When registering a new user, I want to check email for uniqueness. I am using body parser to make sure all fields are not empty, but how am I to check that the input email is not used by anyone else and to immediately output the message for a user?
The technology stack is Node.js, mongoose, body-parser module, mongodb
Here's the route file:
router.post('/register', function(req, res){
let name = req.body.name;
let email = req.body.email;
req.checkBody('name', 'Name field is empty!').notEmpty();
req.checkBody('email', 'Email field is empty!').notEmpty();
req.checkBody('email', 'Invalid email format').isEmail();
var errors = req.validationErrors();
if(errors){
res.render('register', {
errors:errors
});
} else {
let newUser = new User({
name: name,
email: email
});
After looking through similar questions, I found a way to use a pre save in my model file, but I don't know how to sisplay the error to the user as a part of the errors array (see above)
Any help will be highly appreciated!
You can achieve both from the Mongoose model and the Register() method.
The user model should be like this:
var mongoose = require('mongoose');
var UserSchema = new mongoose.Schema({
email: {
type: String,
lowercase: true,
unique: true,
sparse: true
},
password: {
type: String,
required: true
},
},
{
timestamps: true
});
module.exports = mongoose.model('User', UserSchema);
This will ensure that emails are unique. Then at the register method, you do this:
exports.register = function(req, res, next){
let name = req.body.name;
let email = req.body.email;
User.findOne({email: email}, function(err, existingUser){
if(err){
return res.status(500).json(err);
}
if(existingUser){
return res.status(422).json('Email address is already registered.');
}
else {
var user = new User({
username : username,
email: email,
password: password
});
user.save(function(err, user){
if(err){
return next(err);
}
var userInfo = setUserInfo(user);
res.status(201).json({
token: 'JWT ' + generateToken(userInfo),
user: userInfo
})
});
}
});
}
}
}
Hope this helps.
Related
Edit: [how to handle case of jwt expiration ]
I have read some article on how to implement email verification for your web application and each one follow up:
Creating a unique string, saving it in db with reference to user being verified and sending that unique string as a link for verification. When user visits that link, unique string is run against db and refernced user is validated.
But, I tried it in a different way, that user model contains verify status and will be false by default and when new user sign_up then a jwt token is created and that is sent to user as verification link and when the link is visited, jwt token is verified and user verify status is changed to true.
Above implementation worked for me and removes the use of creating and storing token in separate db but I am afraid this approach might have problems which I might not be aware of. here's the code for above.
passport configuration for auth(config-passport.js)
const bcrypt = require('bcrypt')
const LocalStrategy = require('passport-local').Strategy
const { User } = require('./models/user');
module.exports = (passport) => {
// passport local strategy
const authUser = (email, password, done) => {
User.findOne({ email: email }, function(err, user){
if(err) return done(err);
if(!user || !user.verify) return done(null, false);
if(user.verify){
bcrypt.compare(password, user.password, (err, isValid) => {
if (err) {
return done(err)
}
if (!isValid) {
return done(null, false)
}
return done(null, user)
})
}
})
}
passport.serializeUser((user, done) => {
done(null, user.id)
});
passport.deserializeUser((id, done) => {
User.findOne({ _id: id }, function(err, user){
done(err, user)
});
});
passport.use(new LocalStrategy({
usernameField: 'email'
}, authUser));
}
user model
'use strict';
const mongoose = require('mongoose');
const bcrypt = require('bcrypt')
const Joi = require('joi');
const Schema = mongoose.Schema;
//any changes done to userSchema will need changes done to userValidation.js
const userSchema = new Schema({
username: {type: String, required: true, maxlength: 100},
email: {type: String, unique: true, lowercase: true, required: true},
mobile: {type: Number, unique: true, required: true},
password: {type: String, required: true},
verify: { type: Boolean, enum: [false, true], default: false },
lib: [{ type: Schema.Types.ObjectId, ref: 'Book' }],
book_id: [{ type: Schema.Types.ObjectId, ref: 'Book' }]
});
const JoiValidUser = Joi.object({
username: Joi.string().min(3).max(50).required(),
email: Joi.string().email().min(5).max(50).required(),
mobile: Joi.string().regex(/^[0-9]{10}$/).required().messages({ 'string.pattern.base': `Phone number must have 10 digits.` }),
password: Joi.string().min(5).max(255).required()
});
userSchema.pre('save', async function(next){
const user = this;
const hash = await bcrypt.hash(user.password, 10);
this.password = hash;
next();
})
userSchema.methods.isValidPassword = async function(password) {
const user = this;
const compare = await bcrypt.compare(password, user.password);
return compare;
}
const User = mongoose.model('User', userSchema);
module.exports = { User, JoiValidUser };
user creation controller(userCreate.js)
const { User, JoiValidUser } = require('../models/user');
const mailer = require('../controller/mailHandler')
//takes data posted and form it in a readable format
//then validate/sanitize it against schema
//if error arises or user already exists a msg is passed on
//else user creation process is executed
module.exports = async function(req, res){
let user = {
username: req.body.username,
email: req.body.email,
mobile: req.body.mobile,
password: req.body.password
}
try{
JoiValidUser.validate(user);
const ExistUser = await User.findOne({
$or: [
{ email: req.body.email },
{ mobile: req.body.mobile }
]
});
if(ExistUser)
throw new Error("Email/Mobile Number already Registered");
await (new User(user)).save();
mailer(user.username, user.email);
res.send({ msg: "A Verification link is sent to mail" });
} catch(err) {
res.render('error', { message: err.message })
}
}
user verification route (verify.js)
const router = require('express').Router();
const jwt = require('jsonwebtoken');
const config = require('dotenv').config().parsed
const { User } = require('../models/user')
const routePlan = require('../route_plan');
router.get('/:token', async(req, res) => {
const { email } = jwt.verify(req.params.token, config.SECRET);
await User.findOneAndUpdate({ email: email }, {
$set: { verify: true }
});
res.send("Welcome ...")
