Searching for an individual MongoDB document using Express

Question

Searching for an individual MongoDB document using Express

I recently started working with MongoDB and express. I am trying to authenticate a user based on their username and password, but my code seems to always execute the "else statement" even when the correct credentials are entered.

Below is the JavaScript file snippet:

    app.post('/auth', function(req, res){

    var user = ( db.collection('auth').findOne({name: req.body.username}));
    var pass = ( db.collection('auth').findOne({password: req.body.password}));

    if(user == req.body.username && pass == req.body.password){
        res.send("Credentials Match");
    }else{
        res.send("Wrong Credentials");
    }
    console.log(req.body);
})

And here is the HTML code snippet:

 <form class="form-signin" action="/auth" method="POST">
        <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
        <label for="inputEmail" class="sr-only">Username</label>
        <input type="text" placeholder="Username" name="username" required="">
        <label for="inputPassword" class="sr-only">Password</label>
        <input type="password" name="password" placeholder="password" required="">
        <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
 </form>

javascript mongodb express

Answer 1

Answer №1

These two lines of code illustrate an asynchronous operation:

var user = ( db.collection('auth').findOne({name: req.body.username}));
var pass = ( db.collection('auth').findOne({password: req.body.password}));

Because of the asynchronous nature, the if else statements will not wait for their execution.

Unless you explicitly command JavaScript to wait.

You can achieve this by using async/await to ensure that the code pauses until the asynchronous tasks are completed.

Additonally, fetching the username and password separately may lead to a security vulnerability.

If a user enters the correct name but a different password found in the database, it would still allow access when it shouldn't.

To avoid this issue, make sure to retrieve both the username and password from the same document.

An updated solution could look like this:

app.post('/auth', async function(req, res) { // note the async keyword here
    try {
        var user = await db.collection('auth').findOne({ name: req.body.username , password: req.body.password });

        if (user && user.name == req.body.username && user.password == req.body.password) {
            res.send("Credentials Match");
        } else {
            res.send("Wrong Credentials");
        }
        console.log(req.body);
    }
    catch (err) {
        console.log('Exception >>\n', err); // log the error
        res.send("Something wrong has happened while checking the credentials");
    }
})

I hope this explanation helps!

Answer 2

These two lines of code illustrate an asynchronous operation:

var user = ( db.collection('auth').findOne({name: req.body.username}));
var pass = ( db.collection('auth').findOne({password: req.body.password}));

Because of the asynchronous nature, the if else statements will not wait for their execution.

Unless you explicitly command JavaScript to wait.

You can achieve this by using async/await to ensure that the code pauses until the asynchronous tasks are completed.

Additonally, fetching the username and password separately may lead to a security vulnerability.

If a user enters the correct name but a different password found in the database, it would still allow access when it shouldn't.

To avoid this issue, make sure to retrieve both the username and password from the same document.

An updated solution could look like this:

app.post('/auth', async function(req, res) { // note the async keyword here
    try {
        var user = await db.collection('auth').findOne({ name: req.body.username , password: req.body.password });

        if (user && user.name == req.body.username && user.password == req.body.password) {
            res.send("Credentials Match");
        } else {
            res.send("Wrong Credentials");
        }
        console.log(req.body);
    }
    catch (err) {
        console.log('Exception >>\n', err); // log the error
        res.send("Something wrong has happened while checking the credentials");
    }
})

I hope this explanation helps!

Answer 3

Answer №2

When using the findOne method, it is important to note that it returns a document rather than a string. This means that comparing it with a string may result in failure. To successfully compare, you need to retrieve the document first.

var user = db.collection('auth').findOne({name: req.body.username, password: req.body.password});

Once you have retrieved the user with the desired name and password combination, you can check if the user is null or an actual document to determine your if/else condition.

I recommend logging the current values of var user and var password using console.log() to identify any mistakes. Then, test the provided code snippet and observe any changes. Experiment with entering a "wrong" password to understand the return type difference and adjust your conditions accordingly.

Answer 4

When using the findOne method, it is important to note that it returns a document rather than a string. This means that comparing it with a string may result in failure. To successfully compare, you need to retrieve the document first.

var user = db.collection('auth').findOne({name: req.body.username, password: req.body.password});

Once you have retrieved the user with the desired name and password combination, you can check if the user is null or an actual document to determine your if/else condition.

I recommend logging the current values of var user and var password using console.log() to identify any mistakes. Then, test the provided code snippet and observe any changes. Experiment with entering a "wrong" password to understand the return type difference and adjust your conditions accordingly.

Searching for an individual MongoDB document using Express

Answer №1

Answer №2

Similar questions

Converting an array of object values to an Interface type in Typescript

What could be the reason for REQ.BODY being consistently devoid of any

Using the Spread Operator to modify a property within an array results in an object being returned instead of

Steps to Incorporate jQuery Function in a Partial View Inside a Modal

Tips for making a multi-dimensional array using jQuery

How to nullify the valueChanges pipe in Angular RxJS until the observable is resolved

Can you share any recommendations or instances of modifying data within HTML tables using Laravel?

What is the solution for the error "Firebase limitToLast is undefined"?

Is there a method for enabling GPT-3's "davinci" to engage in conversation with users via a bot on Discord by utilizing discord.js?

Error sound produced when detecting KeyCode on the keyboard

Setting a Javascript value to a Controller variable within an ASP.NET MVC View

What is the method for configuring environment variables in the Lumber framework?

Conditional Matching with Javascript Regular Expressions

Strategies for avoiding unused style tags in React components

Ways to show a child's component element within the parent container

Creating customized JavaScript using jQuery for Drupal 7 Form API

Trouble with CSS and JS tabs not activating when clicked?

Moment JS initialization and the utc() function

Ensuring Accessibility in Vue using Jest-Axe: It is important for buttons to have clear and distinguishable text. Is there a way to include a button name or aria-label when the content is passed through a slot

An unusual error occurred stating that the `forEach` property does not exist on the given type