1
00:00:00,330 --> 00:00:06,750
All right, and once we have both the error as well as the instant method in place now, let's set up

2
00:00:06,750 --> 00:00:08,310
our login controller.

3
00:00:08,580 --> 00:00:11,130
So I want to go back to our controller.

4
00:00:11,130 --> 00:00:15,810
At the moment, I have no response and I'll leave it because there's going to be some things that I

5
00:00:15,810 --> 00:00:16,500
want to showcase.

6
00:00:16,890 --> 00:00:20,370
And first, let's start by understanding what are we looking for?

7
00:00:20,700 --> 00:00:24,870
Well, if I want to log in, I want to get the email and I want to get the password.

8
00:00:25,290 --> 00:00:27,990
So let's go here with email and password.

9
00:00:28,380 --> 00:00:32,729
Now both of those things are coming from where wreck that body then?

10
00:00:33,680 --> 00:00:36,020
Let's check if one of them is missing.

11
00:00:36,240 --> 00:00:44,120
So I'm going to go, if not email or if not password, and if that's the case, why don't we want to

12
00:00:44,120 --> 00:00:44,340
throw?

13
00:00:44,400 --> 00:00:49,550
Well, let's go with throwing you and by request one correct bad request error.

14
00:00:49,850 --> 00:00:53,420
And we'll just say, please provide all of ours.

15
00:00:53,750 --> 00:00:54,200
All right.

16
00:00:54,410 --> 00:00:55,490
So that's an awesome start.

17
00:00:55,960 --> 00:01:03,080
Then I want to get the user whose email matches of this one want in that body.

18
00:01:03,350 --> 00:01:04,050
How do we do that?

19
00:01:04,069 --> 00:01:05,960
Well, we go user none.

20
00:01:05,960 --> 00:01:10,400
That is equal to await since this returns a promise user, not a man.

21
00:01:10,400 --> 00:01:17,330
We're looking for find and one and inside of the options want to provide the email, which is equal

22
00:01:17,330 --> 00:01:18,260
to my email.

23
00:01:18,800 --> 00:01:21,740
And at this point, essentially I have two options.

24
00:01:22,040 --> 00:01:26,690
If the user exists awesome, we will need to check the password as well.

25
00:01:27,050 --> 00:01:33,290
But if the user doesn't exist, then we want to send back vague, unauthenticated error response.

26
00:01:33,710 --> 00:01:36,020
Now there's multiple approaches to this.

27
00:01:36,590 --> 00:01:40,160
Some people prefer giving a more explicit answer.

28
00:01:40,170 --> 00:01:42,470
For example, there is no user.

29
00:01:42,680 --> 00:01:47,810
We had such email and all that, but I actually prefer the other option where you provide as little

30
00:01:47,810 --> 00:01:49,370
data as possible.

31
00:01:49,640 --> 00:01:50,360
So let's go here.

32
00:01:50,370 --> 00:01:57,920
What if and if there is no user, then let's go through and remember now we have that new unauthenticated

33
00:01:57,920 --> 00:01:58,280
error.

34
00:01:58,700 --> 00:02:05,330
The only thing we need to do here, if you didn't do that already is to go up and just say unauthenticated

35
00:02:05,330 --> 00:02:07,700
error from index jazz.

36
00:02:08,650 --> 00:02:11,620
Let's say this at the moment, I'll have the error.

37
00:02:11,800 --> 00:02:12,400
That's fine.

38
00:02:12,850 --> 00:02:17,890
I just go with unauthenticated and like I said, I'm going to be pretty vague and I'm just going to

39
00:02:17,890 --> 00:02:24,760
say invalid and credentials like, so let's save it now if we have the user.

40
00:02:25,210 --> 00:02:29,050
So if the user exists with such email, what do we want to do next?

41
00:02:29,410 --> 00:02:34,630
Well, we want to compare the password correct with our user compare password method.

42
00:02:35,050 --> 00:02:42,280
How I want to tell you that there is a big gotcha coming up and that has everything to do with the fact

43
00:02:42,910 --> 00:02:48,850
that when we were setting up here, the password, we actually went with select and force.

44
00:02:49,060 --> 00:02:51,310
So let me showcase that first.

45
00:02:51,310 --> 00:02:55,540
I want to go back to controller more specifically logging one.

46
00:02:55,900 --> 00:03:00,370
Let's log the user and then let me showcase the arrow that we're going to go back.

47
00:03:00,580 --> 00:03:04,270
So first, let's go with Konst, and that is password correct?

48
00:03:04,980 --> 00:03:07,420
That's going to be my variable now that is equal to await.

49
00:03:07,810 --> 00:03:09,070
And what is the instance name?

50
00:03:09,340 --> 00:03:17,620
Well, it is user, a man, compare password excel and then we want to pass in the password we have

51
00:03:17,620 --> 00:03:18,550
in the rock that body.

52
00:03:18,970 --> 00:03:21,100
And then let's check what is the value.

53
00:03:21,460 --> 00:03:23,590
So what is the value of?

