From 196b5e884bf4658f6b5acb4c362f815a72ef92fc Mon Sep 17 00:00:00 2001 From: Sorrel Bri Date: Fri, 17 Jan 2020 00:23:18 -0800 Subject: [PATCH] patch signup post for existing user to return 409 --- server/controllers/auth.js | 46 +++++++++++++++++---------------- server/data/queries/user.js | 27 +++++++++++++++++++ server/services/bcrypt.js | 1 - server/test/auth.signup.spec.js | 22 ++++++++++++++-- 4 files changed, 71 insertions(+), 25 deletions(-) create mode 100644 server/data/queries/user.js diff --git a/server/controllers/auth.js b/server/controllers/auth.js index ca248dd..d0db682 100644 --- a/server/controllers/auth.js +++ b/server/controllers/auth.js @@ -1,10 +1,10 @@ -const knex = require('../data/db') - -const { hashPassword, compareHash } = require('../services/bcrypt'); -const signToken = require('../services/signToken'); const { validationResult } = require('express-validator'); +const userQueries = require('../data/queries/user'); +const { hashPassword, compareHash } = require('../services/bcrypt'); +const signToken = require('../services/signToken'); + const checkValidationErrors = (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { @@ -14,21 +14,22 @@ const checkValidationErrors = (req, res) => { const signup = async (req, res, next) => { checkValidationErrors(req, res); - const user = req.body; + try { delete user.confirmPassword; const hashedPassword = await hashPassword(user.password); - const secureUser = { ...user, password: hashedPassword } + const secureUser = { ...user, password: hashedPassword }; + const existingUser = await userQueries.findUserByNameOrEmail(secureUser); - knex('user') - .returning(['username', 'email']) - .insert(secureUser) - .then(queryResults => { - const newUser = queryResults[0]; - signToken(res, newUser).send('ok').status(201); - }) + if (existingUser.length) { + return res.status(409).json({errors: [{auth: 'User already exists!'}]}) + } + + const newUser = await userQueries.insertUser(secureUser) + signToken(res, newUser).status(201).json({...newUser}); } + catch (err) { res.status(500).json(err); } @@ -37,22 +38,22 @@ const signup = async (req, res, next) => { const login = async (req, res, next) => { checkValidationErrors(req, res); - const user = req.body; try { - - const queryResults = await knex('user') - .where({username: user.username}) - .select() - .then(queryResults => queryResults); - + const queryResults = await userQueries.findUserByNameOrEmail(user); const savedUser = queryResults[0] || null; - if (!savedUser) return res.status(401).json({err: 'bad credentials'}); + + if (!savedUser) { + return res.status(401).json({err: 'bad credentials'}); + } const hashedPassword = savedUser.password; const passwordMatch = await compareHash(user.password, hashedPassword); - if (!passwordMatch) return res.status(401).json({err: 'bad credentials'}); + + if (!passwordMatch) { + return res.status(401).json({err: 'bad credentials'}); + } const authorizedUser = {...savedUser}; delete authorizedUser.password; @@ -60,6 +61,7 @@ const login = async (req, res, next) => { signToken(res, authorizedUser); res.send('ok').status(200); } + catch (err) { res.status(500).json(err); } diff --git a/server/data/queries/user.js b/server/data/queries/user.js new file mode 100644 index 0000000..253de3d --- /dev/null +++ b/server/data/queries/user.js @@ -0,0 +1,27 @@ +const knex = require('../db') + +const insertUser = async (user) => { + return await knex('user') + .returning(['username', 'email']) + .insert(user) + .then(queryResults => { + newUser = queryResults[0]; + return newUser + }); +} + +const findUserByNameOrEmail = async (user) => { + if (! user.email && !user.username) return []; + if (!user.email) user.email = ''; + if (!user.username) user.username = ''; + + return await knex('user') + .where({'username': user.username}) + .orWhere({'email': user.email}) + .select(['username', 'email', 'password']) +} + +module.exports = { + insertUser, + findUserByNameOrEmail +} \ No newline at end of file diff --git a/server/services/bcrypt.js b/server/services/bcrypt.js index 2dfbcec..441aadb 100644 --- a/server/services/bcrypt.js +++ b/server/services/bcrypt.js @@ -6,7 +6,6 @@ const saltRounds = process.env.NODE_ENV === 'test' ? 5 : parseInt(process.env.SA const hashPassword = async (password) => { const hashedPassword = await new Promise((resolve, reject) => { bcrypt.hash(password, saltRounds, (err, hash) => { - console.log(err) if (err) reject(err) resolve(hash) }); diff --git a/server/test/auth.signup.spec.js b/server/test/auth.signup.spec.js index 9af5496..eb8a59d 100644 --- a/server/test/auth.signup.spec.js +++ b/server/test/auth.signup.spec.js @@ -26,14 +26,14 @@ const authSignupSpec = (chai, knex, server) => { 'email':'user@example.com' } - it('post to /signup should return 200 status', done => { + it('post to /signup should return 201 status', done => { chai.request(server) .post('/auth/signup') .type('form') .send(newUserFormData) .end((err, res) => { if (err) done(err); - res.should.status(200); + res.should.status(201); done(); }); }); @@ -142,7 +142,25 @@ const authSignupSpec = (chai, knex, server) => { }) }) + it('post to /signup with already registered user should return 409 error', done => { + chai.request(server) + .post('/auth/signup') + .type('form') + .send(newUserFormData) + .end((err, res) => { + if (err) done(err); + chai.request(server) + .post('/auth/signup') + .type('form') + .send(newUserFormData) + .end((err, res) => { + if(err) done(err); + res.should.status(409); + done(); + }) + }) + }) } module.exports = authSignupSpec; \ No newline at end of file