I want to validate my registration page and i am using Joi validation every thing working fine except google recaptcha.
Here is code for form validation snippet,
var UserSchema = Joi.object().keys({
name: Joi.string().required(),
username: Joi.string().alphanum().min(4).max(30).required(),
email: Joi.string().email().required(),
mobile: Joi.string().required(),
password: Joi.string().regex(/^[a-zA-Z0-9]{8,30}$/),
confirmationPassword: Joi.any().valid(Joi.ref('password')).required(),
access_token: [Joi.string(), Joi.number()],
recaptcha : Joi.string()
});
Post request for registration page,
router.route('/register')
.get(isNotAuthenticated, (req, res) => {
res.render('register');
})
.post(async (req, res, next) => {
try {
const data = Joi.validate(req.body, UserSchema);
if (data.error) {
req.flash("error", "Enter Valid data");
console.log(data.error);
res.redirect('/register');
return;
}
const user = await User.findOne({ username: data.value.username });
if (user) {
req.flash('error', 'Username already taken');
res.redirect('/register');
return;
}
if (req.body.captcha === undefined ||
req.body.captcha === '' ||
req.body.captcha === null) {
res.redirect('/register');
return;
}
const secretKey = '';
const verifyUrl = `https://google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${req.body.captcha}&remoteip=${req.connection.remoteAddress}`;
request(verifyUrl, async (err, response, body) => {
try{
body = JSON.parse(body);
console.log(body);
if (body.success !== undefined && !body.success) {
res.redirect('/register');
return;
} else {
const newUser = await new User(data.value);
console.log('newUser', newUser);
await newUser.save();
}
}catch(e){
throw e;
}
});
req.flash('success', 'Please check your email.');
res.redirect('/login');
} catch (error) {
next(error);
}
});
When i click on submit i got error message in console that { ValidationError: "g-recaptcha-response" is not allowed
You could access g-recaptcha-response using bracket notation. So in your Joi schema the property should look something like this:
["g-recaptcha-response"]: Joi.string().required();
Related
I have a post route request function below to login a user. I keep getting 401 unauthorized errors when attempting to make the request. Based on my code below, is there any refactoring I can do to fix this? Many thanks!!!
router.post('/login', async (req, res, next) => {
try {
// attempt to find the user in database //
const user = await User.findOne({ username: req.body.username });
// if user entered doesn't match which is in the database throw an error //
if (!user) {
res.status(401).json('wrong credentials!')
var hashedPassword = Cryptojs.AES.decrypt(
user.password,
process.env.PASS_SEC);
var Orginalpassword = hashedPassword.toString(Cryptojs.enc.Utf8);
}
// check if password entered matches the orignal password entered during registration, if not return error //
else if ( Orginalpassword !== req.body.password ) {
res.status(401).json('wrong credentials!');
var accessToken = jwt.sign({
id: user._id,
isAdmin: user.isAdmin
},
process.env.JWT_SEC,
{expiresIn:'3d'}
);
var { password, ...others} = user._doc;
}
else {
// if password and username both match successfully log user in //
return res.status(200).json({...others, accessToken})
}
} catch (error) {
res.status(500).json(error);
}
});
here i did the simplest way to implement the login API try this👇🏻
router.post('/login', async (req, res, next) => {
try {
const {username, password} = req.body;
// attempt to find the user in database
const user = await User.findOne({ username });
// compares the password
if (user && await bcrypt.compare(password, user.password)) {
let accessToken = jwt.sign({
id: user._id,
isAdmin: user.isAdmin
},
process.env.JWT_SEC,
{expiresIn:'3d'}
);
user.accessToken = accessToken;
return res.status(200).json({...others, accessToken})
}
return res.status(401).send('wrong credentials!');
} catch (error) {
return res.status(500).json(error.message);
}
});
Here is my code of login its work when the user enter the right credential but the app crashed when its enter the wrong credential by showing showing the error message "Internal server error" which is right beacause I wriiten in it catch code but what I want the app should not be crashed when the user enter the wrong credentials.