54
00:03:23,590 --> 00:03:30,580
Is Match A. A. I should be correct, not just as password, and then I'll copy and paste just to speed

55
00:03:30,580 --> 00:03:30,970
this up.

56
00:03:31,360 --> 00:03:35,260
And essentially, the arrow is going to be the same if the password is no match.

57
00:03:35,530 --> 00:03:40,500
The only difference is the fact that and here we're checking for is password correct.

58
00:03:40,510 --> 00:03:41,140
But like I said.

59
00:03:42,130 --> 00:03:49,090
When we will test the south and tell you right away that it will be false, there's actually going to

60
00:03:49,090 --> 00:03:49,630
be error.

61
00:03:50,050 --> 00:03:50,500
Why?

62
00:03:50,530 --> 00:03:52,180
Well, let me showcase that.

63
00:03:52,390 --> 00:03:58,880
So I'm going to navigate back to the postman and I'm looking for to log one and let's set up one from

64
00:03:58,880 --> 00:03:59,410
the scratch.

65
00:03:59,620 --> 00:04:00,910
So I have a logging user.

66
00:04:01,300 --> 00:04:02,890
The route is off logging.

67
00:04:02,920 --> 00:04:05,860
We already did that when we were checking the dummy values.

68
00:04:06,190 --> 00:04:15,610
So now let me go with Jason here, and let's send email now that one will be equal to John at a gmail.com

69
00:04:15,790 --> 00:04:16,300
online.

70
00:04:16,329 --> 00:04:22,870
As far as a password for remember correctly, I set up secret because that's a very secure password.

71
00:04:23,260 --> 00:04:25,780
So let's send it here and check it out.

72
00:04:26,290 --> 00:04:33,760
Now I have illegal arguments, string and undefined, and that is coming from our Beecroft library,

73
00:04:33,760 --> 00:04:34,190
actually.

74
00:04:34,930 --> 00:04:38,620
So in here I can see the all error and all of that is nice.

75
00:04:38,920 --> 00:04:44,380
Now let's go over why we have this error in the first place, and it's very important for me to showcase

76
00:04:44,380 --> 00:04:46,190
the object that we have as far as the user.

77
00:04:46,720 --> 00:04:48,460
So notice our document.

78
00:04:49,060 --> 00:04:53,050
I have daddy, I have the name, email list, name and location.

79
00:04:53,680 --> 00:04:54,790
Now what?

80
00:04:54,790 --> 00:04:55,780
I don't have there.

81
00:04:56,680 --> 00:04:57,730
I don't have the password.

82
00:04:57,910 --> 00:05:01,210
Why this select and enforce?

83
00:05:01,720 --> 00:05:05,830
And now let's keep scrolling and take a look at our company password.

84
00:05:06,880 --> 00:05:09,820
Candidate password, we him that should be good.

85
00:05:10,300 --> 00:05:11,260
What about this sucker?

86
00:05:12,210 --> 00:05:17,760
This is looking for what password, where in the document do we have it?

87
00:05:18,340 --> 00:05:24,240
No, and we kept this like, look, you passed in strength, you passed in on the fun.

88
00:05:24,810 --> 00:05:25,680
What is wrong with you?

89
00:05:26,220 --> 00:05:27,720
What am I supposed to do over here?

90
00:05:28,170 --> 00:05:29,610
So how do we fix that?

91
00:05:29,640 --> 00:05:33,690
Well, remember when we talked about select false.

92
00:05:34,620 --> 00:05:37,830
We also looked at the docks that we can't override that.

93
00:05:38,370 --> 00:05:43,020
If you remember when we were sending a create, I said that it's actually not going to work.

94
00:05:43,380 --> 00:05:46,740
Meaning we will get the password over here in the user.

95
00:05:46,740 --> 00:05:52,890
That's why we were doing all of these acrobatics where I went to an email, email and blah blah blah.

96
00:05:53,550 --> 00:05:56,580
In this case, everything works when we go with find one.

97
00:05:56,850 --> 00:06:00,330
We don't get the password, but this is the case where we actually need it.

98
00:06:00,720 --> 00:06:01,950
Don't you find that ironic?

99
00:06:02,220 --> 00:06:02,700
I do.

100
00:06:03,120 --> 00:06:08,700
And in order to fix that, we need to override when we are setting up or find one.

101
00:06:08,820 --> 00:06:12,210
The way we do that, we go with that and then select.

102
00:06:12,330 --> 00:06:18,150
And now I need to go with Plus and 1Password because by default, it's not going to be provided.

103
00:06:18,600 --> 00:06:21,000
And now everything is going to work.

104
00:06:21,270 --> 00:06:25,020
Now there's another gotcha, but we'll get to in a second.

105
00:06:25,050 --> 00:06:26,340
So let's try it out one more time.

106
00:06:26,340 --> 00:06:29,550
I'll leave all the logs just so we're clear of what's happening.

107
00:06:29,880 --> 00:06:33,630
And then let's go back and then let's send it one more time.

