mongodb - How do I authenticate with Node.js + Mongoose? -


with following code i'm not able authenticate mongodb database, has users schema , users associated , wondering how make sure auth returned isauth?:

exports.auth = function(username, password, session) {     user.findone({username: username}, function(err, data) {         if (err) {             console.log(err);         }          var isauth = username === data['username'] & password === data['password'];           if (isauth) {              session.isauthenticated = isauth;              session.user = {username: username};          }           return isauth;     }); };

first of all, others have pointed out in comments, shouldn't implement own authentication logic if don't know you're doing. can use passport that.

now, code provided. there several problems here.

the first thing comes mind use:

var isauth = username === data['username'] & password === data['password'];

instead of:

var isauth = username === data['username'] && password === data['password'];

but typo. now, more fundamental stuff.

you cannot return isauth variable because going return to? if think returned caller of exports.auth you're wrong - exports.auth() return long before return isauth; ever run.

also, if yu check error if (err) put code should run in case of success in else block o otherwise run on error undefined variables may crash program.

you need either add additional argument function callback:

exports.auth = function(username, password, session, callback) {     user.findone({username: username}, function(err, data) {         if (err) {             console.log(err);             callback(err);         } else {             var isauth = username === data.username && password === data.password;             if (isauth) {                 session.isauthenticated = isauth;                 session.user = {username: username};             }             callback(null, isauth);         }     }); };

or return promise exports.auth function (but directly exports.auth function, not other callback inside).

using above version can call with:

auth(username, password, session, function (isauth) {   // have isauth here });

the other option use promises. can see other answers explain difference between callbacks , promises , how use them in more detail, may helpful in case:

but first need comfortable callbacks.

also, never store passwords in cleartext in database. seriously, use other solution works passport. wrote answer explain process of using callbacks, not endorse idea of using authentication in particular way. have been warned.


Comments

Post a Comment

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more