router.post(
"/login",
[
body("email", "you enter wrong email").isEmail(),
body("password", "password cannot be blank").exists(),
],
async (req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
const { email, password } = req.body;
try {
let user = await User.findOne({ email });
if (!user) {
res.status(400).json({ error: "Please try to login with correct credentials" });
}
const passwordcompare = await bcrypt.compare(password, user.password);
if (!passwordcompare) {
res.status(400).json({ error: "Please Try to login with correct credential" });
}
const data = {
user: {
id: user.id,
},
};
const authtoken = jwt.sign(data, JWTSECRET);
res.json({ authtoken });
} catch (error) {
console.log(error.message);
res.status(500).send("Internal server error");
}
},
);
module.exports = router;
You're not returning after those res.status(400).json()s, so your program just continues on its merry way.
if (!user) {
res.status(400).json({error: "Please try to login with correct credentials"});
return; // add this
}
I think The problem in this line
const passwordcompare = await bcrypt.compare(password, user.password);
When password is undefined or wrong bcrypt.compare will throw an error and the catch block will catch it and return internal server error message
Try add return to res
if (!passwordcompare) {
return res.status(400).json({ error: "Please Try to login with correct credential" });
}
const data = {
user: {
id: user.id,
},
};
const authtoken = jwt.sign(data, JWTSECRET);
return res.json({ authtoken
});
You should add return statements on your error checks, otherwise, the function will keep executing and try to access user.password also if the user has not been found:
router.post(
"/login",
[
body("email", "you enter wrong email").isEmail(),
body("password", "password cannot be blank").exists(),
],
async (req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
const { email, password } = req.body;
try {
let user = await User.findOne({ email });
if (!user) {
return res.status(400).json({ error: "Please try to login with correct credentials" });
}
const passwordcompare = await bcrypt.compare(password, user.password);
if (!passwordcompare) {
return res.status(400).json({ error: "Please Try to login with correct credential" });
}
const data = {
user: {
id: user.id,
},
};
const authtoken = jwt.sign(data, JWTSECRET);
res.json({ authtoken });
} catch (error) {
console.log(error.message);
res.status(500).send("Internal server error");
}
},
);
module.exports = router;
You do not return res.status() that's why your code crashed.
I have a auth.js file And a middleware named as fetchuser code given beolow
Can anyone please tell me why am i getting this error.
I am using express js and mongoose but this error is occured during sending token to the user and verify the user whether is user logged in or not.
auth.js
const express = require('express');
const User = require('../models/User');
const router = express.Router();
const { body, validationResult } = require('express-validator');
const bcrypt = require('bcryptjs'); // it is used for password hashing
const jwt = require('jsonwebtoken');
const fetchuser=require('../middleware/fetchuser');
// Route:1 - Create a User using :POST. "/api/auth/createuser". NO Login Required.
router.post('/createuser', [
body('email', 'Enter valid email').isEmail(),
body('name', 'Enter valid email').isLength({ min: 3 }),
body('password').isLength({ min: 5 })
], async (req, res) => {
// Check fo vaidation whether is any rule(defined in User model) breaked or not
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
// Check Whether user with same email id exist or not
try {
let user = await User.findOne({ email: req.body.email });
if (user) {
return res.status(400).json({ error: "Sorry user with same email id already exist" });
}
// hashing of password
const salt = await bcrypt.genSalt(10);
const securePassword = await bcrypt.hash(req.body.password, salt);
// create A new User
user = await User.create({
name: req.body.name,
email: req.body.email,
password: securePassword
})
// returning user id in Token
const JWT_secret = "Rishiisa#boy";
const data = { user:{id: user.id} };
const auth_token = jwt.sign(data, JWT_secret);
res.json({ auth_token });
}
catch (error) {
console.error(error.message);
res.status(500).send("Internal server error");
}
})
// Route:2 - Login a User using credential. "/api/auth/login". NO Login Required.
