Reputation: 235
Node.js, express if statment running even when the condition is false
I am trying to check whether the signed in user is admin or not. User data is stored in a format like this:
[
{
"isAdmin": "true",
"_id": "60c6df22f25d381e78ab5f31",
"name": "Admin",
"email": "[email protected]",
"password": "$2a$10$dPF0rtehOYXv5aLkmxXgw.99horXCuzbQgvu5ywRaa5C73xQJpaG6",
"__v": 0,
"createdAt": "2021-06-14T04:46:26.769Z",
"updatedAt": "2021-06-14T04:46:26.769Z"
},
{
"isAdmin": "false",
"_id": "60c6df22f25d381e78ab5f32",
"name": "Messi",
"email": "[email protected]",
"password": "$2a$10$Lkhuz2///oLfrCRMSYoHoeS3QHUCNQDH3OyiN6LyveogGfzldSBDC",
"__v": 0,
"createdAt": "2021-06-14T04:46:26.770Z",
"updatedAt": "2021-06-20T03:45:44.533Z"
},
]
when the user enter its credentials I am passing adminMiddleware to check wheather isAdmin is false or true. But when I tested it in thunder client I got user data no matter who's bearer token I passed (Admin or normal users).
here is the source code:
adminMiddleware.js
const admin = (req, res, next) => {
try {
console.log("Name:", req.user.name);
console.log("isAdmin:", req.user.isAdmin);
if (req.user && req.user.isAdmin) {
next();
} else {
const error = new Error("Not Authorized As An Admin");
error.status = 401;
next(error);
}
} catch (error) {
next(error);
}
};
module.exports = admin;
userRoutes.js
const express = require("express");
const {
registerUser,
getUsers,
} = require("../controllers/userController");
const protect = require("../middleware/authMiddleware");
const admin = require("../middleware/adminMiddleware");
const router = express.Router();
router.route("/").post(registerUser).get(protect, admin, getUsers);
module.exports = router;
I console logged the isAdmin value for both admin and normal user by there Bearer Token respectively and got:
when isAdmin=false
when isAdmin=true
Upvotes: 0
Views: 568
Answers (3)
Reputation: 476
Hi as I read all stuff I found that you just checked "isAdmin" key rather then its value. Try below
if (req.user && req.user.isAdmin==="true") {
next();
} else {
const error = new Error("Not Authorized As An Admin");
error.status = 401;
next(error);
}
Upvotes: 1
Reputation: 1651
Based on your example, it seems that your isAdmin attribute has a string value.
In that case, the condition req.user.isAdmin will always be true.
Here is an example:
const user1 = {isAdmin: "true", name: "messi"}
const user2 = {isAdmin: "true", name: "messi"}
if(user1.isAdmin) {
console.log(typeof user1.isAdmin);
console.log("User 1 is admin");
}
if(user2.isAdmin) {
console.log(typeof user2.isAdmin);
console.log("User 2 is admin");
}So in this case the correct way to verify the attribute would be req.user.isAdmin === 'true'
or
You could simply update the attribute to a boolean value using isAdmin: true in your user attribute.
Upvotes: 1
Reputation: 12870
req.user.isAdmin resolves as string, so, "false" is a truty value: "false" ? true : false.
You should change your check to req.user && req.user.isAdmin === 'true'
Upvotes: 1
Related Questions
- Express Js: If Else Statement only returns boolean
- If statement in nodejs not executing in order
- Weird behavior in if statement in NodeJS
- if condition on node js
- Node.js Reacting weird in IF Condition
- Node.js execution doesn't continue after function in if-statement
- Node js if condition is not working properly
- How To Avoid If else Hell in NodeJs, Express
- If condition directly goes to else always in my case in node js
- Nodejs ejs if else condition