I am coding a simple registration form using mongoose.
I have use a javascript file to process the values of the registration form.
Here is my registrationButtonAction.js
window.onload = function() {
var User = require('/models/Mongoose Database/user_database');
// this line is causing the problem
var registerButton = document.getElementById("registerMe");
var firstName = document.getElementById("firstName");
var lastName = document.getElementById("lastName");
var usernameRegister = document.getElementById("usernameRegister");
var passwordRegister = document.getElementById("passwordRegister");
var repasswordRegister = document.getElementById("repasswordRegister");
registerButton.onclick = function () {
if(!firstName.value || !passwordRegister.value || !repasswordRegister.value || !usernameRegister.value){
alert("Enter all required fields");
}else if (passwordRegister.value != repasswordRegister.value){
alert("Passwords must match");
}else {
var newUser = new User({
username : usernameRegister.value,
password : passwordRegister.value
});
User.find({username:usernameRegister.value}, function (error, user) {
if (error) throw error;
if(user){
window.location("/register");
}else {
newUser.save(function (error) {
if(error) throw error;
});
window.location("/login");
}
// user.comparePassword(passwordRegister.value, function (error, isMatch) {
// if (error) throw error;
//
// return 1;
//})
});
}
}
}
When I comment the var User = require('/models/Mongoose Database/user_database');, all the checks are working fine inside the onclick function. But when I uncomment it, it is not recognizing the button click.
I want to know whether this is a correct way of taking values from the registration page and storing them in a mongoose database.
You are mixing server and client code. Mongoose models and Node.js functions are not accessible inside window.onload on your client.
To put it simply, you need to create a REST API to perform database operations on the server. You have all the right tools aready, just need to reorder them.
The flow would be as such :
get the values entered in the browser
call an endpoint on your server (for example /api/createUser)
in the express router, have a route called /api/createUser in which you can access your User model and perform creation/deletion/update, etc.
My suggestion would be for you to go through this tutorial which should remove your confusion and bring you up to speed in no time. Good Luck!
Also, Passport can help you with authentication, but I believe you should first learn how to build a basic API. Authentication is a tricky beast ;)
Related
CASE DESCRIPTION:
I'm building a fullstack chat application on node.js (with Express), socket.io and mongoDB. Everything works fine until a moment when user puts the sign-up data that's already used in another account. I have created two functions: first to check if the username like query one already exists and second one for email addresses. (All the functions connecting with db are using callbacks to ensure proper ansynchronous working, also I have tried creating local variable and assigning a value (t/f) to it and returning it, still being 'undefined').
usernameExists = function(username){
var query = {
username: username
}
mongodb.connect(dburl, {useNewUrlParser: true, useUnifiedTopology: true}, function(err, db){
var chat = db.db('chat');
chat.collection('users').countDocuments(query, function(err, number){
if (number > 0){
return true;
} else {
return false;
}
});
});
}
Email one:
emailExists = function(email){
var query = {
email: email
}
mongodb.connect(dburl, {useNewUrlParser: true, useUnifiedTopology: true}, function(err, db){
var chat = db.db('chat');
chat.collection('users').countDocuments(query, function(err, number){
if (number > 0){
return true;
} else {
return false;
}
});
});
}
PROBLEM DESCRIPTION:
When the user puts the data into form on the frontend even the exactly same document is created in the database. I have tried logging the number and the result of this methods: number seems to be good (>0), however result is 'undefined'.
In advance thanks for any help!
I am learning Node JS and I am learning how to create OOP structure in node. I have a simple class where I am using functions to check and create user in database. I am getting TypeError when I am calling class function inside a function. My codes of class,
var method = AccessRegisterAction.prototype;
function AccessRegisterAction(parameters) {
this._bcrypt = require('bcrypt-nodejs');
this._cassandra = require('cassandra-driver');
this._async = require('async');
this._uname = parameters.uname;
this._email = parameters.email;
this._passwd = parameters.passwd;
//Connect to the cluster
this._client = new this._cassandra.Client({contactPoints: ['127.0.0.1'], keyspace: 'testdb'});
//this._bcrypt.hashSync("bacon");
}
/*
* This method "createUser" is used to create new users
*
* First it will check for user's email is in database or not.
*
* If email is registered we will process accordingly,
* else we will process accordingly.
