1
00:00:00,110 --> 00:00:00,530
All right.

2
00:00:00,530 --> 00:00:05,510
And once we're done setting up the validation layer for our login request.

3
00:00:05,600 --> 00:00:08,900
Now let's set up the functionality in the controller.

4
00:00:09,510 --> 00:00:14,340
Where we want to check whether there is a user with such email.

5
00:00:14,370 --> 00:00:17,700
If not, then we'll throw our own error.

6
00:00:17,850 --> 00:00:22,560
Remember a few videos ago we set up a few classes.

7
00:00:22,680 --> 00:00:28,890
So this is the case where we'll throw our custom class for unauthenticated error.

8
00:00:28,920 --> 00:00:31,110
Essentially that is 401.

9
00:00:31,200 --> 00:00:33,990
And also we'll compare the password.

10
00:00:33,990 --> 00:00:40,200
And this is the case where I'll right away set up the utils function since we are already familiar with

11
00:00:40,200 --> 00:00:41,520
such approach.

12
00:00:41,520 --> 00:00:50,820
So let's navigate to the auth controller and instead of the login one, well let's just start by looking

13
00:00:50,820 --> 00:00:52,140
for the email.

14
00:00:52,170 --> 00:00:54,360
Now where is the email located?

15
00:00:54,480 --> 00:00:59,010
Well it's in the req dot body and then the email.

16
00:00:59,010 --> 00:00:59,490
Correct.

17
00:00:59,490 --> 00:01:06,690
So if everything is correct, we pass the validation layer and we're going to go with const user is

18
00:01:06,690 --> 00:01:08,670
equal to await.

19
00:01:08,760 --> 00:01:14,350
Then user dot and we're looking for find one and.

20
00:01:14,910 --> 00:01:23,160
Essentially I want to go with email and if the email is equal to req, dot, body and email, so find

21
00:01:23,160 --> 00:01:28,830
me that particular user whose email matches to whatever is coming in.

22
00:01:28,860 --> 00:01:33,360
Now, if the user doesn't exist, essentially if it's null, what do we want to do?

23
00:01:33,390 --> 00:01:40,410
Well, this is the case where we'll go with throw new and like I said a few videos ago, we already

24
00:01:40,410 --> 00:01:41,460
created them.

25
00:01:41,460 --> 00:01:45,750
So let me go back to the errors, custom errors.

26
00:01:46,020 --> 00:01:48,810
Notice this on authenticated.

27
00:01:48,810 --> 00:01:51,120
So this is the 401.

28
00:01:51,120 --> 00:01:54,330
And then this one we'll set up a little bit later.

29
00:01:54,450 --> 00:01:57,300
So in here, let's go with our custom one.

30
00:01:59,910 --> 00:02:01,380
That's the one over here.

31
00:02:01,560 --> 00:02:05,940
And as far as the message, we're going to go with invalid.

32
00:02:07,300 --> 00:02:08,030
Provincials.

33
00:02:08,380 --> 00:02:11,680
Let's save it and let's try it out.

34
00:02:11,710 --> 00:02:13,850
So I'm going to go to a login one.

35
00:02:13,870 --> 00:02:19,240
So the cool thing is that now I don't need to remove the users from the database.

36
00:02:19,240 --> 00:02:21,570
I can simply provide a wrong email.

37
00:02:21,580 --> 00:02:29,110
So if I'm going to go here with Susan, since there is no such user, of course I'll get back the invalid

38
00:02:29,110 --> 00:02:30,730
credentials and check it out.

39
00:02:31,150 --> 00:02:34,240
The status code of course, is 401.

40
00:02:34,270 --> 00:02:34,870
Okay.

41
00:02:35,440 --> 00:02:40,390
So now let's set it back to John and let's add more logic.

42
00:02:40,420 --> 00:02:45,360
Like I said, we want to compare the password and I'll right away set it up in the utils.

43
00:02:45,370 --> 00:02:46,900
So export it.

44
00:02:48,030 --> 00:02:51,630
In this case, I'm going to call this compare.

45
00:02:52,610 --> 00:02:53,330
Password.

46
00:02:54,330 --> 00:02:56,580
And this is going to be equal to.

47
00:02:57,890 --> 00:03:04,340
My function is going to be async and we'll first provide the password.

48
00:03:04,340 --> 00:03:07,160
So that's the password that's coming in with the login one.

49
00:03:07,160 --> 00:03:13,790
And second one is going to be the hashed password and you'll see what I'm talking about in a second.

50
00:03:13,880 --> 00:03:15,200
So in here.

51
00:03:16,190 --> 00:03:17,630
In a function body.

52
00:03:18,410 --> 00:03:20,600
We want to set up a variable.

53
00:03:20,600 --> 00:03:25,870
In my case, I'm going to call this is match and it's going to be equal to await.

54
00:03:25,880 --> 00:03:27,700
Again, this is asynchronous.

55
00:03:27,710 --> 00:03:33,890
We want to go with our script and the method name is compare and same deal.

