From aebba443903a1814bb53f3fcb2f20f54255d8c78 Mon Sep 17 00:00:00 2001
From: Jay Whitewood <jakub.jay.olan@gmail.com>
Date: Sun, 28 Nov 2021 01:09:17 +0100
Subject: [PATCH] fix: lack of passport verification (MEL-12) (#31)

---
 lib/auth/passport.ts  | 24 +++++++++---------------
 lib/auth/router.v1.ts |  4 ++--
 2 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/lib/auth/passport.ts b/lib/auth/passport.ts
index 36f15c0..6688611 100644
--- a/lib/auth/passport.ts
+++ b/lib/auth/passport.ts
@@ -7,20 +7,15 @@ import { jwtConfig } from '../utils/config'
 
 /* Fucking Passport-thing selection */
 
-let localstrategy = new LocalStrategy({ usernameField: 'username' }, function (username, password, done) {
-	User.findOne({ username: username })
-		.then(function (user) {
-			if (!user) {
-				return done(null, false, { message: 'No such user' })
-			}
-			if (!verify(password, user.password)) {
-				done(null, false, { message: 'Wrong password' })
-			}
-			return done(null, user)
-		})
-		.catch(function (err) {
-			return done(null, false, { message: err })
-		})
+let localstrategy = new LocalStrategy({ usernameField: 'username' }, async function (username, password, done) {
+	const aggregateUser = await User.findOne({ username: username })
+	if (!aggregateUser) {
+		return done(null, false)
+	}
+	if (!(await verify(password, aggregateUser.password))) {
+		return done(null, false)
+	}
+	return done(null, aggregateUser)
 })
 
 let jwtstrategy = new JwtStrategy(jwtConfig, function (payload, done) {
@@ -37,7 +32,6 @@ let jwtstrategy = new JwtStrategy(jwtConfig, function (payload, done) {
 })
 
 passport.serializeUser((user: any, done) => {
-	// ? ID or _ID
 	done(null, user.id)
 })
 
diff --git a/lib/auth/router.v1.ts b/lib/auth/router.v1.ts
index 3e6aa9b..1b54959 100644
--- a/lib/auth/router.v1.ts
+++ b/lib/auth/router.v1.ts
@@ -14,7 +14,7 @@ router.post('/login', (req, res, next) => {
 			return res.status(400).json({ errors: err })
 		}
 		if (!user) {
-			return res.status(400).json({ errors: 'No user found' })
+			return res.status(400).json({ message: 'User with specified data do not exist (wrong password, login or no account)' })
 		}
 
 		const token = jwt.sign({ id: user.id }, jwtConfig.secretOrKey)
@@ -22,7 +22,7 @@ router.post('/login', (req, res, next) => {
 			if (err) {
 				return res.status(400).json({ errors: err })
 			}
-			return res.status(200).json({ success: `Hello! ${user.username}`, token: token })
+			return res.status(200).json({ success: `Hello! ${user.username}`, token: token, data: user })
 		})
 	})(req, res, next)
 })