1
00:00:01,040 --> 00:00:06,310
Let's continue with our sign up flow so we need to take the email and password out of the body.

2
00:00:06,320 --> 00:00:08,270
The requests those have now been validated.

3
00:00:08,570 --> 00:00:13,990
So we're going to you then run a query on our collection of users inside of our Mongo DB database.

4
00:00:14,000 --> 00:00:17,160
We're going to try to find a user with that same email.

5
00:00:17,410 --> 00:00:21,600
So I'm gonna flip back over to my sign and root handler because we want to run a query.

6
00:00:21,600 --> 00:00:24,720
We need to import the User model at the very top of the file.

7
00:00:25,320 --> 00:00:34,770
So up here at the top I'm going to import user from a blender factory models user I'll then go back

8
00:00:34,770 --> 00:00:36,260
down to my root handler.

9
00:00:36,480 --> 00:00:40,410
We're going to run a query inside of here which means we're definitely going to be making use of that

10
00:00:40,440 --> 00:00:42,210
async await syntax.

11
00:00:42,240 --> 00:00:49,070
So I going to mark the enclosing function as async and then going to pull the email Andi password out

12
00:00:49,070 --> 00:00:55,160
of the body of the request I'll then run a query and try to find some user inside of our database with

13
00:00:55,160 --> 00:00:56,540
this email.

14
00:00:56,540 --> 00:01:05,360
They'll do existing user is a weight user not find one and I'll try to look up that e-mail so that we

15
00:01:05,360 --> 00:01:12,550
can immediately do a quick check if there is no existing user if we fail to find one then we want to

16
00:01:12,550 --> 00:01:17,170
throw in air immediately and bail out of everything inside this request handler.

17
00:01:17,230 --> 00:01:21,820
So this would be another good scenario another good place to make use that very generic customer we

18
00:01:21,820 --> 00:01:24,450
had put together called Bad request.

19
00:01:24,730 --> 00:01:29,380
You might think that this would be a scenario to throw a kind of 4 0 4 error something like user not

20
00:01:29,380 --> 00:01:30,670
found or something like that.

21
00:01:30,760 --> 00:01:36,280
But remember whenever we are at handling validation or key authentication whenever dealing with authentication

22
00:01:36,520 --> 00:01:41,750
We usually prefer to share as much or assuming it has little information as possible.

23
00:01:41,750 --> 00:01:43,750
I got all those words opposite.

24
00:01:43,750 --> 00:01:49,870
We want to share as little information about why things go poorly during failed authentication attempts

25
00:01:50,110 --> 00:01:54,400
because the more information we give to someone it might be information we are providing to a malicious

26
00:01:54,400 --> 00:01:55,460
user.

27
00:01:55,540 --> 00:02:00,100
So if someone tries to sign up or sign it with an email that doesn't exist we don't want to tell them

28
00:02:00,160 --> 00:02:01,480
that that email doesn't exist.

29
00:02:01,480 --> 00:02:06,790
We just want to say sorry but you provided us some bad log in credentials or we can just say log and

30
00:02:06,790 --> 00:02:08,430
request failed something like that.

31
00:02:08,800 --> 00:02:16,020
That's why you're going to use that very generic custom error of bad request error at the very top.

32
00:02:16,050 --> 00:02:24,550
I'm going to import that error ad request error from errors that requester

33
00:02:27,410 --> 00:02:29,750
and I'll make sure that I threw that down inside the if statement.

34
00:02:29,780 --> 00:02:36,150
So throw new bad request error and remember we can optionally provide a reason for the error.

35
00:02:36,230 --> 00:02:40,630
So I'm going to give a very simple very direct message that's very generic in nature.

36
00:02:40,640 --> 00:02:47,580
I'll just say invalid credentials to say sorry but failed.

37
00:02:47,590 --> 00:02:47,850
All right.

38
00:02:47,860 --> 00:02:52,630
So if we make it past that check the next thing we have to do look our diagram we need to store the

39
00:02:52,660 --> 00:02:57,460
password that was supplied inside the request with the hashed password of the stored user.

40
00:02:57,460 --> 00:03:03,370
And remember we already put together a nice little class to take care of this stuff for us go back inside

41
00:03:04,060 --> 00:03:05,500
of our services directory.

42
00:03:05,500 --> 00:03:08,230
We've got that password to yes file.

43
00:03:08,330 --> 00:03:12,210
So here's the class we put together and we've got that compare method.

