WEBVTT

00:03.790 --> 00:04.690
Hey, did everyone.

00:04.810 --> 00:05.290
They sure.

00:05.290 --> 00:06.920
And welcome to the new section.

00:06.940 --> 00:11.680
I know this is a really, really long series, but now from here onwards, the things are going to be

00:11.680 --> 00:16.210
really smooth because we have learned majorly whatever we wanted to learn, now it's all about.

00:16.330 --> 00:19.330
Surely it's a really long one, but not complicated.

00:19.330 --> 00:22.420
So a lot of work is going to go there, but not complicated.

00:22.450 --> 00:26.650
So let's go ahead and work on with the login route, log out route and remaining whatever the routes

00:26.650 --> 00:29.830
we have because we have a lot more than what you can see on the screen.

00:29.830 --> 00:31.300
I'll discuss more later on.

00:31.300 --> 00:35.470
So first, let's work on the login route and it's a fairly, fairly the easy one.

00:35.470 --> 00:40.120
The first thing we do is always we usually like to copy and paste the above method, but in this case,

00:40.120 --> 00:44.110
just for once, I will go ahead and export this one manually.

00:44.110 --> 00:46.900
So I'm going to go ahead and call this one as simply login.

00:46.930 --> 00:50.530
Again, we are going to wrap everything around with the big promise.

00:50.530 --> 00:51.550
So there we go.

00:51.550 --> 00:54.400
And inside this shortly we be talking with the database.

00:54.400 --> 00:57.940
So we're going to go ahead and go with the sync route and with the sync.

00:57.940 --> 01:03.760
We're going to go ahead and say, hey, I have a request response and a next just like that.

01:03.760 --> 01:04.570
There we go.

01:04.960 --> 01:08.200
Now, how do you think the login should work now?

01:08.200 --> 01:10.990
Go ahead and pay a small attention on pen and paper.

01:10.990 --> 01:12.250
The idea is really simple.

01:12.250 --> 01:14.260
Somebody will be sending you name and email.

01:14.260 --> 01:16.000
You have to receive that in the request.

01:16.000 --> 01:16.930
These are compulsory.

01:16.930 --> 01:20.650
You have to have email and password at least or maybe more fields.

01:20.650 --> 01:25.060
Then you have to first check whether this user exists in the database or not.

01:25.060 --> 01:27.970
If it doesn't exist, provide an error really simple.

01:27.970 --> 01:31.240
After that match, it's password that he's entering.

01:31.240 --> 01:33.580
Whatever he's entering, the password is correct or not.

01:33.580 --> 01:38.020
And once all of these checks are done, then go ahead and provide him the token and that's it.

01:38.020 --> 01:39.550
That's the login that we have to do.

01:39.550 --> 01:40.630
So really simple.

01:40.630 --> 01:45.490
So let's go ahead and first extract email and password.

01:45.490 --> 01:47.440
So let's go ahead and say, hey, password.

01:47.500 --> 01:50.800
Now this will be coming up from request body shouldn't be a big deal.

01:50.800 --> 01:52.960
We have done so much of the talk on this one.

01:53.350 --> 01:57.340
Now, once this is all done, I will first check whether email and password is present.

01:57.340 --> 02:05.590
So check for presence of presence of email and password.

02:05.950 --> 02:09.190
So we're going to go ahead and put up a simple if statement up here.

02:09.190 --> 02:10.030
So there we go.

02:10.060 --> 02:18.280
We're going to say if email is not there or if password is not there, come on.

02:18.430 --> 02:19.270
No suggestion.

02:19.270 --> 02:19.900
There we go.

02:19.900 --> 02:24.940
So if email is not there or password is not there, we're going to go ahead and simply return the method

02:24.940 --> 02:25.690
just right here.

02:25.690 --> 02:28.420
So let's go ahead and wrap it around with the next.

02:28.420 --> 02:34.330
Let's use the new and our custom error and feel free to use the regular error handler as well.

02:34.330 --> 02:43.300
I'm going to go ahead and simply say, please provide email and password and let's go ahead and give

02:43.300 --> 02:44.860
it a 400 as an error.

02:46.000 --> 02:51.190
So first check is all done that we have checked whether the email and password both are present or not.

02:51.220 --> 02:55.300
Now let's go ahead and assume that user has provided us the email.

02:55.300 --> 02:58.450
So based on this email, let's find a user in the database.

02:58.450 --> 03:03.760
So how we can do that, we're going to simply go ahead and say user and it has a lot of options to find.

03:03.760 --> 03:09.400
There is a find, one find by ID and a whole lot of others we're going to use find one in this case.

03:09.400 --> 03:12.940
Now in the find one method, you can just pass on an object.

03:12.940 --> 03:17.500
And based on this, whatever the parameter you are looking for, in this case it is email, but it can

03:17.500 --> 03:24.070
be ID, email, maybe role based on whatever filter you want to have that find, one is going to just

03:24.070 --> 03:26.740
find the first one which it finds at the very top.

