, connection) {
if (err) {
console.error('DB Connection error!!');
return;
}
console.log('DB Connection Success!!');
connection.query('use vasket');
connection.query('select count(*) result from user where userID=?',
[userid], function(err, result, field) {
var isAlreadyUser = result[0].result;
console.log(isAlreadyUser);
if (isAlreadyUser == 1) {
req.session.userid = userid;
res.redirect('/');
res.end();
console.log('DB FB Login Success!!');
connection.release();
}
else {
connection.release();
console.log('FIRST TIME!');
//This method was called, but the page rendered didn't
res.render('signup', {id: req.body.id, name: req.body.name, birthday: req.body.birthday, gender: req.body.gender});
}
});
});
} else {
res.redirect('/');
res.end();
}
How can I fix it?
To help debugging maybe you can modify your code like that :
// ... your code before
else {
connection.release();
console.log('FIRST TIME!');
console.log(req.body);
//This method was called, but the page rendered didn't
res.render(
'signup',
{
id : req.body.id,
name : req.body.name,
birthday: req.body.birthday,
gender : req.body.gender
} ,
function(err, html){
if(err) console.log(err);
console.log(html);
//res.send(html);
// trying same but forcing status
res.status(200).send(html);
}
);
}
});
});
} else {
res.redirect('/');
res.end();
}
This is an older question, but it's still in need of a solid answer. I had the exact same problem, but I think I've figured it out.
If the server's returning the proper response, that's not where your problem lies. jQuery (in the browser) will render the response, but you have to tell it to do so.
Here's what I had that was responding properly but not rendering:
$("#getsome").click(function() {
$.get("/task/create");
});
And here's how I got it to render:
$("#getsome").click(function() {
$.get("/task/create", function( data ) {
document.write(data);
});
});
Note that you may not need to replace the entire DOM like I'm doing.
References:
Replacing the entire
DOM
jQuery.get
I want to have login/register function in my expressJS API.
So now im just inserting password and email into my database, i want this function to first check if user with this email is already in database - if yes, send response that user is logged.
If not, just insert him to database.
Is it possible to handle some errors in here?
I already have it:
exports.login = function(req, res){
var email = req.body.email;
var pwd = req.body.pass;
db.collection('users', function(err, collection) {
collection.insert({login:email, password: pwd}, {safe:true}, function(err, result) {
res.send("OK");
});
});
};\
and dont know what's next.
You can first try to find the user in your database. Assuming email is unique;
exports.login = function(req, res){
var email = req.body.email;
var pwd = req.body.pass;
db.collection('users', function(err, collection) {
if (err) return res.send(500, err);
collection.findOne({login:email}, function(err, user) {
// we found a user so respond back accordingly
if (user) return res.send('user logged in');
collection.insert({login:email, password: pwd}, {safe:true}, function(err, result) {
if (err) return res.send(500, err);
res.send("OK");
});
});
});
};
notice the return's before the res.send calls when handling errors.