})
module.exports = router;
EDIT:
Thank you all for your feedback but there is another problem I want to be clear of on how to handle case when jwt token expires because link will be invalid and user cannot try to sign up again because his info is already in db and he cannot register again
i have this code:
i want to have another fields with the user like their phone number, but I don't know how I can add them
const userSchema = new mongoose.Schema({
username: String,
password: String
//// here i want to add another property
});
userSchema.plugin(passportLocalMongoose);
const User = mongoose.model('user', userSchema);
passport.use(User.createStrategy());
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
and my registering is this:
User.register({ username: req.body.username }, req.body.password, function (err) {
if (err) {
console.log(err);
res.redirect("/register");
} else {
passport.authenticate("local")(req, res, function () {
res.redirect("/");
});
}
});
I don't know where to add the new field
You're almost there! I would recommend to add the field within your schema.
const userSchema = new mongoose.Schema({
username: String,
password: String
phoneNumber: String,
});
Then on your register call you will pass the data into the User.register method.
const user = {
username: req.body.username,
phoneNumber: req.body.phoneNumber,
}
User.register(new User(user), req.body.password, function (err) {
// your callback logic
I'm new to node so bear with me!
I am working on my auth system. I have login, register and logout done so far. Now I want to update my user in the settings page. How would I go about updating the already added User items such as username, password and email? And most importantly adding new ones such as API Key, and API Secret.
Here is my code:
var UserSchema = mongoose.Schema({
username: {
type: String,
index:true
},
email: {
type: String
},
password: {
type: String
},
apiKey: {
type: String
},
apiSecret: {
type: String
}
});
My user schema, the api key info is not added on registration. Should it be in the schema or will it be added automatically later?
var newUser = new User({
username: username,
email:email,
password: password
});
User.createUser(newUser, function(err, user){
if(err) throw err;
console.log(user);
req.flash('success_msg', 'You are registered and can now login');
res.redirect('/users/login');
});
How I create the new user after verification.
router.post('/settings', function(req, res){
var apiKey = req.body.apiKey;
var apiSecret = req.body.apiSecret;
//INSERT api info into DB here
});
Where I get the API keys from a form and then want to insert them into the User that is currently logged in. This is where my problem is.
Thank you in advance for any help!
Assuming you've access to the logged in user in req like req.user
router.post('/settings', function(req, res) {
var updateFields = {
apiKey: req.body.apiKey,
apiSecret: req.body.apiSecret
}
User.findOneAndUpdate({"_id": req.user._id}, {"$set": updateFields}, {"new": true}})
.exec(function(err, user) {
if (err) {
//handle err
} else {
//user contains updated user document
}
});
});
And yes you should keep all the fields you want to insert even in future in the schema. Else they won't insert into database.
I'm trying to prevent registration with a previously registered email. I tried to create a custom validation in mongoose schema. but it gave me an error ValidationError: User validation failed
at MongooseError.ValidationError. The code is down bellow. Can some one tell me where is the error or a better way to check if the user email exists in db.
// user schema
var UserSchema = mongoose.Schema({
username: {
type: String,
index: true,
require: true
},
password: {
type: String,
require: true
},
email: {
type: String,
lowercase: true,
trim: true,
index: {
unique: true,
},
validate: {
validator : isEmailExists, msg: 'Email already exists'
}
},
name: {
type: String
},
admin: Boolean,
active: Boolean,
});
// validation
function isEmailExists(email, callback) {
if (email) {
mongoose.models['User'].count({ _id: { '$ne': this._id }, email: email }, function (err, result) {
if (err) {
return callback(err);
}
callback(!result);
})
}
}
// createUser function
module.exports.createUser = function(newUser, callback){
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(newUser.password, salt, function(err, hash) {
newUser.password = hash;
newUser.save(callback);
});
});
}
Router
router.post('/register', function(req, res, next) {
var name = req.body.name;
var email = req.body.email;
var password = req.body.password;
var confirmedPassword = req.body.confirmedPassword;
// Validation
req.checkBody('name', 'Name is required').notEmpty();
req.checkBody('email', 'Email is required').notEmpty();
req.checkBody('email', 'Email is not valid').isEmail();
req.checkBody('password', 'Password is required').notEmpty();
req.checkBody('confirmedPassword', 'Passwords do not match').equals(req.body.password);
var errors = req.validationErrors();
if (errors) {
res.render('register', {
errors: errors
});
} else {
var newUser = new User({
name: name,
email: email,
password: password,
admin: false,
active: false
});
User.createUser(newUser, function (err, user) {
if (err) {
throw err;
}
});
req.flash('success_msg', 'You are registerd and can now login');
res.redirect('/users/login');
}
The best way to check if the e-mail id already exists in the database or not is by using express-validator.
