1
00:00:02,090 --> 00:00:05,440
Now, before we continue with now protecting

2
00:00:05,440 --> 00:00:09,080
some pages, and exploring sessions, and cookies,

3
00:00:09,080 --> 00:00:12,230
I wanna go back to the signup route again,

4
00:00:12,230 --> 00:00:13,913
the post-signup route.

5
00:00:14,930 --> 00:00:19,820
Because there, I now want to add some extra logic

6
00:00:19,820 --> 00:00:21,333
that is quite important.

7
00:00:22,240 --> 00:00:27,240
I wanna, for example, ensure that the user is not able

8
00:00:27,390 --> 00:00:32,189
to get any further if incorrect data was provided.

9
00:00:32,189 --> 00:00:33,023
So for example,

10
00:00:33,023 --> 00:00:37,160
I don't wanna store an empty email address in my database.

11
00:00:37,160 --> 00:00:40,020
And I also wanna make sure that if a user

12
00:00:40,020 --> 00:00:43,390
with a certain email address has been created before,

13
00:00:43,390 --> 00:00:47,350
you can't create another user with that email address

14
00:00:47,350 --> 00:00:49,820
so that the email address is unique

15
00:00:49,820 --> 00:00:53,190
and you can only have one user per email address

16
00:00:53,190 --> 00:00:54,950
in the database.

17
00:00:54,950 --> 00:00:57,410
Because at the moment, nothing would stop

18
00:00:57,410 --> 00:01:00,880
me from signing up again with that same email address

19
00:01:00,880 --> 00:01:03,350
that already exists in the database.

20
00:01:03,350 --> 00:01:06,023
And that is definitely something I wanna avoid.

21
00:01:07,200 --> 00:01:10,160
But first things first, as a first step,

22
00:01:10,160 --> 00:01:12,810
let's validate this user input.

23
00:01:12,810 --> 00:01:15,360
And let's for example, ensure that the entered email

24
00:01:15,360 --> 00:01:17,763
is equal to the entered confirm email.

25
00:01:18,810 --> 00:01:21,110
For this, I'll simply add an if check here

26
00:01:21,110 --> 00:01:24,000
where I will combine multiple conditions.

27
00:01:24,000 --> 00:01:29,000
For example, here, I wanna check if not entered email,

28
00:01:29,780 --> 00:01:31,653
which means entered email is false;

29
00:01:32,620 --> 00:01:37,620
or if not entered confirm email, or if not entered password.

30
00:01:40,440 --> 00:01:43,260
So with that, I'm checking if we maybe don't have an email,

31
00:01:43,260 --> 00:01:46,373
don't have the confirm email, or don't have the password.

32
00:01:47,860 --> 00:01:51,560
I also might wanna check if the password is long enough.

33
00:01:51,560 --> 00:01:56,213
So I wanna check if entered password is maybe,

34
00:01:57,820 --> 00:01:59,980
let's say, it's shorter than six characters.

35
00:01:59,980 --> 00:02:02,460
That could be a threshold, which I wanna have

36
00:02:02,460 --> 00:02:06,503
where I also wanna block the signup process.

37
00:02:07,590 --> 00:02:10,720
I also wanna add a number condition here

38
00:02:10,720 --> 00:02:14,970
and check if the enteredEmail is maybe not equal

39
00:02:14,970 --> 00:02:17,090
to the enteredConfirmEmail.

40
00:02:17,090 --> 00:02:19,670
Because the idea behind having that confirmEmail

41
00:02:19,670 --> 00:02:23,560
is that we catch typos that user might have introduced

42
00:02:23,560 --> 00:02:27,200
where the two email addresses might not match.

43
00:02:27,200 --> 00:02:28,300
And last but not least,

44
00:02:28,300 --> 00:02:31,110
I'll add another condition here where I check

45
00:02:31,110 --> 00:02:35,220
if not enteredEmail includes,

46
00:02:35,220 --> 00:02:38,980
which is a built-in method we can call on strings, an @.

47
00:02:38,980 --> 00:02:41,010
So if it does not include an @.

48
00:02:41,950 --> 00:02:44,240
If either of these conditions is met,

49
00:02:44,240 --> 00:02:46,100
that's why I have an or, it's enough.

50
00:02:46,100 --> 00:02:48,190
If one of these conditions is met,

51
00:02:48,190 --> 00:02:51,550
then I know that I have some invalid input.