03:26.740 --> 03:28.090
So that's basically it.

03:28.450 --> 03:28.700
Okay.

03:28.840 --> 03:33.730
Now also on top of that, we have to mention a11 more keyword which is select.

03:33.730 --> 03:37.180
Now why we are going to use this select and let me first write that.

03:37.180 --> 03:38.620
Just go ahead and add a plus.

03:38.620 --> 03:38.920
Yes.

03:38.920 --> 03:42.130
Plus is important here and make sure you write password.

03:42.130 --> 03:47.800
The reason for writing this is because when we were writing the models of the user, we told that this

03:47.800 --> 03:49.960
password field is select false.

03:49.960 --> 03:54.310
So that means by default, whenever it is going to come, it is going to come without the password.

03:54.310 --> 03:58.210
And eventually we need to compare the password as well that the whether the password is correct or not.

03:58.210 --> 04:00.130
So that's why we have to write this one.

04:00.280 --> 04:01.750
Let's hold this into a variable.

04:01.750 --> 04:04.240
So let's go ahead and call this one as simply user.

04:04.270 --> 04:08.110
Since database is always on another continent, let's go ahead and use a eight.

04:08.110 --> 04:08.830
Pretty simple.

04:08.830 --> 04:09.460
There we go.

04:09.760 --> 04:14.350
Now there are chances that there might be no user while retrieving from the database itself.

04:14.350 --> 04:18.280
So in this case, we're going to go ahead and copy this line and paste it up here.

04:18.370 --> 04:25.870
And this time we're going to say if there is no user, so if user is not there, then we have to provide

04:25.870 --> 04:37.720
a message that you are not registered in our database or website, however you want to craft this message

04:37.720 --> 04:38.710
totally unto you.

04:38.920 --> 04:39.190
Okay.

04:39.220 --> 04:44.110
So this is the case where probably the user is not in the database, assuming we have moved forward,

04:44.110 --> 04:45.670
that means user is there.

04:45.670 --> 04:50.800
Now, the next step is to obviously confirm whether the password user has given to us is correct or

04:50.800 --> 04:51.280
not.

04:51.310 --> 04:57.130
Again, for this, we can go on to this model user and we have got a method already written for us which

04:57.130 --> 05:01.660
gives us exactly same thing which is is validated password really.

05:02.480 --> 05:05.180
Really obnoxious name, but this is what it is doing.

05:05.180 --> 05:06.940
So it gives us a true and false value.

05:06.950 --> 05:09.830
So let's go ahead and use that.

05:10.190 --> 05:16.580
So we're going to go ahead and use that is password, correct?

05:16.580 --> 05:19.460
So that that is going to be answered by that method.

05:19.460 --> 05:20.990
So let's go ahead and call this one.

05:20.990 --> 05:23.360
So we're going to go ahead and use the user notice.

05:23.360 --> 05:27.020
This time I'm using the smaller one because I'm not looking into the database.

05:27.020 --> 05:28.940
I've already received it from the database.

05:28.940 --> 05:33.110
Now all these methods that you want to run is run on these objects.

05:33.650 --> 05:39.320
So user dot what did we call this one is validated password.

05:39.320 --> 05:41.270
So let's go ahead and paste that.

05:41.270 --> 05:45.230
So is validated password just requires a password that user has entered.

05:45.230 --> 05:46.370
So that is it password.

05:46.370 --> 05:52.490
So again, reminding you again it takes the user send password and give us whether the password is correct

05:52.490 --> 05:53.120
or not.

05:53.810 --> 05:56.510
Again, since this is this may take some time.

05:56.510 --> 05:58.730
So let's go ahead and use an update on this one.

05:58.730 --> 06:00.050
So this is all good.

06:00.380 --> 06:05.510
Now, based on if the password matches perfectly or not, let's go ahead and work on with that.

06:05.510 --> 06:07.970
So again, we are going to go ahead and copy that.

06:09.560 --> 06:13.400
Now, if the password matches correctly, then obviously we are going to get it true.

06:13.400 --> 06:18.860
But what we are looking for is a false because in the false if password doesn't match, then we can

06:18.860 --> 06:25.670
give a kind of a message to the user and what we can do is kind of give a better message that if user

06:25.670 --> 06:30.230
is not present or the password doesn't match, we can give kind of a message.

06:30.230 --> 06:37.070
Instead of allowing the user giving him a hint for boot forcing on the website, we can give that email

06:37.070 --> 06:43.400
or password does not match or exist.

06:43.880 --> 06:48.920
So yeah, I know this is not really one of the best message, but actually we are going to be using

06:48.920 --> 06:49.640
this one only.

06:49.640 --> 06:56.540
Feel free to use or change this message up here, assuming that everything is done correctly and we

06:56.540 --> 06:58.760
have now these passwords and everything correct.

06:58.790 --> 07:01.340
Now, after at this point, we have checked everything.

07:01.340 --> 07:04.400
Now we are completely ready that everything is fine.