*
* */
method.createUser = function () {
var selectUserFromDBQuery = "SELECT uid from testdb.users WHERE email = '?' ALLOW FILTERING";
this._client.execute(selectUserFromDBQuery, this._email, function (err, result) {
//if there is not any error while fetching data
if (!err) {
//if there is result, it means we have email already registered
if (result.rows.length > 0) {
//so now we need to show user is already registered error
//to the user
this.errorWhileCreatingAccount(2);
} else {
//here we are checking user's username because
//we have not found user's email in database and we
//are good to go to register user
this.userNameCheck();
}
}
else {
this.errorWhileCreatingAccount(1);
}
});
};
/*
* This method will check for username in database.
*
* If there is username registered in database than we will
* show error that username is taken otherwise
* we will process to register user.
* */
method.userNameCheck = function () {
var checkUserNameQuery = "SELECT uid from testdb.users WHERE uname = '?' ALLOW FILTERING";
this._client.execute(checkUserNameQuery, this._uname, function (err, result) {
//if there is not any error while fetching data
if (!err) {
//if there is result, it means we have email already registered
if (result.rows.length > 0) {
//so username is taken and we need to tell user to
//use different username
this.errorWhileCreatingAccount(3);
} else {
//here we are registering user and adding information into database
this.newUserCreate();
}
}
else {
this.errorWhileCreatingAccount(1);
}
});
};
/*
* This method will create new user into database
*
* Simple as that
* */
method.newUserCreate = function () {
};
/*
* This function will throw an error which was occurred during the account creation process
* */
method.errorWhileCreatingAccount = function (errorCode) {
var _error = {error: "", msg: ""};
switch (errorCode) {
case 1:
_error.error = true;
_error.msg = "There was error while checking your information. Please try again.";
break;
case 2:
_error.error = true;
_error.msg = "You have already created account with this email. " +
"Please use forgot password link if you don't remember your login details.";
break;
case 3:
_error.error = true;
_error.msg = "Username that you chose is already taken. Please try different username.";
break;
default:
_error.error = true;
_error.msg = "There was error an error. Please try again.";
break
}
};
// export the class
module.exports = AccessRegisterAction;
And the error message I am getting is,
events.js:160
throw er; // Unhandled 'error' event
^
TypeError: this.userNameCheck is not a function
at /Users/user/Desktop/Projects/nodejs/testproject/application/classes/UserAccessAction/AccessRegisterAction.js:55:22
at next (/Users/user/node_modules/cassandra-driver/lib/utils.js:616:14)
at readCallback (/Users/user/node_modules/cassandra-driver/lib/request-handler.js:202:5)
at Connection.invokeCallback (/Users/user/node_modules/cassandra-driver/lib/connection.js:584:5)
at Connection.handleResult (/Users/user/node_modules/cassandra-driver/lib/connection.js:522:8)
at emitThree (events.js:116:13)
at ResultEmitter.emit (events.js:194:7)
at ResultEmitter.each (/Users/user/node_modules/cassandra-driver/lib/streams.js:482:17)
at ResultEmitter._write (/Users/user/node_modules/cassandra-driver/lib/streams.js:466:10)
at doWrite (_stream_writable.js:307:12)
and my codes where I calling this function is,
var param = {uname: "testname", email: "fake#test.com", passwd: "test123"};
var AccessRegisterAction = require('../application/classes/UserAccessAction/AccessRegisterAction');
var register = new AccessRegisterAction(param);
register.createUser();
so can anyone tell me where my mistake is? How can I use oop with nodejs?
Thanks
Since it looks like you're using ES5 style, I'm not going to recommend arrow functions. However, as was brought out in the comments, the value of this changes inside each function statement. So, you need to save the context you'd like to use before entering the inner functions. For example:
method.createUser = function () {
var context = this;
var selectUserFromDBQuery = "SELECT uid from testdb.users WHERE email = '?' ALLOW FILTERING";
this._client.execute(selectUserFromDBQuery, this._email, function (err, result) {
//if there is not any error while fetching data
if (!err) {
//if there is result, it means we have email already registered
if (result.rows.length > 0) {
//so now we need to show user is already registered error
//to the user
context.errorWhileCreatingAccount(2);
} else {
//here we are checking user's username because
//we have not found user's email in database and we
//are good to go to register user
context.userNameCheck();
}
}
else {
context.errorWhileCreatingAccount(1);
}
});
};
Do this in each method which attempts to call this from within a new function.
