1

Im trying to implement a simple login mechanism from NodeJS(using ExpressJS) and MongoDB. Im using MongoJS for the DB connectivity. I am using the $and: to see if the fields match inside the collection.

function authenticate(req,res){

username  = req.body.username;
password = req.body.password;
db.users.find({$and :[{username:username},{password:password}]},function(err,doc){

   if(( Object.keys(doc).length === 0 && doc.constructor === Object) === false){
       res.send("Invalid login")
   } else {
       doc.forEach(function(doc){
           console.log(doc.firstname)
       })

   }
})
}

Im checking if the doc contanis an empty object (which means the username and password didnt match) and telling the page to show that the login is invalid. If the doc does contain a matching username and password, Im console.log()ging the firstname of the user...

The code above is not working...What is it that I am doing wrong?

Thanks in advance...

CoderSenju
  • 39
  • 8
  • just to add...the fields are not null, the fields are populated from the login form, and the appropriate username and password criteria exist in the collection as well... – CoderSenju Feb 16 '17 at 04:11

1 Answers1

1

I think that instead of doing what you're doing it would make much more sense if you were to instead to simply run a query for the username with a limit of one result and see if the returned doc contains a result. From there we will check if the posted password matches the one queried from the database and if so we will console.log the username. Furthermore instead of querying for the password you should be first hashing it. read more about that HERE

function authenticate(req,res){
    username  = req.body.username;
    password = req.body.password;
    db.users.findOne({"username":username}, function(err, doc) {
        if (err) throw err;
        if(doc && doc._id){
            if(password==doc["password"]){
                console.log("Your first name is: "+doc.firstname)
            }else{
                res.send("Invalid login")
            }
        }else{
            res.send("Invalid login")
        }
    });
}
Mohammad Ali
  • 878
  • 8
  • 16
  • a non-existing credentials are crashing the server, can we handle it more gracefully? – CoderSenju Feb 16 '17 at 04:42
  • try again now, ive changed the if statement to first check to see if doc exists then doc._id – Mohammad Ali Feb 16 '17 at 04:44
  • there we go :) thanks. Will read into the hashing article, thanks for sharing – CoderSenju Feb 16 '17 at 04:47
  • no problem, if the answer has helped you please feel free to click the check mark to the left of it to inform others that it is the correct answer, also feel free to leave me an upvote. – Mohammad Ali Feb 16 '17 at 04:49
  • just out of curiosity, if I were to take the `$and:` route, how would I go about solving the issue. If that is possible...I tried doing `.count()` of the doc so that if the `count()` value of 0, I know the user does not exist... But that didnt workout so well... – CoderSenju Feb 16 '17 at 04:49