1
00:00:01,040 --> 00:00:05,200
We've got our signing room put together and now we're ready to test it out before we flip over to post

2
00:00:05,200 --> 00:00:06,320
man and do anything.

3
00:00:06,380 --> 00:00:09,380
I'm going to first go back over to my Mongo DB console.

4
00:00:09,560 --> 00:00:12,440
Remember back over here we selected our cluster.

5
00:00:12,500 --> 00:00:17,270
We then took a look at our different collections and we inspected our list of users.

6
00:00:17,270 --> 00:00:21,980
So once again right now I've got just one user inside of my database and then password of that user

7
00:00:21,980 --> 00:00:24,230
is still a plain text password.

8
00:00:24,230 --> 00:00:28,580
I don't want to have any plaintext passwords in my database whatsoever especially while I'm testing

9
00:00:29,000 --> 00:00:34,490
because if I tried to sign in with this user because this password is not salted or hash Well I'm always

10
00:00:34,490 --> 00:00:39,650
going to fail that comparison and I'm never going to be able to log in as this user again so I'm going

11
00:00:39,650 --> 00:00:44,840
to delete them very quickly by hovering over that user and then going to the delete icon on the far

12
00:00:44,840 --> 00:00:46,300
right hand side.

13
00:00:46,400 --> 00:00:51,520
I'll then click on delete and I'll wait just a second to make sure that actually was deleted.

14
00:00:51,530 --> 00:00:55,820
I'm going to click find once again and I'm just going to verify that I don't have any users inside of

15
00:00:55,820 --> 00:00:57,530
here.

16
00:00:57,670 --> 00:00:57,950
OK.

17
00:00:57,990 --> 00:00:59,900
Let's now flip back over to postmen.

18
00:00:59,990 --> 00:01:02,360
And we're ready to actually test this stuff out.

19
00:01:02,360 --> 00:01:07,940
So I got to make sure that I make a post request to my sign up route because I need to have some existing

20
00:01:07,940 --> 00:01:09,860
user inside my database.

21
00:01:09,860 --> 00:01:13,980
I'm going to once again sign up with an email of test one at test dot com.

22
00:01:13,980 --> 00:01:16,160
Any password of my password.

23
00:01:16,580 --> 00:01:19,330
So I'm going to send that request off.

24
00:01:19,350 --> 00:01:21,410
It looks like I successfully signed up.

25
00:01:21,450 --> 00:01:23,590
There's my Jason web token right there.

26
00:01:23,690 --> 00:01:30,060
And if I flip back over to my Mongo DB collection I can once again tap on find an LLC that I've got

27
00:01:30,060 --> 00:01:31,630
once again one user.

28
00:01:31,630 --> 00:01:35,340
There's my email and now the password is successfully salted and hashed.

29
00:01:35,700 --> 00:01:38,670
So no longer is it a plain text password.

30
00:01:38,730 --> 00:01:42,120
So now that we've created this user we can now attempt to log in as that.

31
00:01:42,620 --> 00:01:45,710
So to log in as that user we can go back over to a post man.

32
00:01:45,930 --> 00:01:51,630
I'm going to change my roots up here from sign up to sign in because now I want to sign in as this person

33
00:01:52,500 --> 00:01:58,920
if I successfully sign in then I should once again get back a Jason web token that essentially authenticates

34
00:01:58,920 --> 00:02:05,350
me as this person I got to make sure I've got the same email and the same password I'll hit send.

35
00:02:05,630 --> 00:02:08,450
And sure enough I get another Jason web token.

36
00:02:08,450 --> 00:02:10,430
So my server has said OK sounds good.

37
00:02:10,430 --> 00:02:14,750
You supplied the correct password and the email of a valid user.

38
00:02:14,750 --> 00:02:19,030
So here's a Jason web token that proves that you are who you say you are.

39
00:02:19,190 --> 00:02:23,270
If I want to make sure that this sign in route really works we should attempt to a failed signing in

40
00:02:23,270 --> 00:02:25,720
as well so I could change my password.

41
00:02:25,730 --> 00:02:33,150
Maybe I'll put in a password of like just whatever if I now try to sign in I'm gonna get an error message

42
00:02:33,150 --> 00:02:37,700
that says invalid password or email and I can try putting in a random email as well.

43
00:02:37,710 --> 00:02:43,830
So like some random e-mail that doesn't actually exist inside my database if I send that yep I get the

44
00:02:43,830 --> 00:02:45,160
same error message.

45
00:02:45,360 --> 00:02:51,300
And then finally if I do not provide an email or a password altogether I should get some kind of appropriate

46
00:02:51,300 --> 00:02:53,700
air so must provide email and password.

47
00:02:53,700 --> 00:02:54,100
Very good.

48
00:02:54,330 --> 00:02:58,860
So I think that we've got all these different cases handled successfully so we can now successfully

49
00:02:58,890 --> 00:03:04,710
sign up and sign into our application and anytime we do either we get back this Jason web token that

50
00:03:04,710 --> 00:03:06,960
proves that we are this given user.

51
00:03:07,620 --> 00:03:08,800
So this is looking pretty good.

52
00:03:08,800 --> 00:03:12,180
So let's take another quick pause right here when we continue on the next video we're going to start

53
00:03:12,210 --> 00:03:18,810
integrating in this idea of having our API manage all of the different tracks that get created by a

54
00:03:18,810 --> 00:03:20,940
user inside of our application.

55
00:03:20,940 --> 00:03:22,560
So let's take care of that in the next video.