You should be able to use prototypes easily enough in Node
You need to use an object first eg new AccessRegisterAction(), you'd be able to use the methods as usual.
It's hard to be sure as you've not posted the code you are using to access the method.
I'm using the nodeJS password-hash-and-salt library to encrypt password which I then store in a DB. This works fine. The problem comes in when I try to verify the password. Looking at the documentation, it should be simple... The example works flawlessly, but verifying a hash which was previously stored in a DB is failing. I've verified that the hash is not changing in-database, and that the hash is been returned when queried... I've also hashed a string and then tried to verify that string using the same string in-code (with no variables). I must be doing SOMETHING wrong... Anyone have any ideas? (Code below, library link here https://github.com/florianheinemann/password-hash-and-salt)
verifyPassword = function(user,pw){
// Connect to db
myuser = {};
var con = connect();
// Run query
con.query('SELECT UID,password FROM users WHERE username = ?', user, function(err,res){
if(err){ throw err; }
else {
myuser.userID = res[0].UID;
myuser.pswdV = res[0].password;
// Verifying hash
//console.log(pw);
//console.log(myuser.pswdV);
password(pw).verifyAgainst(myuser.pswdV, function(error, verified) {
//console.log(verified);
if(error)
throw new Error('Something went wrong!');
if(!verified) {
//socket.emit('popError','Invalid username or password. Please check your password and try again.');
//return {err:'Invalid username or password. Please check your password and try again.'}
console.log('Not verified');
} else {
var token = crypto.randomBytes(64);
token = buf.toString('hex');
myuser.secret = token;
delete myuser.pswdV;
con.query('UPDATE users SET magicSecret = ? WHERE username = ?', [token,user], function(err,res){
if(err) {
socket.emit('popError','Failed to login, this is a server problem.');
//return {err:'Failed to login, this is a server problem.'}
}
else {
socket.emit('login_success',myuser);
// return {err:myuser}
}
});
}
});
}
});
con.end(function(err) {
// The connection is terminated gracefully
// Ensures all previously enqueued queries are still
// before sending a COM_QUIT packet to the MySQL server.
});
};
Please excuse the debugging code... This should give you an idea of what I'm trying to do. If you see why it's failing please let me know.
UPDATE: In a nutshell, I would like to use the Master key, because I need to write an other user object with my current user, but I don't want to override all security, I just wanna use it in one function. The accepted answer in this question gave a very nice starting point, however I couldn't make it to work. It's the last code block in this question.
I have two separated functions. The first is pure objective-c, it deletes users from the currentUser's firstRelation. It worked well without any problems until i added a different CloudCode function into a different view controller. The CloudCode function uses the master key and adds currentUser to otherUser's sampleRelation & adds otherUser to currentUser's sampleRelation (firstRelation and sampleRelation is two different column inside the User class).
So the problem is when I delete a user from currentUser's firstRelation (with current user) my app crashes, because the user must be authenticated via logIn or signUp. Actually i don't understand this, because in this case I'm writing the currentUser with the currentUser instead of another user, so it must work without any problems (and worked before the CloudCode).
I'm almost sure that it's because I'm using the master key with the CloudCode, but have no idea how can I avoid it. Everything else is still working, for example I can upload images with currentUser.
Here is the code that I'm using for the CloudCode, JavaScript is totally unknown for me, maybe somebody will see what causes the problem.
Parse.Cloud.define('editUser', function(request, response) {
Parse.Cloud.useMasterKey();
var userQuery = new Parse.Query(Parse.User);
userQuery.get(request.params.userId)
.then(function (user) {
var relation = user.relation("sampleRelation");
relation.add(request.user);
// chain the promise
return user.save();
}).then(function (user) {
var currentUser = request.user;
var relation = currentUser.relation("sampleRelation");
relation.add(user);
// chain the new promise
return currentUser.save();
}).then(function () {
response.success();
}, function (error) {
response.error(error);
});
});
It crashes when i try to remove the object:
PFUser *user = [self.friends objectAtIndex:indexPath.row];
PFRelation *myFriendsRel = [self.currentUser relationForKey:#"simpleRelation"];
if ([self isFriend:user]) {
for (PFUser *friendName in self.friends) {
if ([friendName.objectId isEqualToString:user.objectId]){
[self.friends removeObject:friendName];
break; // to exit a loop
}
}
// remove from parse
[myFriendsRel removeObject:user];
NSLog(#"deleted: %#", user.username);
}
[self.currentUser saveInBackgroundWithBlock:^(BOOL succeeded, NSError *error) {
if (error){
NSLog(#"Error %# %#", error, [error userInfo]);
}
}];
This is the newest attempt, that based Fosco's answer from the other question. It works, but the same way as the earlier versions.