07:04.400 --> 07:06.800
Now we can send it token to the user itself.

07:06.890 --> 07:11.420
So in order to send the token, we need to take a help of the method which we designed above in the

07:11.420 --> 07:12.410
previous section.

07:12.530 --> 07:15.440
So we're going to be copying exactly this.

07:15.440 --> 07:19.070
We can actually copy this exact line and can paste it at the bottom here.

07:19.340 --> 07:20.240
So there we go.

07:21.100 --> 07:21.460
Okay.

07:21.460 --> 07:22.410
So this is all good.

07:22.420 --> 07:27.400
Let me go ahead and put up some of the comments so that it's easier for you to understand what is happening.

07:27.400 --> 07:30.100
This is checking for the presence of email and password.

07:30.310 --> 07:42.340
And then here we're going to be saying get user from a DB and this one is checking if user not found

07:42.340 --> 07:45.310
in in DB.

07:45.670 --> 07:57.550
And then here we are saying match the password and here we are saying that at the top of this one we

07:57.550 --> 08:06.670
are saying if password do not match and here we are just sending the cookie token.

08:06.680 --> 08:14.950
So if all goes good and we send the token, there we go.

08:14.950 --> 08:17.230
I told you, it's really simple from now onwards.

08:17.230 --> 08:17.770
So there we go.

08:17.770 --> 08:19.240
We have got this method now.

08:19.240 --> 08:21.700
Only thing that's remaining is to use this method.

08:21.700 --> 08:23.500
So let's go up into the roots.

08:23.500 --> 08:25.600
We can actually close this user, which is the models.

08:25.600 --> 08:31.120
One, we need to go into the roots user dot charges and let's go ahead and import the login.

08:31.120 --> 08:36.490
So we're going to go ahead and say bring login and let's go ahead and add another root here.

08:36.490 --> 08:42.280
This root is going to be simply login and it is also a post method and I have to say login.

08:42.280 --> 08:46.510
Now notice here one thing that I don't have to worry that how am I writing these methods?

08:46.510 --> 08:51.550
It can be a get method, post match or whatever it is, and I can control everything from just one place.

08:51.580 --> 08:56.890
Let's go ahead and try to login into a user and see if we are able to successfully log in or not.

08:57.070 --> 08:58.060
Let's go up here.

08:58.390 --> 09:00.100
So we have created this three user.

09:00.100 --> 09:01.930
Let's go ahead and create another root here.

09:01.930 --> 09:07.840
So we're going to go ahead and say that, hey, let's save this one as another one, which is log in.

09:08.080 --> 09:12.460
This is going to t shirt store user and let's go ahead and log in.

09:12.460 --> 09:17.110
So this is also a post request and we will be sending into the body itself.

09:17.110 --> 09:21.460
But this time it's going to be a simple you can send it into form data as well since it's a form request,

09:21.460 --> 09:25.840
but I would rather like to send it into a JSON request.

09:25.990 --> 09:28.060
The root is going to change to login.

09:28.060 --> 09:29.260
I'm going to save this one.

09:29.260 --> 09:30.850
So this is a login route.

09:30.850 --> 09:34.960
Let's go ahead and say that I'm going to pass on an email.

09:36.170 --> 09:42.470
And this email is going to be three at the rate AE or let's go ahead and log in with the two actually,

09:42.470 --> 09:46.250
because the cookies right now are actually sending us all the data from the tree itself.

09:46.250 --> 09:47.810
So let's go ahead and try with the two.

09:48.050 --> 09:54.410
So to add ae dev and then a comma and this one is going to be password.

09:55.970 --> 09:56.540
There we go.

09:56.540 --> 09:58.280
And one, two, three, four, five.

09:58.280 --> 10:02.360
And let's go ahead and trust out only with the five that whether we are actually getting some errors

10:02.360 --> 10:07.760
or not send that and it says error, email or password does not match or exist.

10:07.760 --> 10:08.990
So a really vague error.

10:08.990 --> 10:10.220
But this is what we got.

10:10.220 --> 10:13.490
What happens when I don't send any email value up here?

10:13.490 --> 10:20.570
So let's go ahead and try to kind of cut this out and send it and still please provide email and password.

10:20.570 --> 10:26.060
So fantastic there and let's go ahead and send the correct password, which is six and go ahead and

10:26.060 --> 10:28.250
send this one so everything goes correctly.

10:28.250 --> 10:33.290
Then we get a success through token we are receiving there and we are also receiving all the user values

10:33.290 --> 10:33.740
and everything.

10:33.740 --> 10:35.780
And notice password is still not coming in.

10:35.780 --> 10:39.020
That is absolutely fantastic and this is exactly what we want.

10:39.050 --> 10:44.480
We can also see that the cookie has been updated and now we have a cookie going on all so this is all

10:44.480 --> 10:44.770
good.

10:44.780 --> 10:46.100
Told you, it's really simple.

10:46.100 --> 10:49.490
In the next video we're going to go ahead and work on with the log out root.