WEBVTT 00:03.790 --> 00:05.290 Hey, did everyone stay here? 00:05.290 --> 00:06.690 And welcome to another video. 00:06.700 --> 00:10.960 Now, before we start with this video, let me just point you towards one line that I've added in the 00:10.960 --> 00:13.060 source code, which is this one. 00:13.060 --> 00:18.990 A lot of you obviously will get a question that why we are sending token just when the user is registered. 00:19.000 --> 00:23.020 Now there are a lot of flows and we can definitely argue about which one is the best, which we are 00:23.020 --> 00:23.830 not going to do. 00:23.830 --> 00:28.690 But again, some people just like to register the user and immediately they want to start their application 00:28.690 --> 00:29.980 to be used by user. 00:29.980 --> 00:34.300 But in some cases you just want to send an okay message that, hey, you are all set, all good, your 00:34.300 --> 00:35.080 account was created. 00:35.080 --> 00:36.490 Now go ahead and log in. 00:36.490 --> 00:41.140 So when you send the token where you not send the token, that's up to you and the flow of the application. 00:41.140 --> 00:42.640 There is no wrong or right here. 00:42.640 --> 00:47.560 So I've added a simple line here that send the token or just send a success message that yes, your 00:47.560 --> 00:52.120 account was created and send some information so that frontend guy can actually redirect it. 00:52.120 --> 00:54.940 Now it can redirect just based on the yes or no also. 00:54.940 --> 00:57.850 So it's totally up to you and the flow of the application. 00:58.090 --> 01:02.350 Now in this case I am sending you the JSON token because I wanted to teach a lot and all of that, but 01:02.350 --> 01:03.940 that's all what we wanted to do. 01:03.940 --> 01:08.560 So now what I'm going to do is I'm going to go ahead and just minimize this because the registration 01:08.560 --> 01:09.370 work is all done. 01:09.370 --> 01:12.460 Now let's go back and see how we are going to move now. 01:12.550 --> 01:16.510 Now, again, by the way, this video is going to be tiny bit longer because I just want to show you 01:16.510 --> 01:18.640 that how now we can speed up the things. 01:18.640 --> 01:22.600 So now we have to follow the login flow just like we have done the registration. 01:22.600 --> 01:26.350 We are going to use the login flow and this is how the user login flow looks like. 01:26.350 --> 01:31.630 You grab all the information so I know that I can grab it from request or body or maybe any other format. 01:31.630 --> 01:33.760 I can just grab it maximum time. 01:33.760 --> 01:35.290 It is going to be request body. 01:35.290 --> 01:36.970 Now I can check the mandatory field. 01:36.970 --> 01:39.670 Of course I can do it by simple if unless no big deal. 01:39.700 --> 01:41.290 Get user from the database. 01:41.290 --> 01:41.540 Okay. 01:41.620 --> 01:43.090 So this is a little bit tricky. 01:43.270 --> 01:48.940 Not too much, but I can use just like I was using user create to create a user in the database. 01:48.940 --> 01:54.160 I can go ahead and use user find or find one or any other method that I know to find certain things 01:54.160 --> 01:55.120 in the database. 01:55.240 --> 01:58.240 And after that we have to compare and verify the password as well. 01:58.270 --> 02:03.040 Once we have grabbed the user, we also need to grab his password and the password that the user is 02:03.040 --> 02:04.180 sending while logging in time. 02:04.180 --> 02:05.740 We have to compare both of them. 02:05.740 --> 02:10.450 We are now aware about the library script and I showed you in the documentation that it has a method 02:10.450 --> 02:14.980 of comparing and it can compare and can return us a boolean value that whether the password matches 02:14.980 --> 02:15.610 or not. 02:16.030 --> 02:20.680 And finally, we can give the token or any of that information, whatever we need to do. 02:20.680 --> 02:23.770 In majority of the cases, you will be sending him the token back. 02:23.770 --> 02:25.480 Okay, so this is all we have to do. 02:25.480 --> 02:28.150 Let's go back up here and define another route. 02:28.150 --> 02:33.550 So let's go ahead and do that app post and this is how it's going to be. 02:33.820 --> 02:35.080 Let me shift a little bit. 02:36.460 --> 02:38.170 So what is going to be the route? 02:38.170 --> 02:40.390 In my case, I'm going to call this one as login. 02:40.390 --> 02:45.190 There's a whole lot debate about calling it as a login, sign up sign and whatever you call it, I'm 02:45.190 --> 02:49.270 just going to call it as this one since I'll be using some information with the database. 