52
00:02:51,550 --> 00:02:54,190
Because for example, the password is too short,

53
00:02:54,190 --> 00:02:55,670
the email doesn't have an @,

54
00:02:55,670 --> 00:02:58,030
or the email addresses don't match.

55
00:02:58,030 --> 00:03:00,440
So if either of things is the case,

56
00:03:00,440 --> 00:03:02,370
then I don't wanna continue

57
00:03:02,370 --> 00:03:04,990
because then I have some invalid data.

58
00:03:04,990 --> 00:03:07,130
And I definitely don't wanna create

59
00:03:07,130 --> 00:03:10,133
a user with invalid data in my database.

60
00:03:11,580 --> 00:03:13,100
So then I wanna return

61
00:03:13,100 --> 00:03:17,230
and actually redirect back to the sign up page here

62
00:03:17,230 --> 00:03:21,020
so that the user is able to enter correct data.

63
00:03:21,020 --> 00:03:23,520
And for the moment, I'll leave a little info message

64
00:03:23,520 --> 00:03:27,763
from me here where I say incorrect data.

65
00:03:29,610 --> 00:03:30,970
So that's the first step,

66
00:03:30,970 --> 00:03:34,510
some basic validation that can be added here.

67
00:03:34,510 --> 00:03:37,330
And you can refine this and add more conditions,

68
00:03:37,330 --> 00:03:41,213
but this should be a good set of validation rules.

69
00:03:42,550 --> 00:03:44,900
Actually, here for the entered password,

70
00:03:44,900 --> 00:03:46,900
I wanna make sure that I call trim

71
00:03:46,900 --> 00:03:49,970
on it so that I remove access white space

72
00:03:49,970 --> 00:03:54,010
so that entering six blanks would also not work.

73
00:03:54,010 --> 00:03:57,440
Because trim will remove blanks that are inserted

74
00:03:57,440 --> 00:04:00,590
at the beginning or at the end of a string.

75
00:04:00,590 --> 00:04:03,040
So that's a little adjustment I'll also make here,

76
00:04:03,040 --> 00:04:04,873
trimming that entered password.

77
00:04:05,870 --> 00:04:08,550
But now with that, I got this validation.

78
00:04:08,550 --> 00:04:11,510
As a next step, I wanna make sure that we don't create

79
00:04:11,510 --> 00:04:13,500
a user which we already have.

80
00:04:13,500 --> 00:04:17,290
So we don't use an existing email address again.

81
00:04:17,290 --> 00:04:21,149
And therefore here, before we start hashing the password,

82
00:04:21,149 --> 00:04:23,850
I wanna check if we got an existing user here

83
00:04:23,850 --> 00:04:26,210
for the provided email address,

84
00:04:26,210 --> 00:04:29,350
which in case of signing up would be bad.

85
00:04:29,350 --> 00:04:34,350
So here, I will await db.getdb.collection users.

86
00:04:34,920 --> 00:04:38,020
And then we find one user where the email

87
00:04:38,020 --> 00:04:40,710
is equal to the entered email.

88
00:04:40,710 --> 00:04:43,163
And it would be bad if we do find one.

89
00:04:44,290 --> 00:04:47,460
So that's a little query we run here.

90
00:04:47,460 --> 00:04:51,260
And if we then have an existing user, that's bad,

91
00:04:51,260 --> 00:04:52,950
because that means we have a user

92
00:04:52,950 --> 00:04:54,660
for this email address already.

93
00:04:54,660 --> 00:04:57,693
And in this case, I'll therefore redirect again,

94
00:04:58,530 --> 00:05:01,100
And I'll redirect to the signup page,

95
00:05:01,100 --> 00:05:05,270
and return so that no other code thereafter executes.

96
00:05:05,270 --> 00:05:09,323
And I will console.log user exists already.

97
00:05:11,170 --> 00:05:14,530
So now with that, we can save all of this.

98
00:05:14,530 --> 00:05:16,913
And now, if we go back, and test this,

99
00:05:23,840 --> 00:05:27,163
and I do try to sign up with an existing email address,

100
00:05:28,920 --> 00:05:29,930
this won't work.

101
00:05:29,930 --> 00:05:31,860
I'm redirected back to sign up.

102
00:05:31,860 --> 00:05:33,800
And if we see this in the database,

103
00:05:33,800 --> 00:05:35,933
the user is still only exist once.