router.post('/login', [
body('email', 'Enter valid email').isEmail(),
body('password', 'password can not be blank').exists(),
], async (req, res) => {
// Check for vaidation according to the rule defined at line no. 53, 54;
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
// destructure the email and password from body request
const { email, password } = req.body;
try {
// Checking whether email is exist or not
let user = await User.findOne({ email });
if (!user) {
return res.status(400).json({ error: "Please try to login using correct credentials" });
}
// Now Comparing password with help of bcryptjs
const comparepassword = await bcrypt.compare(password, user.password);
if (!comparepassword) {
return res.status(400).json({ error: "Please try to login using correct credentials" });
}
// Now if user enter coorect password and login then user got logged in;
// And We will send authtoken to user;
// returning user id in Token
const JWT_secret = "Rishiisa#boy";
const data = { user:{id: user.id} };
const auth_token = jwt.sign(data, JWT_secret);
res.json({ auth_token });
}
catch (error) {
console.error(error.message);
res.status(500).send("Internal server error");
}
})
// Route:3 - Get Loggedin User details using:POST "/api/auth/getuser" Login required
router.post('/getuser', fetchuser, async (req, res) => {
try {
const userid = req.user.id;
const user = await User.findById(userid).select("-password");
res.send(user);
} catch (error) {
console.error(error.message);
res.status(500).send("Internal server error");
}
})
module.exports = router
middleware:
fetchuser.js
const jwt = require('jsonwebtoken');
const JWT_secret = "Rishiisa#boy";
const fetchuser = (req, res, next) => {
// Get the user from jwt token and add user id to req object
const token = req.header('auth_token');
if (!token) {
res.status(401).send({ error: "Please authenticate using a valid token" });
}
try {
const data = jwt.verify(token, JWT_secret);
req.user = data.user;
next();
} catch (error) {
res.status(401).send({ error: "Please authenticate using a valid token" });
}
}
module.exports = fetchuser;
In auth.js, where you wrote: "const data = { user:{id: user.id} };" Try changing user.id to user._id, since in MongoDB the user id is referred to as '_id'.
Let me know if that works.
I've had problems sending jwt token back and even verifying it, but all is good on my side now.
Also, below is my (inspired) method of going about this:
router.post('/register', (req, res)=>{
const { username, password } = req.body;
const user = new User({
username,
password
});
bcrypt.genSalt(10, (err, salt)=>{
bcrypt.hash(user.password, salt, (err, hash)=>{
if(err) throw err;
user.password = hash;
user.save()
.then(user=>{
jwt.sign(
{ id: user._id },
process.env.jwtSecret,
{ expiresIn: 3600 },
(err, token) =>{
if(err) throw err;
res.status(200)
}
)
})
})
})
})
I'm trying to make a contact form with Nodemailer (first time), and I'm running into a 404 error.
I hope this isn't an obnoxious amount of code to share, I'll try to trim it down as much as I can.
Server.js
const transporter = nodemailer.createTransport({
host: "smtp.ethereal.email",
port: 587,
secure: false,
auth: {
user: creds.USER, // Generated by ethereal
pass: creds.PASS // Generated by ethereal
}
});
transporter.verify((err, success) => {
if(err) {
console.log(err)
} else {
console.log("Server is ready to take messages")
}
})
router.post("/send", (req, res, next) => {
let name = req.body.name
let email = req.body.email
let message = req.body.message
let content = `name: ${name} \n email: ${email} \n message: ${message}`
let mail = {
from: name,
to: "jlbroughton88#gmail.com",
subject: "Test from contact form",
text: content
}
transporter.sendMail(mail, (err, data) => {
if (err) {
res.json({
msg: "Message failed"
})
} else {
res.json({
msg: "Message succeeded!"
})
}
})
})
ContactForm.js (React Component)
I've trimmed the JSX part, the submit trigger works fine. It breaks once it reaches the axios.post() method.
handleSubmit(e) {
e.preventDefault();
const name = document.getElementById('name').value;
const email = document.getElementById('email').value;
const message = document.getElementById('message').value;
axios.post("http://localhost:3002/send", {
name,
email,
message
})
.then((response) => {
// console.log(response)
if (response.data.msg === 'success') {
alert("Message Sent.");
this.resetForm()
} else if (response.data.msg === 'fail') {
alert("Message failed to send.")
}
})
}
resetForm() {
document.getElementById('contact-form').reset();
}
I have signup function in expressjs
app.post('/api/signup', function(req, res) {
var username = req.body.username;
var password = req.body.password;
if (!username || !password) {
return res.status(400).end();
}
var promiseObject = userModel
.findOne({username: username})
.then(function(user) {
if (user) {
console.log(user);
res.json({success: false, message: 'User or Email already exists !'});
throw new promise.CancellationError()
} else {
var newUser = {username: username, password: bcrypt.hashSync(password)};
return userModel.create(newUser)
}
})
.cancellable()
.catch(promise.CancellationError, function(e) {
console.log(e.msg);
})
.then(function(user) {
console.log('User created successfully');
res.json({success: true});
})
.catch(function(err) {
console.log(err);
})
});
When i call function from postman, this show error : Unhandled Rejection Error, can't not set header after they are sent