- 00:00:01 welcome back great to see you again time
- 00:00:04 to handle the user sign-in so sign up
- 00:00:08 looks good but sign-in is missing I'm
- 00:00:10 closing all these folders here tabs here
- 00:00:13 and now back in my project I'll go to my
- 00:00:16 passport chess file to also implement a
- 00:00:19 strategy for signing the user in I'll do
- 00:00:22 this right below my sign up strategy and
- 00:00:25 of course I start by you again using
- 00:00:28 passport use I'll name it local sign in
- 00:00:31 and this will also be a new local
- 00:00:34 strategy where I first have some
- 00:00:39 configuration where I again basically
- 00:00:41 pass the same config as before setting
- 00:00:45 up username field and so on and then I
- 00:00:48 have my callback here where I again have
- 00:00:51 my request the past email and password
- 00:00:54 as well as the done callback function I
- 00:00:58 may execute whenever I am done now here
- 00:01:01 again I could validate but I don't
- 00:01:03 really have to because I'm just checking
- 00:01:05 if the entered data fits the user data
- 00:01:10 in the database so technically I don't
- 00:01:12 need to validate but I think it's nice
- 00:01:15 to give some error messages if the user
- 00:01:18 simply forget forgets to enter the
- 00:01:19 password or anything like that so in
- 00:01:22 order to do this I will copy the
- 00:01:24 validation logic from above all that
- 00:01:29 code here but I will get rid of the
- 00:01:34 minimum length because that really
- 00:01:35 doesn't matter I'm comparing passwords
- 00:01:37 anyway as well as of T is email or well
- 00:01:41 now I own leave T is signal I think
- 00:01:43 that's fine so with that I'm yeah doing
- 00:01:46 the validation again the code of you saw
- 00:01:49 above and of course you could refactor
- 00:01:52 this for example but I'll leave it like
- 00:01:54 this and next I will try to find the
- 00:01:57 user and I can also copy the code here
- 00:02:00 from my signup method because I'm
- 00:02:03 basically doing the same line once you
- 00:02:05 find a user I return done with the error
- 00:02:08 if we have an error however if I find
- 00:02:11 the user this is of course the good case
- 00:02:13 so here I will reverse this
- 00:02:14 to return an error if we don't find the
- 00:02:18 user then I will return a message say no
- 00:02:21 user found so if yeah if we try to find
- 00:02:28 a user with the email address which
- 00:02:29 isn't in the database and then I also
- 00:02:31 need an upper case where the password
- 00:02:34 might be invalid so to check this I will
- 00:02:38 run user and then valid password this SD
- 00:02:42 helper function or the method I defined
- 00:02:45 in my user model here if you remember
- 00:02:48 this this function here so now I'm
- 00:02:51 executing this function to verify the
- 00:02:53 password with the encrypted password in
- 00:02:57 the database and if this fails if the
- 00:03:01 password is not valid well then I will
- 00:03:03 also return done with n with defaults
- 00:03:07 case here so that it was not successful
- 00:03:09 and the message will be wrong password
- 00:03:13 in my case here if all of that is passed
- 00:03:17 successfully so no error user found and
- 00:03:19 password is correct well then I can
- 00:03:22 simply return done with no error and the
- 00:03:28 retrieved user and user of course is to
- 00:03:30 use ref found in D in database so this
- 00:03:35 is my sign-in strategy and now any index
- 00:03:39 chess file I have to create the routes
- 00:03:41 for that so I'll do this here where
- 00:03:43 again get my user sign-in route with
- 00:03:50 request/response next to show the
- 00:03:54 sign-in page first and all I will do
- 00:03:57 here is I will render the sign-in page
- 00:04:02 and I will copy the code from the
- 00:04:04 sign-up route here because I'm basically
- 00:04:08 doing the same and also want to display
- 00:04:10 error messages if there are any a also
- 00:04:12 want to pass token so that's all the
- 00:04:14 same and next I will add another route
- 00:04:19 the post route user sign in but here of
- 00:04:25 course I will not use my request for
- 00:04:27 once next function but instead I will
- 00:04:29 use passport authenticate and then my
- 00:04:33 local sign-in strategy HS set up with a
- 00:04:38 JavaScript object to configure it now
- 00:04:41 the configuration equals the one from my
- 00:04:44 post request here and with that I'm
- 00:04:48 making sure that I redirect it to the
- 00:04:51 profile if successful but to the sign-in
- 00:04:53 page not sign up if we fail so with that
- 00:04:58 all this is working I'll restart my
- 00:05:02 server and I'll go to the sign-in page
- 00:05:06 here and I'll try to log in with the
- 00:05:10 credentials I provided email already
- 00:05:13 news doesn't sound right and this of
- 00:05:16 course is the case because here well hmm
- 00:05:20 first I'm returning these sign up view
- 00:05:23 not design in view so that's wrong
- 00:05:26 but it was good because my sign-in views
- 00:05:28 totally empty so I should probably add
- 00:05:30 this here I just copied all the code
- 00:05:33 from the signup view but of course I
- 00:05:34 have to update my action here to
- 00:05:37 actually try to sign me in not sign up
- 00:05:39 and I'll replace the text here to also
- 00:05:43 be correct now if I reload so go to sign
- 00:05:49 in again this should not really be dis
- 00:05:50 sign in form and this looks good
- 00:05:53 I am for varlet to do user profile so DS
- 00:05:57 signing in works s nasty sign up let's
- 00:06:01 try what happens if I enter an email
- 00:06:06 address which is not valid or okay if I
- 00:06:08 enter this for example invalid email and
- 00:06:10 if I enter a wrong password for a valid
- 00:06:13 email address I get wrong password so
- 00:06:15 this works but that was not really what
- 00:06:18 I wanted to do here what I want to do
- 00:06:20 next is I want to protect my routes and
- 00:06:23 it would be nice to have some kind of
- 00:06:25 route grouping because if we have a look
- 00:06:28 here we got slash user slash user slash
- 00:06:32 user and it's totally unnecessary
- 00:06:34 because all these routes shared a slash
- 00:06:38 user I don't want to write it on
- 00:06:40 throughout here