This is passport function to extract headers. I am using fromAuthHeaderWithScheme one, I already tried fromAuthHeaderAsBearerToken with bearer token as well. I could not make it work no matter what?
const JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt,
User = require('../models/user'),
Config = require('../config/database');
module.exports = function(passport) {
let opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme("JWT");
opts.secretOrKey = Config.secret;
//Code only comes until here.
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
console.log(jwt_payload);//Code never reaches here.
User.getByUserId({
id: jwt_payload._id
}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
}
});
}));
}
Next is my getUserById function
module.exports.getByUserId = function(id, cb) {
User.findById(id, cb)
}
Next, is where above two gets called:
router.post('/login', function(req, res) {
let username = req.body.username;
password = req.body.password;
User.getByUserName(username, function(err, user) {
if (err) {
throw err;
}
if (!user) {
return res.json({
success: "false",
msg: "User not found"
})
}
//if found compareUser to regiestred one
User.comparePassword(password, user.password, function(err, isMatched) {
if (err) {
throw err;
}
if (isMatched) {
const token = jwt.sign(user.toJSON(), CONFIG.secret, {
expiresIn: 3600 /*Logout in 1 hour*/
});
res.json({
success: "true",
token: 'JWT ' + token,
user: user._id,
email: user.email,
username: user.username,
});
} else {
return res.json({
success: "false",
msg: " Password not Matched"
});
}
});
});
});
And these are comparePassword and getUserByName incase you need to see:
module.exports.comparePassword = function(typedPassword, hash, cb) {
bcrypt.compare(typedPassword, hash, (err, isMatched) => {
if (err) {
throw err;
}
return cb(null, isMatched);
})
};
module.exports.getByUserName = function(username, cb) {
const query = {
username: username
}
User.findOne(query, cb);
}
The secret key is same every where, that is not the issue. I cannot seem to figure out the issue.
router.get("/profile", passport.authenticate('jwt', {
session: false
}, function(req, res, next) {
res.json({
success: true,
message: "This is user profile",
user: req.user
});
}));
Now, above is how I authenticate, using postman and sending request as content type "Authorization" and The token. Encase, any of you are wondering, I already tried 'bearer '+token through bearer scheme.
I changed the first code block I posted above to this
const JwtStrategy = require('passport-jwt').Strategy,
ExtractJwt = require('passport-jwt').ExtractJwt,
keys = require('./keys'),
mongoose = require('mongoose'),
User = require('../models/User');
const opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken('Bearer');
opts.secretOrKey = keys.secretOrKey;
module.exports = passport => {
passport.use(new JwtStrategy(opts, (jwt_payload, done) => {
User.findOne({ id: jwt_payload.sub }, (err, user) => {
User.findById(jwt_payload.id)
.then(user => {
if (user) {
return done(null, user);
}
return done(null, false);
})
.catch(err => console.log(err));
});
}))
};
And second block to this. Basically change the token from 'JWT' to 'Bearer'.
router.post('/login', (req, res) => {
const email = req.body.email, password = req.body.password;
User.findOne({ email: email })
.then(user => {
if (!user) {
res.status(404).json({ msg: 'User not found' })
}
//Check password
bcrypt.compare(password, user.password)
.then(isMatch => {
if (isMatch) {
//User found
//Create Jwt Payload
const payload = {
id: user.id,
name: user.name,
avatar: user.avatar
}
jwt.sign(
payload,
keys.secretOrKey,
{ expiresIn: 3600 },
(err, token) => {
res.json({
success: true,
token: 'Bearer ' + token
});
});
} else {
return res.status(400).json({ password: 'Password do not match' })
}
})
// .catch(err => console.log(err));
})
});
Now its working for me.