108
00:06:33,990 --> 00:06:35,370
And now everything is correct.

109
00:06:35,550 --> 00:06:42,420
I get back my logging user, and if I take a look at my object right now that everything's correct,

110
00:06:42,780 --> 00:06:45,360
ready are the name and yada yada yada.

111
00:06:45,780 --> 00:06:52,800
So again, select false means that we're not going to get that property in our response in our document.

112
00:06:53,100 --> 00:06:58,950
However, if we want to add it, we go with select and then whatever is the name of the property.

113
00:06:59,460 --> 00:07:03,030
And this is important because user is an instance method.

114
00:07:03,540 --> 00:07:10,380
So there's not password is looking back to this object and saying, get me the password property.

115
00:07:10,920 --> 00:07:11,940
Hopefully that is clear.

116
00:07:11,940 --> 00:07:15,270
And now we simply want to do three things.

117
00:07:15,930 --> 00:07:17,460
We want to set up the token.

118
00:07:17,760 --> 00:07:21,650
We want to send back the response and we want to fix one.

119
00:07:21,660 --> 00:07:24,480
Gotcha that is still working.

120
00:07:24,660 --> 00:07:26,010
So let's go here with token.

121
00:07:26,460 --> 00:07:34,470
VAR is equal to user and then I'm going to go to create an JWT panel was the function.

122
00:07:34,890 --> 00:07:36,420
And now it's set up our response.

123
00:07:36,630 --> 00:07:39,270
And let's see the problem, and then we'll add the fix.

124
00:07:39,570 --> 00:07:44,070
So let's go here with that status and I'm going to go here with status codes and OK.

125
00:07:44,460 --> 00:07:50,460
And as a side note, in between the videos, I fixed the tiny bug I had in the previous and register.

126
00:07:51,530 --> 00:07:56,000
Well, this should be created, that's a proper response when you create the resource on a server.

127
00:07:56,270 --> 00:07:59,210
This is to a one and I went with, OK, my apologies.

128
00:07:59,540 --> 00:08:04,160
So in this case, yeah, I go with 200, but in there we have to go with two.

129
00:08:04,160 --> 00:08:04,760
Oh, one.

130
00:08:05,150 --> 00:08:05,830
And then we go.

131
00:08:05,990 --> 00:08:10,880
Jason and I don't want to do the acrobatics again.

132
00:08:11,300 --> 00:08:15,950
I don't want to go with user and then blah blah blah, because it's kind of annoying.

133
00:08:16,160 --> 00:08:17,810
I'm copying pasting the code.

134
00:08:18,200 --> 00:08:22,610
I'll still use the token on location, but I actually want to serve this user equal to a user.

135
00:08:23,270 --> 00:08:26,350
And of course, the problem is that we have the password, right?

136
00:08:26,420 --> 00:08:30,110
And I said that, well, it's not the best approach doing that way.

137
00:08:30,380 --> 00:08:34,820
So let's just start by user token and location.

138
00:08:35,240 --> 00:08:38,179
It's going to be equal to user and location.

139
00:08:38,640 --> 00:08:40,909
And let me double check that that.

140
00:08:41,210 --> 00:08:42,530
That's definitely a response.

141
00:08:42,530 --> 00:08:44,810
And yes, I see the password over here.

142
00:08:45,470 --> 00:08:47,060
And what can we do now?

143
00:08:48,060 --> 00:08:49,890
Because I do need the password here.

144
00:08:50,460 --> 00:08:53,790
I want to check it and I'll sign up, I think you can remove the user.

145
00:08:54,200 --> 00:08:57,400
But how I can remove it from their sponsor again?

146
00:08:57,450 --> 00:09:01,040
Yes, you can hard code that like we did in the register.

147
00:09:01,530 --> 00:09:03,180
But another way, how we can do that.

148
00:09:03,570 --> 00:09:07,950
I can simply set the password property equal to on the phone.

149
00:09:08,160 --> 00:09:14,600
So I'm going to go here with user password and I'll set it equal to under find.

150
00:09:15,240 --> 00:09:20,370
And as a result, what you'll notice that I get back my user object.

151
00:09:20,610 --> 00:09:24,150
So all of that is correct, but the password is not there.

152
00:09:24,600 --> 00:09:30,060
And if you're wondering, hey, look, but when we were setting up register, there were less properties

153
00:09:30,420 --> 00:09:31,830
and now we have more of them.

154
00:09:32,070 --> 00:09:35,670
Keep in mind that on a front that we look for specific properties.

155
00:09:36,000 --> 00:09:41,040
So the fact that there's an extra I.D. doesn't really affect us as long as we're not sending back sensitive

156
00:09:41,040 --> 00:09:42,480
data like password.

157
00:09:42,720 --> 00:09:47,520
We're actually in good shape and we also have the token as well as the location.

158
00:09:47,970 --> 00:09:56,310
So that's how we can set up our login controller, check for empty values, then check for user, check

159
00:09:56,310 --> 00:10:03,810
for the password, remove the password from the response and send back user token as well as the location.