Since, there upgrade to version 4, the API has changed.
Now, instead of using:-
const expressValidator = require('express-validator');
..in your app.js file, and then calling the middleware. Instead, just do this in your users route file:-
const { check, validationResult } = require('express-validator/check');
Now, to check if the e-mail id already exists in the database, you will have to use Promise. Here's a working code:-
router.post('/register', [
check('name')
.not()
.isEmpty()
.withMessage('Name is required'),
check('email')
.not()
.isEmpty()
.withMessage('Email is required')
.isEmail()
.withMessage('Invalid Email')
.custom((value, {req}) => {
return new Promise((resolve, reject) => {
User.findOne({email:req.body.email}, function(err, user){
if(err) {
reject(new Error('Server Error'))
}
if(Boolean(user)) {
reject(new Error('E-mail already in use'))
}
resolve(true)
});
});
}),
// Check Password
check('password')
.not()
.isEmpty()
.withMessage('Password is required'),
// Check Password Confirmation
check('confirmedPassword', 'Passwords do not match')
.exists()
.custom((value, { req }) => value === req.body.password)
], function(req, res) {
var name = req.body.name;
var email = req.body.email;
var password = req.body.password;
var confirmedPassword = req.body.confirmedPassword;
// Check for Errors
const validationErrors = validationResult(req);
let errors = [];
if(!validationErrors.isEmpty()) {
Object.keys(validationErrors.mapped()).forEach(field => {
errors.push(validationErrors.mapped()[field]['msg']);
});
}
if(errors.length){
res.render('register',{
errors:errors
});
} else {
var newUser = new User({
name: name,
email: email,
password: password,
admin: false,
active: false
});
User.createUser(newUser, function (err, user) {
if (err) {
throw err;
}
});
req.flash('success_msg', 'You are registerd and can now login');
res.redirect('/users/login');
}
You can similarly do this to check for the username also.
Here is the link to the official GitHub page of express-validator
You can use Monsgoose's Model.findOne()=> https://mongoosejs.com/docs/api.html#model_Model.findOne:
router.post('/register',(req,res)=>{
// Object destructuring
const {username,password,email,...rest} =req.body;
// Error's Array
let errors = [];
// Mongoose Model.findOne()
User.findOne({email:email}).then(user=>{
if(user){
errors.push({msg: 'Email already exists'});
res.render('register',{errors})
}
})
})
You can use email-check package for checking whether the user had been previously registered (whether there is a duplicate email address inside email field).
Here is the link for downloading the package
https://www.npmjs.com/package/email-check
By writing unique: true property inside Models will provide mail address to be not repetitive. But you should also include email-chack validation which you can do inside Router
import emailCheck from "email-check";
//other imports
router.post("/register", (req, res) => {
var name = req.body.name;
var email = req.body.email;
var password = req.body.password;
var confirmedPassword = req.body.confirmedPassword;
// your validation for another fields
emailCheck(email)
.then(() => {
User.create(req.body)
.then(() => {
res.send(req.body);
})
.catch((error) =>
res.json({serverErrorDublicateEmail: "The email address is already subscribed. Please try to use another one or simply Log in"});
});
})
.catch(() => {
res.json({serverErrorEmailExistence: "The email address doesn't exist. Please try the valid one"});
});
});
emailCheck returns a Promise. Note: I am using ES6 syntax.
That's all. Your UserSchema can stay without any validation.
Need to knoe why I'mgetting this error? is my approach for validating the user thorugh login form correct here? I'm just new to node.js need your help.
var mongo = require('mongodb');
var mongoose = require('mongoose');
var db = mongoose.connect('mongodb://localhost/subscribe');
var mySchema = new mongoose.Schema({
_id : String,
name : String,
phone : String,
age : Number,
password : String
});
var User = mongoose.model('signups', mySchema);
Signup form , to save the registered user in the mongodb collection.
router.post('/signup', function(req, res) {
var user = new User({
_id : req.body.email,
phone : req.body.phone,
age : req.body.age,
password : req.body.password
});
user.save(function (err, doc) {
if (err) {
res.send("There was a problem adding the information to the database.");
}
else {
res.redirect('/');
}
});
});
trying to validate the user credentials
router.post('/adduser',function(req, res){
db.signups.findOne({ $and: [{_id: req.body.useremail}, {password: req.body.password }]}, function(err, item) {
if (err) return res.send("Please provide valid credentials.");
else {
res.redirect('/home');
}
});
});
How to validate the user credentials here?