Related
../Passport.js
const LocalStrategy = require("passport-local").Strategy;
const bcrypt = require("bcrypt");
const mongoose = require("mongoose");
const User = require("../models/User.js");
module.exports = function (passport) {
passport.use(
new LocalStrategy(
{ usernameField: "email", passwordField: "password" },
(email, password, done) => {
console.log(email, password);
User.findOne({ email: email }, async function (err, user) {
console.log(password, user.password);
if (err) {
return done(err);
}
if (!user) {
return done(null, false, {
message: "No User found against this email address",
});
} else if (!user.isEmailVerified) {
return done(null, false, {
message: "User needs to verify the OTP",
});
}
var result = await bcrypt.compare(password, user.password);
if (result) {
return done(null, user);
}
if (!result) {
return done(null, false, { message: "Incorrect Password" });
}
});
}
)
);
};
user.js
router.post(
"/login",
validateEmail,
validatePassword,
validator,
(req, res, next) => {
passport.authenticate(
"local",
{ session: false },
function (err, user, info) {
console.log("::Err::", err, "::User::", user, "::Info::", info);
if (err) {
next(new BadRequestResponse(err));
}
if (!user) {
next(new UnauthorizedResponse(info.message, 401));
} else {
next(new OkResponse({ user: user.toAuthJSON() }));
}
}
)(req, res, next);
}
);
I'm struggling since ages to find the issue why bcrypt keeps on returning "false" even though both the hased password and entered password are the same. Please ignore the middlewares after the "/login' router since they are not affecting the entire flow
First of all, let me give you a warm thank you for giving a thought to this question.
So, what's the problem?
(This is a simple problem for most of you grandmasters!)
Well, the user can be registered to this simple app. But, for some reason, authentication doesn't work. That some reason is what my brain nerves having a hard time comprehending!
Having tried all the possible solutions for hours and hours, this novice-newbie decided to head over to the haven of veterans here in the StackOverflow!
Let me give you the code, so you can shed me some bright light!
Following is a capture of the code written for the authentication
//Authenticating the user
router.post('/authenticate', (req, res, next) => {
const username = req.body.username;
const password = req.body.password;
User.getUserByUsername(username, (err, user) => {
if (err) throw err;
if (!user) {
return res.json({
sucess: false,
msg: 'There is no such user found here'
});
}
User.comparePassword(password, user.password, (err, isMatch) => {
if (err) throw err;
if (isMatch) {
const token = jwt.sign(user.toJSON(), config.secret, {
expiresIn: 604800 // 1 week
});
res.json({
success: true,
token: 'JWT' + token,
user: {
id: user._id,
name: user.name,
username: user.username,
email: user.email
}
});
} else {
return res.json({
success: false,
msg: 'Enter the correct details!'
});
}
});
});
});
//Getting into the dashboard
router.get('/profile', passport.authenticate('jwt', {
session: false
}),
(req, res, next) => {
res.json({
user: req.user
});
});
The next few pictures on your way shows you the POSTMAN requests that are done by this novice.
Here, a post request is done to register the user and as you can see, there's not a smidgen of a problem there; the user is, without a doubt, registered!
Here's the authentication done with POSTMAN
But now, for some reason (which I have zero clue of), the user is NOT authenticated. This is the problem that I need to solve.
Here is a code of the model/user.js file in case you want to know what's in there as well
const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');
const config = require('../config/database');
// These are the collection or entities in ERD language
const UserSchema = mongoose.Schema({
name: {
type: String
},
email: {
type: String,
required: true
},
password: {
type: String,
required: true
}
});
const User = module.exports = mongoose.model('user', UserSchema); //User is the name give for this particular model's schema
// these are functions implemented to do a certain task
module.exports.getUserById = function (id, callback) {
User.findById(id, callback);
}
module.exports.getUserByUsername = function (username, callback) {
const query = {
username: username
}
User.findOne(query, callback);
}
module.exports.addUser = function (newUser, callback) {
bcrypt.genSalt(10, (err, salt) => {
bcrypt.hash(newUser.password, salt, (err, hash) => {
if (err) throw err;
newUser.password = hash;
newUser.save(callback);
});
})
}
//comparing the hash password
module.exports.comparePassword = function (candidatePasword, hash, callback) {
bcrypt.compare(candidatePasword, hash, (err, isMatch) => {
if (err) throw err;
callback(null, isMatch);
});
}
Thank You for your time!
Stay safe btw!
edit1: The code for the registration or signing up.
router.post('/signup', (req, res, next) => {
let newUser = new User({
name: req.body.name,
email: req.body.email,
username: req.body.username,
password: req.body.password
});
User.addUser(newUser, (err, user) => {
//console.log("registration is working");
if (err) {
res.json({
sucess: false,
msg: 'Hey! Enter the correct information man!'
});
} else {
res.json({
success: true,
msg: 'you are registered'
});
}
});
});
Here's the whole routes/users.js file for you to refer
const express = require('express');
const router = express.Router();
const passport = require('passport');
const jwt = require('jsonwebtoken');
const User = require('../models/user');
const config = require('../config/database');
// Signingup the user
router.post('/signup', (req, res, next) => {
let newUser = new User({
name: req.body.name,
email: req.body.email,
username: req.body.username,
password: req.body.password
});
User.addUser(newUser, (err, user) => {
//console.log("registration is working");
if (err) {
res.json({
sucess: false,
msg: 'Hey! Enter the correct information man!'
