Coding

NodeJS / Express / MongoDB – Build a Shopping Cart – #9 Sign In

  • 00:00:01 welcome back great to see you again time
  • 00:00:04 to handle the user sign-in so sign up
  • 00:00:08 looks good but sign-in is missing I'm
  • 00:00:10 closing all these folders here tabs here
  • 00:00:13 and now back in my project I'll go to my
  • 00:00:16 passport chess file to also implement a
  • 00:00:19 strategy for signing the user in I'll do
  • 00:00:22 this right below my sign up strategy and
  • 00:00:25 of course I start by you again using
  • 00:00:28 passport use I'll name it local sign in
  • 00:00:31 and this will also be a new local
  • 00:00:34 strategy where I first have some
  • 00:00:39 configuration where I again basically
  • 00:00:41 pass the same config as before setting
  • 00:00:45 up username field and so on and then I
  • 00:00:48 have my callback here where I again have
  • 00:00:51 my request the past email and password
  • 00:00:54 as well as the done callback function I
  • 00:00:58 may execute whenever I am done now here
  • 00:01:01 again I could validate but I don't
  • 00:01:03 really have to because I'm just checking
  • 00:01:05 if the entered data fits the user data
  • 00:01:10 in the database so technically I don't
  • 00:01:12 need to validate but I think it's nice
  • 00:01:15 to give some error messages if the user
  • 00:01:18 simply forget forgets to enter the
  • 00:01:19 password or anything like that so in
  • 00:01:22 order to do this I will copy the
  • 00:01:24 validation logic from above all that
  • 00:01:29 code here but I will get rid of the
  • 00:01:34 minimum length because that really
  • 00:01:35 doesn't matter I'm comparing passwords
  • 00:01:37 anyway as well as of T is email or well
  • 00:01:41 now I own leave T is signal I think
  • 00:01:43 that's fine so with that I'm yeah doing
  • 00:01:46 the validation again the code of you saw
  • 00:01:49 above and of course you could refactor
  • 00:01:52 this for example but I'll leave it like
  • 00:01:54 this and next I will try to find the
  • 00:01:57 user and I can also copy the code here
  • 00:02:00 from my signup method because I'm
  • 00:02:03 basically doing the same line once you
  • 00:02:05 find a user I return done with the error
  • 00:02:08 if we have an error however if I find
  • 00:02:11 the user this is of course the good case
  • 00:02:13 so here I will reverse this
  • 00:02:14 to return an error if we don't find the
  • 00:02:18 user then I will return a message say no
  • 00:02:21 user found so if yeah if we try to find
  • 00:02:28 a user with the email address which
  • 00:02:29 isn't in the database and then I also
  • 00:02:31 need an upper case where the password
  • 00:02:34 might be invalid so to check this I will
  • 00:02:38 run user and then valid password this SD
  • 00:02:42 helper function or the method I defined
  • 00:02:45 in my user model here if you remember
  • 00:02:48 this this function here so now I'm
  • 00:02:51 executing this function to verify the
  • 00:02:53 password with the encrypted password in
  • 00:02:57 the database and if this fails if the
  • 00:03:01 password is not valid well then I will
  • 00:03:03 also return done with n with defaults
  • 00:03:07 case here so that it was not successful
  • 00:03:09 and the message will be wrong password
  • 00:03:13 in my case here if all of that is passed
  • 00:03:17 successfully so no error user found and
  • 00:03:19 password is correct well then I can
  • 00:03:22 simply return done with no error and the
  • 00:03:28 retrieved user and user of course is to
  • 00:03:30 use ref found in D in database so this
  • 00:03:35 is my sign-in strategy and now any index
  • 00:03:39 chess file I have to create the routes
  • 00:03:41 for that so I'll do this here where
  • 00:03:43 again get my user sign-in route with
  • 00:03:50 request/response next to show the
  • 00:03:54 sign-in page first and all I will do
  • 00:03:57 here is I will render the sign-in page
  • 00:04:02 and I will copy the code from the
  • 00:04:04 sign-up route here because I'm basically
  • 00:04:08 doing the same and also want to display
  • 00:04:10 error messages if there are any a also
  • 00:04:12 want to pass token so that's all the
  • 00:04:14 same and next I will add another route
  • 00:04:19 the post route user sign in but here of
  • 00:04:25 course I will not use my request for
  • 00:04:27 once next function but instead I will
  • 00:04:29 use passport authenticate and then my
  • 00:04:33 local sign-in strategy HS set up with a
  • 00:04:38 JavaScript object to configure it now
  • 00:04:41 the configuration equals the one from my
  • 00:04:44 post request here and with that I'm
  • 00:04:48 making sure that I redirect it to the
  • 00:04:51 profile if successful but to the sign-in
  • 00:04:53 page not sign up if we fail so with that
  • 00:04:58 all this is working I'll restart my
  • 00:05:02 server and I'll go to the sign-in page
  • 00:05:06 here and I'll try to log in with the
  • 00:05:10 credentials I provided email already
  • 00:05:13 news doesn't sound right and this of
  • 00:05:16 course is the case because here well hmm
  • 00:05:20 first I'm returning these sign up view
  • 00:05:23 not design in view so that's wrong
  • 00:05:26 but it was good because my sign-in views
  • 00:05:28 totally empty so I should probably add
  • 00:05:30 this here I just copied all the code
  • 00:05:33 from the signup view but of course I
  • 00:05:34 have to update my action here to
  • 00:05:37 actually try to sign me in not sign up
  • 00:05:39 and I'll replace the text here to also
  • 00:05:43 be correct now if I reload so go to sign
  • 00:05:49 in again this should not really be dis
  • 00:05:50 sign in form and this looks good
  • 00:05:53 I am for varlet to do user profile so DS
  • 00:05:57 signing in works s nasty sign up let's
  • 00:06:01 try what happens if I enter an email
  • 00:06:06 address which is not valid or okay if I
  • 00:06:08 enter this for example invalid email and
  • 00:06:10 if I enter a wrong password for a valid
  • 00:06:13 email address I get wrong password so
  • 00:06:15 this works but that was not really what
  • 00:06:18 I wanted to do here what I want to do
  • 00:06:20 next is I want to protect my routes and
  • 00:06:23 it would be nice to have some kind of
  • 00:06:25 route grouping because if we have a look
  • 00:06:28 here we got slash user slash user slash
  • 00:06:32 user and it's totally unnecessary
  • 00:06:34 because all these routes shared a slash
  • 00:06:38 user I don't want to write it on
  • 00:06:40 throughout here