fix: lack of passport verification (MEL-12) (#31)

araclx · Nov 28, 2021 · aebba44 · aebba44
1 parent 581a1f4
commit aebba44
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 17 deletions.
diff --git a/lib/auth/passport.ts b/lib/auth/passport.ts
@@ -7,20 +7,15 @@ import { jwtConfig } from '../utils/config'
 
 /* Fucking Passport-thing selection */
 
-let localstrategy = new LocalStrategy({ usernameField: 'username' }, function (username, password, done) {
-	User.findOne({ username: username })
-		.then(function (user) {
-			if (!user) {
-				return done(null, false, { message: 'No such user' })
-			}
-			if (!verify(password, user.password)) {
-				done(null, false, { message: 'Wrong password' })
-			}
-			return done(null, user)
-		})
-		.catch(function (err) {
-			return done(null, false, { message: err })
-		})
+let localstrategy = new LocalStrategy({ usernameField: 'username' }, async function (username, password, done) {
+	const aggregateUser = await User.findOne({ username: username })
+	if (!aggregateUser) {
+		return done(null, false)
+	}
+	if (!(await verify(password, aggregateUser.password))) {
+		return done(null, false)
+	}
+	return done(null, aggregateUser)
 })
 
 let jwtstrategy = new JwtStrategy(jwtConfig, function (payload, done) {
@@ -37,7 +32,6 @@ let jwtstrategy = new JwtStrategy(jwtConfig, function (payload, done) {
 })
 
 passport.serializeUser((user: any, done) => {
-	// ? ID or _ID
 	done(null, user.id)
 })
 

diff --git a/lib/auth/router.v1.ts b/lib/auth/router.v1.ts
@@ -14,15 +14,15 @@ router.post('/login', (req, res, next) => {
 			return res.status(400).json({ errors: err })
 		}
 		if (!user) {
-			return res.status(400).json({ errors: 'No user found' })
+			return res.status(400).json({ message: 'User with specified data do not exist (wrong password, login or no account)' })
 		}
 
 		const token = jwt.sign({ id: user.id }, jwtConfig.secretOrKey)
 		req.logIn(user, function (err) {
 			if (err) {
 				return res.status(400).json({ errors: err })
 			}
-			return res.status(200).json({ success: `Hello! ${user.username}`, token: token })
+			return res.status(200).json({ success: `Hello! ${user.username}`, token: token, data: user })
 		})
 	})(req, res, next)
 })