});
} else {
res.json({
success: true,
msg: 'you are registered'
});
}
});
});
//Authenticating the user
router.post('/authenticate', (req, res, next) => {
const username = req.body.username;
const password = req.body.password;
User.getUserByUsername(username, (err, user) => {
if (err) throw err;
if (!user) {
return res.json({
sucess: false,
msg: 'There is no such user found here'
});
}
User.comparePassword(password, user.password, (err, isMatch) => {
if (err) throw err;
if (isMatch) {
const token = jwt.sign(user.toJSON(), config.secret, {
expiresIn: 604800 // 1 week
});
res.json({
success: true,
token: 'JWT' + token,
user: {
id: user._id,
name: user.name,
username: user.username,
email: user.email
}
});
} else {
return res.json({
success: false,
msg: 'Enter the correct details!'
});
}
});
});
});
//Getting into the dashboard
router.get('/profile', passport.authenticate('jwt', {
session: false
}),
(req, res, next) => {
res.json({
user: req.user
});
});
router.post('/login', (req, res, next) => {
let newUser = new User({
username: req.body.username,
password: req.body.password
});
User.addUser(newUser, (err, user) => {
if (err) {
res.json({
success: false,
msg: "Enter the correct information"
});
} else {
res.json({
success: true,
msg: "User loggedIn"
});
}
});
});
module.exports = router;
In your schema, you don't have the field username but your query is {username: username}. That's why you can't find any user match and get the response "There is no such user found here". Change your query to {name: username} may solve the problem.
I am trying to learn nodejs. registering api is working in postman but when I try to hit authenticate API, I get this error which in the terminal which says cast to objectId failed for value "john" at path "_id" for model User.
how to get rid of this error
this is my users.js
const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');
const config = require('../config/database');
//user schema
const UserSchema = mongoose.Schema({
name: {
type: String
},
email: {
type: String,
required: true
},
username: {
type: String,
required: true
},
password: {
type: String,
required: true
}
});
const User = module.exports = mongoose.model('User', UserSchema);
module.exports.getUserById = function(id, callback) {
User.findById(id, callback);
}
module.exports.getUserByUserName = function(username, callback) {
User.findById(username, callback);
}
module.exports.addUser = function(newUser, callback) {
bcrypt.genSalt(10, (err, salt) => {
bcrypt.hash(newUser.password, salt, (err, hash) => {
if(err) throw err;
newUser.password = hash;
newUser.save(callback);
})
})
}
module.exports.comparePassword = function(candidatePassport, hash, callback) {
bcrypt.compare(candidatePassport, hash, (err, isMatch)=> {
if (err) throw err;
callback(null, isMatch);
});
}
// router/users.js
this is the authenticate api code which is fetching username and password from req body
router.post('/authenticate', (req,res,next) => {
const username = req.body.username;
const password = req.body.password;
User.getUserByUserName(username, (err,user)=>{
if(err) throw err;
if(!user) {
return res.json({success: false, msg: 'user not found'});
}
User.comparePassword(password, user.password, (err, isMatch) => {
if(err) throw err;
if(isMatch) {
// const token = jwt.sign(user, config.secret, {
// expiration: 604800 // 1 week
// });
const token = jwt.sign({data: user}, config.secret, {
expiresIn: 604800
});
res.json({
success: true,
token: 'Bearer ' + token,
user: {
id: user._id,
name: user.name,
username: user.username,
email: user.email
}
});
} else {
return res.json({success: false, msg: 'wrong password'});
}
})
})
})
this is passport.js which is inside config folder
const JWTStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const User = require('../models/user');
const config = require('../config/database');
module.exports = function(passport) {
let opts = {};
// opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
// opts.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme("jwt");
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = config.secret;
passport.use(new JWTStrategy(opts, (jwt_payload, done)=> {
console.log(jwt_payload);
User.getUserById(jwt_payload.data._id,(err,user) => {
if (err) {
return done(err, false);
}
if(user) {
return done(null, user);
} else {
return done(null, false);
}
})
}));
}
//db screenshot
You're calling the wrong method getUserById here:
module.exports.getUserByUserName = function(username, callback) {
User.findById(username, callback);
}
Replace it with:
module.exports.getUserByUserName = function(username, callback) {