56
00:03:33,890 --> 00:03:35,300
It's looking for two things.

57
00:03:35,300 --> 00:03:40,580
It's looking for the password and also the hashed password.

58
00:03:40,580 --> 00:03:43,900
So Hashed password is coming from our database.

59
00:03:43,910 --> 00:03:49,820
So let's provide the same two things hashed password and then at the end, what do we want to do?

60
00:03:49,850 --> 00:03:52,520
We want to return is match.

61
00:03:52,520 --> 00:03:56,570
So if the password matches, we are in good shape.

62
00:03:56,570 --> 00:04:03,770
Now let's navigate to our auth controller and please keep in mind something very, very important if

63
00:04:03,770 --> 00:04:06,260
we can get the user.

64
00:04:06,950 --> 00:04:10,070
Then of course, we'll have the user object.

65
00:04:10,070 --> 00:04:10,610
Correct.

66
00:04:10,610 --> 00:04:12,740
And in there we have the password.

67
00:04:13,330 --> 00:04:20,589
So we can only start comparing those passwords if there is a user with such email.

68
00:04:20,829 --> 00:04:22,250
Hopefully that is clear.

69
00:04:22,270 --> 00:04:26,740
Then we want to set up a variable and in my case I'm going to go with is password correct.

70
00:04:26,770 --> 00:04:33,340
Now, I'm fully aware that some people probably don't like the length of such variable, but I actually.

71
00:04:33,860 --> 00:04:39,230
Prefer the explicit naming over something really short.

72
00:04:39,230 --> 00:04:42,350
And then later it's really hard to understand what's happening.

73
00:04:42,650 --> 00:04:45,830
Let's go here with is password and then correct.

74
00:04:45,830 --> 00:04:47,960
And that one is equal to await.

75
00:04:47,960 --> 00:04:51,320
So again, our function is asynchronous.

76
00:04:51,350 --> 00:05:00,560
We want to set up compare password and remember our password is in the req.body, then password just

77
00:05:00,560 --> 00:05:02,210
like the email.

78
00:05:02,210 --> 00:05:05,210
And then the second one is going to be user password.

79
00:05:05,210 --> 00:05:07,100
If you want, you can log it over here.

80
00:05:07,100 --> 00:05:07,880
Again.

81
00:05:07,880 --> 00:05:14,390
If we can find the user, then there's definitely going to be a password property on the user.

82
00:05:15,050 --> 00:05:22,340
Now, if it doesn't match, if the library complains that it's not the same password, what do we want

83
00:05:22,340 --> 00:05:22,790
to do?

84
00:05:22,820 --> 00:05:24,170
Pretty much the same thing.

85
00:05:24,260 --> 00:05:30,910
And yes, in a second I'll show you how we can actually refactor and have even less lines of code.

86
00:05:30,920 --> 00:05:34,010
So for now, I'm just going to go with is password Correct?

87
00:05:34,190 --> 00:05:35,210
Let's save it here.

88
00:05:35,210 --> 00:05:38,620
And if everything is correct, we'll just send back the login one.

89
00:05:38,630 --> 00:05:41,690
So let's navigate to a login user.

90
00:05:41,870 --> 00:05:43,970
Let's mess with the password.

91
00:05:44,150 --> 00:05:49,780
So I'll remove the last character and we should see invalid credentials.

92
00:05:49,790 --> 00:05:56,570
Now, if you're a fan of one liners, actually we can combine both of these conditions the way it's

93
00:05:56,570 --> 00:05:57,910
going to look like.

94
00:05:57,920 --> 00:06:06,110
First, let's navigate back to a login and essentially I can just go with const is valid.

95
00:06:07,310 --> 00:06:10,610
User and that one is equal to user.

96
00:06:10,640 --> 00:06:13,000
Then the and operator.

97
00:06:13,010 --> 00:06:16,220
And then I basically want to take this logic over here.

98
00:06:16,220 --> 00:06:17,830
So let me cut it out.

99
00:06:17,840 --> 00:06:23,750
And then instead of having two conditions, we can have only one.

100
00:06:23,780 --> 00:06:30,250
So is valid user and of course we can remove this one as well.

101
00:06:30,260 --> 00:06:31,760
So essentially.

102
00:06:32,530 --> 00:06:33,310
If.

103
00:06:33,780 --> 00:06:39,960
The user exists, then we'll check for a password because the way the end operator works, if this is

104
00:06:39,960 --> 00:06:47,820
going to be false, then we'll immediately just bypass the second option over here and we'll right away

105
00:06:47,850 --> 00:06:49,740
throw this error over here.

106
00:06:49,740 --> 00:06:51,690
So let's try it out again.

107
00:06:51,690 --> 00:06:56,100
Let me send and notice I'll still get back the invalid credentials.

108
00:06:56,130 --> 00:07:03,000
Now, if the email is correct as well as the password, then of course in response we'll see the login

109
00:07:03,030 --> 00:07:03,570
text.