1

Im trying to implement a simple login mechanism from NodeJS(using ExpressJS) and MongoDB. Im using MongoJS for the DB connectivity. I am using the $and: to see if the fields match inside the collection.

function authenticate(req,res){

username  = req.body.username;
password = req.body.password;
db.users.find({$and :[{username:username},{password:password}]},function(err,doc){

   if(( Object.keys(doc).length === 0 && doc.constructor === Object) === false){
       res.send("Invalid login")
   } else {
       doc.forEach(function(doc){
           console.log(doc.firstname)
       })

   }
})
}

Im checking if the doc contanis an empty object (which means the username and password didnt match) and telling the page to show that the login is invalid. If the doc does contain a matching username and password, Im console.log()ging the firstname of the user...

The code above is not working...What is it that I am doing wrong?

Thanks in advance...

Improve this question
1
  • just to add...the fields are not null, the fields are populated from the login form, and the appropriate username and password criteria exist in the collection as well... Commented Feb 16, 2017 at 4:11

1 Answer 1

Reset to default
1

I think that instead of doing what you're doing it would make much more sense if you were to instead to simply run a query for the username with a limit of one result and see if the returned doc contains a result. From there we will check if the posted password matches the one queried from the database and if so we will console.log the username. Furthermore instead of querying for the password you should be first hashing it. read more about that HERE

function authenticate(req,res){
    username  = req.body.username;
    password = req.body.password;
    db.users.findOne({"username":username}, function(err, doc) {
        if (err) throw err;
        if(doc && doc._id){
            if(password==doc["password"]){
                console.log("Your first name is: "+doc.firstname)
            }else{
                res.send("Invalid login")
            }
        }else{
            res.send("Invalid login")
        }
    });
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

a non-existing credentials are crashing the server, can we handle it more gracefully?
try again now, ive changed the if statement to first check to see if doc exists then doc._id
there we go :) thanks. Will read into the hashing article, thanks for sharing
no problem, if the answer has helped you please feel free to click the check mark to the left of it to inform others that it is the correct answer, also feel free to leave me an upvote.
just out of curiosity, if I were to take the $and: route, how would I go about solving the issue. If that is possible...I tried doing .count() of the doc so that if the count() value of 0, I know the user does not exist... But that didnt workout so well...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.