Parse.Cloud.define('editUser', function(request, response) {
var userId = request.params.userId;
var User = Parse.Object.extend('_User'),
user = new User({ objectId: userId });
var currentUser = request.user;
var relation = user.relation("friendsRelation");
relation.add(currentUser);
user.save(null, { useMasterKey:true}).then(function(user) {
response.success(user);
}, function(error) {
response.error(error)
});
});
At a quick glance it looks like its failing because you're trying to remove an object from an array whilst it is being iterated. I know this causes a crash in Objective C regardless of whether you're using Parse objects or not.
Try re-writing this segment:
for (PFUser *friendName in self.friends) {
if ([friendName.objectId isEqualToString:user.objectId]){
[self.friends removeObject:friendName];
break; // to exit a loop
}
}
To something like this:
NSMutableArray *tempArray = [[NSMutableArray alloc]init];
for (PFUser *friendName in self.friends) {
if (![friendName.objectId isEqualToString:user.objectId]) {
[tempArray addObject:friendName];
}
self.friends = [NSArray arrayWithArray:tempArray];
Again, only had a quick glance so not 100% if that is your problem but it looks like it, let me know if it helps
There are some irreversible actions that user can do in my app. To add a level of security, I'd like to verify that the person performing such an action is actually the logged in user. How can I achieve it?
For users with passwords, I'd like a prompt that would ask for entering user password again. How can I later verify this password, without sending it over the wire?
Is a similar action possible for users logged via external service? If yes, how to achieve it?
I can help with the first question. As of this writing, meteor doesn't have a checkPassword method, but here's how you can do it:
On the client, I'm going to assume you have a form with an input called password and a button called check-password. The event code could look something like this:
Template.userAccount.events({
'click #check-password': function() {
var digest = Package.sha.SHA256($('#password').val());
Meteor.call('checkPassword', digest, function(err, result) {
if (result) {
console.log('the passwords match!');
}
});
}
});
Then on the server, we can implement the checkPassword method like so:
Meteor.methods({
checkPassword: function(digest) {
check(digest, String);
if (this.userId) {
var user = Meteor.user();
var password = {digest: digest, algorithm: 'sha-256'};
var result = Accounts._checkPassword(user, password);
return result.error == null;
} else {
return false;
}
}
});
For more details, please see my blog post. I will do my best to keep it up to date.
I haven't done this before, but I think you will need something like this on your server
Accounts.registerLoginHandler(function(loginRequest) {
console.log(loginRequest)
var userId = null;
var username = loginRequest.username;
// I'M NOT SURE HOW METEOR PASSWORD IS HASHED...
// SO YOU NEED TO DO A BIT MORE RESEARCH ON THAT SIDE
// BUT LET'S SAY YOU HAVE IT NOW
var password = loginRequest.password;
var user = Meteor.users.findOne({
$and: [
{username: username},
{password: password}
]
});
if(!user) {
// ERROR
} else {
// VERIFIED
}
});
then you can call this function from the client side like this:
// FETCH THE USERNAME AND PASSWORD SOMEHOW
var loginRequest = {username: username, password: password};
Accounts.callLoginMethod({
methodArguments: [loginRequest]
});
I have a project on github for different purpose, but you can get a sense of how it is structured: https://github.com/534N/apitest
Hope this helps,
I have found the best way to validate the users password is to use the Accounts.changePassword command and
pass in the same password for old and new password. https://docs.meteor.com/api/passwords.html#Accounts-changePassword
Accounts.changePassword(this.password, this.password, (error) => {
if(error) {
//The password provided was incorrect
}
})
If the password provided is wrong, you will get an error back and the users password will not be changed.
If the password is correct, the users password will be updated with the same password as is currently set.