User.find({'username': username}, function(err, user) {
if(err) return callback(err);
return callback(null, user);
})
After some help of #veve, I am able to solve the error by this code
module.exports.getUserByUserName = function(username, callback) {
const query = {username: username}
User.findOne(query, callback);
}
I'm making authorizing with token and when I test with postman, I keep getting 'Unauthorized' after logged in and go to profile
Login code:
router.post('/authentication', (request, response, next) => {
const email = request.body.email;
const password = request.body.password;
userModel.getUserByEmail(email, (err, user) => {
if (err) throw err;
else {
if (!user) {
console.log('User does not exists!');
response.json({ success: false, msg: 'User does not exists!' });
} else {
userModel.comparePassword(password, user.password, (err, isMatch) => {
if (err) throw err;
else {
if (!isMatch) {
response.json({ success: false, msg: 'Password do not match!' });
} else {
const token = jwt.sign(user, config.secret, {
expiresIn: 86400 // 1 day
});
response.json({
success: true,
token: "JWT " + token,
user: {
id: user._id,
name: user.name,
email: user.email,
role: user.role
}
});
}
}
});
}
}
});
});
passport.js
const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const userModel = require('../models/usersModel');
const config = require('../config/database');
module.exports = function (passport) {
let opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
opts.secretOrKey = config.secret;
passport.use(new JwtStrategy(opts, (jwt_payload, done) => {
userModel.getUserById(jwt_payload._doc._id, (err, user) => {
console.log(jwt_payload);
if (err) {
return done(err, false);
}
if (user) {
return done(null, user);
} else {
return done(null, false);
}
});
}));
}
tested route :
router.get('/profile', passport.authenticate('jwt', { session: false }), (request, response, next) => {
response.json({ user: request.user });
});
(PS: I tried console.log(jwt_payload); and shows nothing in console. Still stucking in this please help. I'm a starter. )
After you get your jwt token, you should send it in every request.
header: authorization: JWT "token"
Are you doing it?
1) Once user is authenticated, How can I set the token in a cookie so that user does not send username password in each request?
2) What is the ideal way of sending token to the client side?
apiRoutes.post('/authenticate', function (req, res) {
User.findOne({
email: req.body.email
}, function (err, user) {
if (err) throw err;
if (!user) {
res.send({ success: false, message: 'Authentication failed. User not found.' });
} else {
// Check if password matches
user.comparePassword(req.body.password, function (err, isMatch) {
if (isMatch && !err) {
// Create token if the password matched and no error was thrown
var claims = {
sub: user._id,
email:user.email,
iss: 'https://NodeLogin.com',
permissions: user.role
};
var token = jwt.sign(claims, config.secret, {
expiresIn: 60 // in seconds
});
res.json({ success: true, token: 'JWT ' + token });
} else {
res.send({ success: false, message: 'Authentication failed. Passwords did not match.' });
}
});
}
});
});
apiRoutes.get('/dashboard',
passport.authenticate('jwt', { session: false }), function (req, res) {
res.send('Worked' + req.user._id + '.');
});
you should follow code:
user.comparePassword(req.body.password, function (err, isMatch) {
if (isMatch && !err) {
// Create token if the password matched and no error was thrown
var claims = {
sub: user._id,
email:user.email,
iss: 'https://NodeLogin.com',
permissions: user.role
};
var token = jwt.sign(claims, config.secret, {
expiresIn: 60 // in seconds
});
res.cookie('jwt',token); // add cookie here
res.json({ success: true, token: 'JWT ' + token });
} else {
res.send({ success: false, message: 'Authentication failed. Passwords did not match.' });
}
});
and passport config:
var cookieExtractor = function(req) {
var token = null;
if (req && req.cookies) token = req.cookies['jwt'];
return token;
};
module.exports = function(passport) {
var opts = {};
opts.jwtFromRequest = cookieExtractor; // check token in cookie
opts.secretOrKey = config.secret;
passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
User.findOne({id: jwt_payload.id}, function(err, user) {
if (err) {
return done(err, false);
}
if (user) {
done(null, user);
} else {
done(null, false);
}
});
}));
};
it's working for me :)
For httpOnly, signed, secure Cookies you might need to use signedCookies
const cookieExtractor = function (req) {
let token = null;
if (req && req.signedCookies && req.signedCookies.jwt) {
token = req.signedCookies['jwt']['token'];
}
return token;
};