CODEWITHSUNDEEP
androidnode.jsmongodbexpress
Christof
Christof

Reputation: 1

Same response sent regardless of the logged-in user

I'm searching about how can I send response by express in Nodejs to target android device. For example, some of users want to login to my application in Android and sent request around the same time to api express which respond object if password equals with record in base, but all users received the same object one of the user. 

app.post('/login', (request, response) => {
    var objectaccount = {
        name: name,
        amount: amount
    };

    var post_data = request.body;

    var user = post_data.user;
    var userPassword = post_data.password;

    var db = client.db('clientbase');

    db.collection('users')
        .find({
            'user': user
        }).count(function(err, number) {
            if (number == 0) {
                response.json('email not exist');
                console.log('email not exist');
            } else {
                db.collection('user')
                    .findOne({
                        'email': email
                    }, function(error, user) {
                        var name = user.name;
                        if (userPassword == user.password) {
                            objectaccount.name = user.name;
                            objectaccount.amount = user.amount;
                            response.json(objectaccount);
                            console.log(objectaccount);
                        } else {
                            response.json('password invalid');
                            console.log('password invalid');
                        }
                    })
            }
        })
});

example: i have 3 users in mongodb {user,amount}(-user1(200), -user2(399), -user3(500)), three users click in application to login in the same time. Express sent 3 response json and 3 users have the same object like (user1(200)) instead of user1 have user1(200) , user2 - user2(399) and user3- user3(500);

Upvotes: 0

Views: 90

Answers (2)

hem
hem

Reputation: 1032

On a high-level, I noticed this. In the first DB call, you fetch the user based on a value from the POST payload( user variable)

...
db.collection('users')
        .find({
            'user': user // Here, you are fetching the record by user (from POST payload)
        }).count(function(err, number) {
            if 
...

  1. However, in the second DB call, you seem to make use of email which I believe, is neither passed in the POST body nor obtained from the first DB call. I am afraid that this variable could be set somewhere. Should this not be same as user variable or some data that we obtain with user ?

  2. Also just wondering -> the collection name seems to be different in both the db calls - user vs. users ?

enter image description here

Upvotes: 0

Ashen Gunaratne
Ashen Gunaratne

Reputation: 455

The User-Agent shall aid in identifying the OS vendor; For example;

app.get('/route', (req, res) => {

  /\bAndroid\b/.test(req.get('User-Agent') || '')
    ? res.end('An Android user!')
    : res.end('A non-Android user!');

});

Upvotes: 0

Related Questions