44
00:03:12,360 --> 00:03:16,200
We're going to call compare the first argument is going to be these stored password off the user that

45
00:03:16,200 --> 00:03:17,320
we just fetch.

46
00:03:17,320 --> 00:03:20,040
And the second argument will be the supplied password.

47
00:03:20,040 --> 00:03:25,670
So the one that was given to us inside the request so back inside a sign and TSA at the very top let's

48
00:03:25,700 --> 00:03:30,610
import password and you know I really regret the name of this class.

49
00:03:30,620 --> 00:03:33,740
It really should have been something like password manager or something similar.

50
00:03:33,890 --> 00:03:38,310
But we're in pretty deep at this point so we're going to stick with that I'm going to get that from

51
00:03:38,310 --> 00:03:41,250
the services directory password

52
00:03:46,280 --> 00:03:50,760
all right after we have that if statements we're going to compare those two passwords and remember the

53
00:03:50,790 --> 00:03:53,860
compare passwords method is going to return a boolean.

54
00:03:54,180 --> 00:04:01,270
They'll do passwords match that's going to be a true or false and then a weight because comparing the

55
00:04:01,270 --> 00:04:07,640
passwords is asynchronous password dot appear

56
00:04:10,960 --> 00:04:16,120
our first argument is going to be and if we forget as I just did hover over that thing.

57
00:04:16,120 --> 00:04:16,360
All right.

58
00:04:16,360 --> 00:04:18,880
First one is the start password off the existing user.

59
00:04:18,880 --> 00:04:22,170
And the second argument is the password that came in the request.

60
00:04:22,180 --> 00:04:32,180
Second it has an existing user that password and then password.

61
00:04:32,380 --> 00:04:33,260
That looks good.

62
00:04:34,380 --> 00:04:38,450
So now passwords match is going to be a Boolean if it is false that means.

63
00:04:38,450 --> 00:04:40,070
Well we've got some invalid credentials.

64
00:04:40,070 --> 00:04:43,800
And so once again we'll probably want to throw another error just like that right there.

65
00:04:43,910 --> 00:04:56,160
So if not passwords match that is false then throw new bad request Error Invalid credentials

66
00:04:59,470 --> 00:05:01,840
and then finally if we get past that statement right there.

67
00:05:01,840 --> 00:05:04,870
Last thing we have to do our user is now logged in.

68
00:05:04,870 --> 00:05:10,630
So we need to once again generate a on web token and send it back inside the cookie.

69
00:05:10,630 --> 00:05:14,410
That's going to essentially be the exact same logic we've just put together inside of sign up.

70
00:05:14,410 --> 00:05:21,160
A moment ago if we go back over to our sign up root handler we've got where we generated the Jason web

71
00:05:21,160 --> 00:05:27,820
token and then we started on that session object and sent a response back rather than rewriting all

72
00:05:27,820 --> 00:05:28,650
this code.

73
00:05:28,780 --> 00:05:30,590
Let's just do a simple copy paste.

74
00:05:30,760 --> 00:05:32,640
This course is already getting a little bit long.

75
00:05:32,680 --> 00:05:38,120
So we're gonna do as much copy pasting or reuse this code as we reasonably can.

76
00:05:38,120 --> 00:05:46,320
So I'm going to paste inside of sine in our step to generate the Jason web token we're going to assign

77
00:05:46,320 --> 00:05:52,100
that to the session object and then we're going to send back a response.

78
00:05:52,100 --> 00:05:56,740
However when we send back the response we're no longer reading a new record inside of our database.

79
00:05:56,750 --> 00:06:00,470
So traditionally we would send back a 200 in addition.

80
00:06:00,480 --> 00:06:06,770
Right now we are sending back a user variable that does not exist inside this file so we need to rename

81
00:06:06,770 --> 00:06:12,850
it user throughout here over to existing user because that's what we assigned that variable or the result

82
00:06:12,850 --> 00:06:22,710
of that query to it's going to find no one right there and change it to existing user number two and

83
00:06:22,710 --> 00:06:26,470
then down here in number three looks good.

84
00:06:26,550 --> 00:06:32,410
Now the very final step let's make sure that we import the Jason web token library into this file so

85
00:06:32,440 --> 00:06:40,820
we'll go to the top add in and import for Jason a web token from Jason web token and that should be

86
00:06:40,850 --> 00:06:45,300
it's for sign in well this video is just a little bit long.

87
00:06:45,300 --> 00:06:48,870
So let's take a pause right here and we'll test this thing out in just a moment.