Searching for an individual MongoDB document using Express

Question

Searching for an individual MongoDB document using Express

I recently started working with MongoDB and express. I am trying to authenticate a user based on their username and password, but my code seems to always execute the "else statement" even when the correct credentials are entered.

Below is the JavaScript file snippet:

    app.post('/auth', function(req, res){

    var user = ( db.collection('auth').findOne({name: req.body.username}));
    var pass = ( db.collection('auth').findOne({password: req.body.password}));

    if(user == req.body.username && pass == req.body.password){
        res.send("Credentials Match");
    }else{
        res.send("Wrong Credentials");
    }
    console.log(req.body);
})

And here is the HTML code snippet:

 <form class="form-signin" action="/auth" method="POST">
        <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
        <label for="inputEmail" class="sr-only">Username</label>
        <input type="text" placeholder="Username" name="username" required="">
        <label for="inputPassword" class="sr-only">Password</label>
        <input type="password" name="password" placeholder="password" required="">
        <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
 </form>

javascript mongodb express

Answer 1

Answer №1

These two lines of code illustrate an asynchronous operation:

var user = ( db.collection('auth').findOne({name: req.body.username}));
var pass = ( db.collection('auth').findOne({password: req.body.password}));

Because of the asynchronous nature, the if else statements will not wait for their execution.

Unless you explicitly command JavaScript to wait.

You can achieve this by using async/await to ensure that the code pauses until the asynchronous tasks are completed.

Additonally, fetching the username and password separately may lead to a security vulnerability.

If a user enters the correct name but a different password found in the database, it would still allow access when it shouldn't.

To avoid this issue, make sure to retrieve both the username and password from the same document.

An updated solution could look like this:

app.post('/auth', async function(req, res) { // note the async keyword here
    try {
        var user = await db.collection('auth').findOne({ name: req.body.username , password: req.body.password });

        if (user && user.name == req.body.username && user.password == req.body.password) {
            res.send("Credentials Match");
        } else {
            res.send("Wrong Credentials");
        }
        console.log(req.body);
    }
    catch (err) {
        console.log('Exception >>\n', err); // log the error
        res.send("Something wrong has happened while checking the credentials");
    }
})

I hope this explanation helps!

Answer 2

These two lines of code illustrate an asynchronous operation:

var user = ( db.collection('auth').findOne({name: req.body.username}));
var pass = ( db.collection('auth').findOne({password: req.body.password}));

Because of the asynchronous nature, the if else statements will not wait for their execution.

Unless you explicitly command JavaScript to wait.

You can achieve this by using async/await to ensure that the code pauses until the asynchronous tasks are completed.

Additonally, fetching the username and password separately may lead to a security vulnerability.

If a user enters the correct name but a different password found in the database, it would still allow access when it shouldn't.

To avoid this issue, make sure to retrieve both the username and password from the same document.

An updated solution could look like this:

app.post('/auth', async function(req, res) { // note the async keyword here
    try {
        var user = await db.collection('auth').findOne({ name: req.body.username , password: req.body.password });

        if (user && user.name == req.body.username && user.password == req.body.password) {
            res.send("Credentials Match");
        } else {
            res.send("Wrong Credentials");
        }
        console.log(req.body);
    }
    catch (err) {
        console.log('Exception >>\n', err); // log the error
        res.send("Something wrong has happened while checking the credentials");
    }
})

I hope this explanation helps!

Answer 3

Answer №2

When using the findOne method, it is important to note that it returns a document rather than a string. This means that comparing it with a string may result in failure. To successfully compare, you need to retrieve the document first.

var user = db.collection('auth').findOne({name: req.body.username, password: req.body.password});

Once you have retrieved the user with the desired name and password combination, you can check if the user is null or an actual document to determine your if/else condition.

I recommend logging the current values of var user and var password using console.log() to identify any mistakes. Then, test the provided code snippet and observe any changes. Experiment with entering a "wrong" password to understand the return type difference and adjust your conditions accordingly.

Answer 4

When using the findOne method, it is important to note that it returns a document rather than a string. This means that comparing it with a string may result in failure. To successfully compare, you need to retrieve the document first.

var user = db.collection('auth').findOne({name: req.body.username, password: req.body.password});

Once you have retrieved the user with the desired name and password combination, you can check if the user is null or an actual document to determine your if/else condition.

I recommend logging the current values of var user and var password using console.log() to identify any mistakes. Then, test the provided code snippet and observe any changes. Experiment with entering a "wrong" password to understand the return type difference and adjust your conditions accordingly.

Searching for an individual MongoDB document using Express

Answer №1

Answer №2

Similar questions

Can you explain the purpose of the statement `var MyConstructor = function MyConstructor()`?

A user-friendly JavaScript framework focused on manipulating the DOM using a module approach and aiming to mirror the ease of use found in jQuery

What is the best way to change an int32 to a float32 in Deeplearn.js?

JavaScript Array Multiplication Theory

How can I create a computed field in TypeORM by deriving its value from other fields within the same Entity?

The functionality of Vue slot-scope seems to be restricted when used within nested child components

AngularJS: Move forward with controller execution after completion of a looped service method

Authentication Error: PassportJS Method not Found

The PHP random number generator appears to be malfunctioning when being compared to the $_POST[] variable

What could be causing all the flickering in this presentation?

Fade in and out a Div with a distinct class and ID

Storing ng-change event for a checkbox in AngularJS in a valid manner

What's the reason behind the failure of bitwise xor within a JavaScript if statement?

The Ionic search bar will only initiate a search once the keyboard is no longer in view

Ways to modify the final sum exclusively for a single table

Dynamic Data Causes Highcharts Date Formatting to Adapt

Creating interactive web applications with Python Flask by utilizing buttons to execute functions

Amazon Lex: Transforming Speech to Text with Audio Technology

Is the CSS Transition Solely Active for the Introductory Animation?

Gathering Servlet details from non-form elements