fix: lack of passport verification (MEL-12) (#31)

keinsell · keinsell · commit aebba443903a · 2021-11-28T01:09:17.000+01:00
diff --git a/lib/auth/passport.ts b/lib/auth/passport.ts
@@ -7,20 +7,15 @@ import { jwtConfig } from '../utils/config'
 
 /* Fucking Passport-thing selection */
 
-let localstrategy = new LocalStrategy({ usernameField: 'username' }, function (username, password, done) {
-	User.findOne({ username: username })
-		.then(function (user) {
-			if (!user) {
-				return done(null, false, { message: 'No such user' })
-			}
-			if (!verify(password, user.password)) {
-				done(null, false, { message: 'Wrong password' })
-			}
-			return done(null, user)
-		})
-		.catch(function (err) {
-			return done(null, false, { message: err })
-		})
+let localstrategy = new LocalStrategy({ usernameField: 'username' }, async function (username, password, done) {
+	const aggregateUser = await User.findOne({ username: username })
+	if (!aggregateUser) {
+		return done(null, false)
+	}
+	if (!(await verify(password, aggregateUser.password))) {
+		return done(null, false)
+	}
+	return done(null, aggregateUser)
 })
 
 let jwtstrategy = new JwtStrategy(jwtConfig, function (payload, done) {
@@ -37,7 +32,6 @@ let jwtstrategy = new JwtStrategy(jwtConfig, function (payload, done) {
 })
 
 passport.serializeUser((user: any, done) => {
-	// ? ID or _ID
 	done(null, user.id)
 })
 
diff --git a/lib/auth/router.v1.ts b/lib/auth/router.v1.ts
@@ -14,15 +14,15 @@ router.post('/login', (req, res, next) => {
 			return res.status(400).json({ errors: err })
 		}
 		if (!user) {
-			return res.status(400).json({ errors: 'No user found' })
+			return res.status(400).json({ message: 'User with specified data do not exist (wrong password, login or no account)' })
 		}
 
 		const token = jwt.sign({ id: user.id }, jwtConfig.secretOrKey)
 		req.logIn(user, function (err) {
 			if (err) {
 				return res.status(400).json({ errors: err })
 			}
-			return res.status(200).json({ success: `Hello! ${user.username}`, token: token })
+			return res.status(200).json({ success: `Hello! ${user.username}`, token: token, data: user })
 		})
 	})(req, res, next)
 })

Original file line number	Diff line number	Diff line change
`@@ -14,15 +14,15 @@ router.post('/login', (req, res, next) => {`
`14`	`14`	`return res.status(400).json({ errors: err })`
`15`	`15`	`}`
`16`	`16`	`if (!user) {`
`17`		`- return res.status(400).json({ errors: 'No user found' })`
	`17`	`+ return res.status(400).json({ message: 'User with specified data do not exist (wrong password, login or no account)' })`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`const token = jwt.sign({ id: user.id }, jwtConfig.secretOrKey)`
`21`	`21`	`req.logIn(user, function (err) {`
`22`	`22`	`if (err) {`
`23`	`23`	`return res.status(400).json({ errors: err })`
`24`	`24`	`}`
`25`		- return res.status(200).json({ success: `Hello! ${user.username}`, token: token })
	`25`	+ return res.status(200).json({ success: `Hello! ${user.username}`, token: token, data: user })
`26`	`26`	`})`
`27`	`27`	`})(req, res, next)`
`28`	`28`	`})`