• 10 hours
  • Medium

Free online content available in this course.

course.header.alt.is_video

course.header.alt.is_certifying

Got it!

Last updated on 2/21/22

Check a User's Credentials

Implement the Login Function

Now that you can create new users in the database, you need a way to check whether a user trying to sign in has valid credentials by implementing a login function:

exports.login = (req, res, next) => {
  User.findOne({ email: req.body.email }).then(
    (user) => {
      if (!user) {
        return res.status(401).json({
          error: new Error('User not found!')
        });
      }
      bcrypt.compare(req.body.password, user.password).then(
        (valid) => {
          if (!valid) {
            return res.status(401).json({
              error: new Error('Incorrect password!')
            });
          }
          res.status(200).json({
            userId: user._id,
            token: 'token'
          });
        }
      ).catch(
        (error) => {
          res.status(500).json({
            error: error
          });
        }
      );
    }
  ).catch(
    (error) => {
      res.status(500).json({
        error: error
      });
    }
  );
}

In this function:

  • Use your Mongoose model to check if the email entered by the user corresponds to an existing user in the database.

    • If it does not, return a  401 Unauthorized  error.

    • If it does, move on.

  • Use bcrypt's compare function to compare the user-entered password with the hash saved in the database.

    • If it does not match, return a  401 Unauthorized  error.

    • If it matches, your user has valid credentials.

  • If your user has valid credentials, return a  200  response containing the user ID and a token, which for now is a generic string.

Let's Recap!

  • bcrypt's  compare  method compares a string with a hash to check whether an entered password corresponds to a secure hash stored in the database. This shows that not even bcrypt can decrypt its own hashes 

 In the next chapter, you will discover token-based authentication — what it's for, how it works, and how you will be apply it in your app to secure your API properly.

Ever considered an OpenClassrooms diploma?
  • Up to 100% of your training program funded
  • Flexible start date
  • Career-focused projects
  • Individual mentoring
Find the training program and funding option that suits you best
Example of certificate of achievement
Example of certificate of achievement