Reputation: 1362
How to validate password in passport js
I want to prevent users who have a password less than 6 chars from being entered into the database, however my current logic is not allowing that. I'm using express-validator.
Despite a password being less than 6 chars, a user is entered into the database. What should i do to prevent a user who has a password less than 6 chars from being entered into the database ?
I'm using knex/bookshelf orm and postgress for the database
routes/users.js
router.post('/register', [
check('password').isLength({ min: 6 }).withMessage('must be at least 6 chars long'),
check('username').custom( value => {
return User.forge({ username: value}).fetch().then( user => {
if(user){
return Promise.reject('Username already in use');
}
})
}),
check('email').custom( value => {
return User.forge({ email: value}).fetch().then( user => {
if(user){
return Promise.reject('Email already in use');
}
})
})
],
(req, res, next) => {
passport.authenticate('register', (err, user, info) => {
if(err){
console.log(err)
}
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(500).send({
error: errors.array()
})
}
if(info !== undefined){
console.log(info.message)
res.status(403).send(info.message)
}else{
req.logIn(user, err => {
const data = {
username: req.body.username.trim(),
password: req.body.password.trim(),
email: req.body.email.trim()
}
// console.log(data);
// debugger;
User.forge({
username: data.username
}).fetch().then( user => {
const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET);
jwt.verify(token, process.env.JWT_SECRET, function(err, data){
console.log(err, data);
})
console.log('user created in db');
res.status(200).send({
message: 'user created',
token: token,
auth: true
});
});
})
}
})(req, res, next);
});
passport.js
passport.use(
'register',
new Local(
{
usernameField: 'username',
passwordField: 'password',
passReqToCallback: true,
session: false,
},
(req, username, password, done) => {
try {
User.forge({username: username}, {email: req.body.email}).fetch().then(user => {
if (user != null) {
console.log('username or email already taken');
return done(null, false, {
message: 'username or email already taken',
});
} else {
bcrypt.hash(password, 12).then(hashedPassword => {
const user = new User({
username: req.body.username,
password: hashedPassword,
email: req.body.email
})
user.save().then( () => {
return done(null, user);
})
});
}
});
} catch (err) {
return done(err);
}
},
),
);
User model
import bookshelf from '../config/bookshelf';
import validator from 'validator';
/**
* Example User Model.
*/
const User = bookshelf.Model.extend({
tableName: 'users',
timestamps: false,
});
export default User;
Upvotes: 1
Views: 2804
Answers (1)
Reputation: 1104
Your code is checking for validation errors AFTER you create the user.
Code should be:
(req, res, next) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).send({ error: errors.array() })
}
passport.authenticate('register', (err, user, info) => {
if(err){
console.log(err)
}
...
Also note that you should be responding with a 400 level error code, not 500. 400 is for when the request made was bad (i.e. validation issue), 500 is when the server acts up.
Upvotes: 2
Related Questions
- How to validate password in passport-local-mongoose
- validate a password with express-validator
- How to validate password using express-validator npm
- NodeJS express-validator with passport
- Passport Authentication in Nodejs
- username or password failure message in Passport.js
- Trouble with authentication
- PassportJS authentication
- Node.Js Express Authentication
- Passport for authentication in Node JS