From 68ae8615f3e624565c0bc7dd84bb64de12acb1f9 Mon Sep 17 00:00:00 2001
From: Sorrel Bri <sorrel.bri.june@gmail.com>
Date: Tue, 14 Jan 2020 23:09:01 -0800
Subject: [PATCH] add login verification of user

---
 .../play-node-go/server/controllers/auth.js   | 38 +++++++++-
 .../data/migrations/20200107214047_init.js    |  6 --
 packages/play-node-go/server/package.json     |  2 +-
 packages/play-node-go/server/routes/auth.js   |  2 +-
 .../play-node-go/server/services/bcrypt.js    |  6 +-
 .../play-node-go/server/services/signToken.js |  1 -
 .../server/services/userValidate.js           | 14 ++++
 .../play-node-go/server/test/auth.spec.js     | 75 ++++++++++++++++---
 packages/play-node-go/server/test/spec.js     | 25 +++----
 9 files changed, 128 insertions(+), 41 deletions(-)
 delete mode 100644 packages/play-node-go/server/data/migrations/20200107214047_init.js
 create mode 100644 packages/play-node-go/server/services/userValidate.js

diff --git a/packages/play-node-go/server/controllers/auth.js b/packages/play-node-go/server/controllers/auth.js
index febf350..f9e0b0d 100644
--- a/packages/play-node-go/server/controllers/auth.js
+++ b/packages/play-node-go/server/controllers/auth.js
@@ -1,11 +1,14 @@
 const knex = require('../data/db')
+
 const { hashPassword, compareHash } = require('../services/bcrypt');
-
 const signToken = require('../services/signToken');
+const { validateSignup, validateLogin } = require('../services/userValidate');
 
-const signUp = async (req, res, next) => {
+const signup = async (req, res, next) => {
   
   const user = req.body;
+  if (!validateSignup(user)) return;
+  
   try {
     
     const hashedPassword = await hashPassword(user.password);
@@ -24,11 +27,38 @@ const signUp = async (req, res, next) => {
   }
 }
 
-const login = (req, res, next) => {
+const login = async (req, res, next) => {
+  
+  const user = req.body;
+  if (!validateLogin(user)) return;
 
+  try {
+
+    const queryResults = await knex('user')
+    .where({username: user.username})
+    .select('username', 'email', 'password')
+    .then(queryResults => queryResults);
+    
+    const savedUser = queryResults[0] || null;
+    if (!savedUser) return res.status(401).json({err: 'bad credentials'});
+    
+    const hashedPassword = savedUser.password;
+    const passwordMatch = await compareHash(user.password, hashedPassword);
+    
+    if (!passwordMatch) return res.status(401).json({err: 'bad credentials'});
+    
+    const authorizedUser = {...savedUser};
+    delete authorizedUser.password;
+    
+    signToken(res, authorizedUser);
+    res.send('ok').status(200);
+  }
+  catch (err) {
+    res.status(500).json(err);
+  }
 }
 
 module.exports = {
-  signUp,
+  signup,
   login
 }
\ No newline at end of file
diff --git a/packages/play-node-go/server/data/migrations/20200107214047_init.js b/packages/play-node-go/server/data/migrations/20200107214047_init.js
deleted file mode 100644
index 38e13fe..0000000
--- a/packages/play-node-go/server/data/migrations/20200107214047_init.js
+++ /dev/null
@@ -1,6 +0,0 @@
-
-exports.up = function(knex) {
-};
-
-exports.down = function(knex) {
-};
diff --git a/packages/play-node-go/server/package.json b/packages/play-node-go/server/package.json
index a228a0e..f332bd1 100644
--- a/packages/play-node-go/server/package.json
+++ b/packages/play-node-go/server/package.json
@@ -4,7 +4,7 @@
   "private": true,
   "scripts": {
     "start": "node ./bin/www",
-    "test": "mocha ./test/*",
+    "test": "mocha ./test/* --exit",
     "make-migration": "./node_modules/.bin/knex migrate:make",
     "migrate": "./node_modules/.bin/knex migrate:latest",
     "migrate-test": "./node_modules/.bin/knex migrate:latest --env test",
diff --git a/packages/play-node-go/server/routes/auth.js b/packages/play-node-go/server/routes/auth.js
index d19c502..b521ecc 100644
--- a/packages/play-node-go/server/routes/auth.js
+++ b/packages/play-node-go/server/routes/auth.js
@@ -3,7 +3,7 @@ const router = express.Router();
 
 const authController = require('../controllers/auth');
 
-router.post('/signup', authController.signUp);
+router.post('/signup', authController.signup);
 router.post('/login', authController.login);
 
 module.exports = router;
diff --git a/packages/play-node-go/server/services/bcrypt.js b/packages/play-node-go/server/services/bcrypt.js
index 7b569ee..f59d05f 100644
--- a/packages/play-node-go/server/services/bcrypt.js
+++ b/packages/play-node-go/server/services/bcrypt.js
@@ -20,12 +20,10 @@ const compareHash = async (password, hash) => {
   const success = await new Promise((resolve, reject) => {
     bcrypt.compare(password, hash, (err, res) => {
       if (err) reject(err);
-      if (res) return true;
-      return false;
+      if (res) resolve(true);
     })
   });
-
-  return compareHash;
+  return success;
 }
 
