API Design in Node.js, v3 Sign In with JWT Solution

Transcript from the "Sign In with JWT Solution" Lesson

[00:00:00]
>> Scott Moss: For sign in, this one requires email and password. User must be real, passwords must match, and creates a new token, so a lot of things here. Email and password, that's the same as the one above so I'm just going to copy that logic, paste it down here.

[00:00:16] That should satisfy that so let's run this first test and see.
>> Scott Moss: Looks like it did pass that first one, it requires email and password. And then it says user must be real. So I'm guessing giving the email that we got, that should be a real user in a database, so let's see.

[00:00:40]
>> Scott Moss: User.findOne({email}).exec(). Cool, so,
>> Scott Moss: And then if (!user)
>> Scott Moss: return rest.status(400).
>> Scott Moss: .end(), so that checks if it's a real user.
>> Scott Moss: Prevent anyone from sending any random email. Let's see if that worked. Looks like that's expecting a different error code. Yeah, a 401, this time. 401 past that one and then the next one is passwords must match.

[00:01:34] So, if we do have a user, then we need to check the passwords. So we're gonna do a try cache here.
>> Scott Moss: Just in case they check passwords break. So we'll say const match equals, and remember I told you there's a check password method on the user document.

[00:01:55] So we get as user document here. So you can say user.checkPassword and it'll take the password that was sent out, which is rec.body.password. And it will compare it to the hash password for this user. And we need to await that. No, wait, here, I've got it right here.

[00:02:15] Passwords must match. No, I got it everyone. I do. Right here. I did create it. I just didn't see it. Yeah, you get a real user. So, yeah, this one should be fine. So if you go and you run this, so if it's not a real user, you check the password.

[00:02:30] And again, if you look at the user model,
>> Scott Moss: checkPassword looks like this. So it's an async method, takes a password, it throws an error if something happened. But it'll return a boolean true or false if it passed or not. It just return that boolean. So right here this'll either be true or false.

[00:02:50] So if this is false, oops, if (!match) then what I wanna do is do a 401. So I'll just copy this.
>> Scott Moss: Yeah, that's a right user, but your password is incorrect, so you can't do it. So then I'll just log the error just in case that fails.

[00:03:15]
>> Scott Moss: And I'll just send back a 400 just in case that breaks for now, unless it tells us something different. So we'll test that.
>> Scott Moss: Then if we go look, looks like, no those are still messed up. So if we look at a test with those.
>> Scott Moss: 401 send, I need a message here, that's why.

[00:03:48] I need to do a send with a message.
>> Scott Moss: Not off, just to short cut it.
>> Scott Moss: And I'll do the same thing here. Auth and did the same thing here, there we go.
>> Scott Moss: Got an extra bracket here from something. Where's that? There it is. Nice.
>> Scott Moss: Gotta have that extra bracket.

[00:04:34] Where is it at?
>> Scott Moss: There it is. How did that all get messed up?
>> Scott Moss: There we go, so looks like those two pass, user must be real, password must match. And then now it's testing to make sure it creates a new token. So token will be new token from the user, and then we just need to return status of 200 with the token as the payload.

[00:05:19]
>> Scott Moss: Okay, cool, so that'll pass sign in, and then the next thing is gonna be protect.