 module.exports = { hashPassword, compareHash };
\ No newline at end of file
diff --git a/packages/play-node-go/server/services/signToken.js b/packages/play-node-go/server/services/signToken.js
index 06de9fd..a6cebb8 100644
--- a/packages/play-node-go/server/services/signToken.js
+++ b/packages/play-node-go/server/services/signToken.js
@@ -7,7 +7,6 @@ const msHourOffset = 3600000;
 const signToken = (res, user) => {
   const expiration = process.env.NODE_ENV === 'test' ? msHourOffset : msDayOffset;
   const secret = process.env.NODE_ENV === 'test' ? process.env.TEST_SECRET : process.env.JWT_SECRET;
-  console.log(process.env.NODE_ENV)
   const token = jwt.sign({ user }, secret, {
     expiresIn: process.env.NODE_ENV === 'test' ? '1h' : '24h',
   });
diff --git a/packages/play-node-go/server/services/userValidate.js b/packages/play-node-go/server/services/userValidate.js
new file mode 100644
index 0000000..19dda00
--- /dev/null
+++ b/packages/play-node-go/server/services/userValidate.js
@@ -0,0 +1,14 @@
+const validateSignup = (user) => {
+  if (!user.username) throw('no username');
+  if (!user.email) throw('no email');
+  if (!user.password) throw('no password');
+  return true
+}
+
+const validateLogin = (user) => {
+  if (!user.username) throw('no username');
+  if (!user.password) throw('no password');
+  return true;
+}
+
+module.exports = { validateLogin, validateSignup };
\ No newline at end of file
diff --git a/packages/play-node-go/server/test/auth.spec.js b/packages/play-node-go/server/test/auth.spec.js
index 7a75945..0b466e7 100644
--- a/packages/play-node-go/server/test/auth.spec.js
+++ b/packages/play-node-go/server/test/auth.spec.js
@@ -4,19 +4,23 @@ const authSpec = (chai, knex, server) => {
     'password':'password',
     'email':'user@example.com'
   }
+  const loginFormData = {
+    'username':'newUser',
+    'password':'password'
+  }
 
   it('post to sign up should return 200 status', done => {
     chai.request(server)
-      .post('/auth/signup')
-      .type('form')
-      .send(newUserFormData)
-      .end((err, res) => {
-        if (err) done(err);
-        res.should.status(200);
-        done();
-      });
-  });
-
+    .post('/auth/signup')
+    .type('form')
+    .send(newUserFormData)
+    .end((err, res) => {
+      if (err) done(err);
+      res.should.status(200);
+      done();
+    });
+    });
+    
   it('post to sign up should return token', done => {
     chai.request(server)
     .post('/auth/signup')
@@ -42,7 +46,7 @@ const authSpec = (chai, knex, server) => {
       })
     });
   })
-
+    
   it('post to sign up should add user to db with password', done => {
     chai.request(server)
     .post('/auth/signup')
@@ -55,7 +59,56 @@ const authSpec = (chai, knex, server) => {
         if (newUser.password !== newUserFormData.password) done();
       })
     });
+  });
+    
+  it('post to login with non-registered user should return status 401 with bad creds err', done => {
+    chai.request(server)
+    .post('/auth/login')
+    .type('form')
+    .send(newUserFormData)
+    .end((err, res) => {
+      if (err) done(err);
+      res.should.status(401);
+      res.body.err.should.equal('bad credentials');
+      done();
+    });
   })
+  
+  it('post to login with non-registered user should return status 401 with bad creds err', done => {
+    chai.request(server)
+    .post('/auth/login')
+    .type('form')
+    .send(newUserFormData)
+    .end((err, res) => {
+      if (err) done(err);
+      res.should.status(401);
+      res.body.err.should.equal('bad credentials');
+      done();
+    })
+  })
+  
+  it('post to login with registered user should return cookie', function(done) {
+    this.timeout(5000);
+    chai.request(server)
+    .post('/auth/signup')
+    .type('form')
+    .send(newUserFormData)
+    .end((err, res) => {
+      if (err) done(err);
+
+      chai.request(server)
+      .post('/auth/login')
+      .type('form')
+      .send(loginFormData)
+      .end((err, res) => {
+        if(err) done(err);
+        res.should.status(200);
+        res.should.cookie('token');
+        done();
+      })
+    })
+  })
+
 
 
 }
diff --git a/packages/play-node-go/server/test/spec.js b/packages/play-node-go/server/test/spec.js
index 909768a..a304447 100644
--- a/packages/play-node-go/server/test/spec.js
+++ b/packages/play-node-go/server/test/spec.js
@@ -2,7 +2,7 @@ process.env.NODE_ENV = 'test';
 
 const chai = require('chai');
 const chaiHttp = require('chai-http');
-var knex = require('../data/db');
+const knex = require('../data/db');
 
 const server = require('../server');
 
@@ -30,21 +30,20 @@ describe('Auth Routes', function() {
   setupDb();
   
   authSpec(chai, knex, server)
-
-})
+  
+});
 
 describe('API Routes', function() {
   setupDb();
-
+  
   it('home should return 200 status', done => {
     chai.request(server)
-      .get('/')
-      .end((err,res)=> {
-        if(err) done(err);
-        res.should.status(200);
-        done();
-      })
-  })
+    .get('/')
+    .end((err,res)=> {
+      if(err) done(err);
+      res.should.status(200);
+      done();
+    });
+  });
+  
 });
-
-