02:49.270 --> 02:51.970 And as I told you, database is always in the other continent. 02:51.970 --> 02:55.060 So we have to go through with the async and await method. 02:55.060 --> 02:57.250 So I'll directly put in a sync of eight here. 02:57.250 --> 03:01.390 I'm going to go ahead and say, Hey, I want to use a request and response just like that. 03:01.570 --> 03:02.800 And there we go. 03:02.920 --> 03:07.960 Now how we're going to do that, the very first thing is not accepting the request, but we I showed 03:07.960 --> 03:12.490 you that we have to wrap everything around the trigger block because otherwise we have to go through 03:12.490 --> 03:13.450 with the promises. 03:13.450 --> 03:15.940 And that is also a good way of working with that. 03:15.940 --> 03:19.360 Or you can wrap everything around the trigger and use a sync of it totally. 03:19.360 --> 03:21.430 Your call how you want to go ahead and do that. 03:21.430 --> 03:24.070 First, I'll handle the case of the error. 03:24.070 --> 03:27.550 So I'm going to go ahead and say, Hey, I want to use the log and I'll just dump the error. 03:27.550 --> 03:29.230 Yes, this is not a good idea. 03:29.230 --> 03:31.540 I should be digging a little bit more into the errors. 03:31.540 --> 03:35.890 But in the case of development, we usually prefer to have entirety of that or not. 03:35.890 --> 03:40.420 In the production we production, we want to give very meaningful errors in the case of errors also. 03:40.660 --> 03:41.090 Okay. 03:41.470 --> 03:43.360 So let's go ahead and try first. 03:43.360 --> 03:44.610 Let's grab all the users. 03:44.610 --> 03:49.960 So I'm going to go ahead and say that, hey, I want to structure whatever is coming from the body. 03:49.960 --> 03:51.790 So I'm going to say request dot body. 03:51.820 --> 03:54.250 Let me go ahead and make some space for myself. 03:54.250 --> 03:54.850 There we go. 03:54.850 --> 03:55.840 Nice and easy. 03:55.870 --> 03:56.860 Come back here. 03:56.860 --> 03:57.640 There we go. 03:57.730 --> 03:59.800 What all information is coming in. 03:59.830 --> 04:02.770 The major information that is coming in is email and password. 04:02.770 --> 04:06.760 Maybe you are expecting username or something else that's up to you and your flow. 04:06.880 --> 04:09.610 After that, make sure that it is 100% there. 04:09.610 --> 04:15.160 So just like the exact same flow that we used in the past as well, we want to make sure that if email 04:15.160 --> 04:21.670 and password are there, but if they are not there, that's why the exclamation sign, if they are not 04:21.670 --> 04:23.240 there, I just want to send a response. 04:23.240 --> 04:29.770 So resort status, I'm going to raise the status code of probably 400 or probably 401 up to you. 04:29.770 --> 04:31.240 And we're going to go ahead. 04:31.240 --> 04:32.830 Usually it's a JSON. 04:32.830 --> 04:35.020 All the response is being sent in the JSON. 04:35.020 --> 04:38.470 If that is the flow that you are following, I'm not following any flow as of now. 04:38.470 --> 04:42.520 So I'm going to go ahead and say and I'll respond with Field is missing. 04:42.520 --> 04:46.780 I don't know which one because I'm checking both of them at the same time, but this is how we are going 04:46.780 --> 04:47.440 to do that. 04:47.560 --> 04:48.070 Okay. 04:48.640 --> 04:52.990 Assuming I have reached to line number 68, that means email and password are present there. 04:52.990 --> 04:53.980 Then we have to go ahead. 04:53.980 --> 04:57.790 Based on this email, I need to find a user from the database itself. 04:57.790 --> 05:01.780 So I'm going to go ahead and say user and again, make sure to remember. 05:01.960 --> 05:04.840 That this user is coming up from here, from the model itself. 05:04.840 --> 05:07.870 That's why I'm able to call this up here directly, like user. 05:08.020 --> 05:09.260 So come on. 05:09.280 --> 05:12.940 Click up here and then I can use either find or find one. 05:12.940 --> 05:16.350 Again, we can discuss more about this better or not right now. 05:16.360 --> 05:18.960 So I want to find a user based on the email. 05:18.970 --> 05:22.180 Now this obviously will return with something, so I'm going to hold it into a variable. 05:22.180 --> 05:23.590 Let's call this one as user. 05:23.590 --> 05:24.070 There we go. 05:24.070 --> 05:24.880 Nice and easy. 05:24.880 --> 05:29.860 But since the the database is in another continent, I'm going to use an A and that's the reason why 05:30.100 --> 05:31.180 we used a sync. 05:31.840 --> 05:32.710 So this is good. 05:32.860 --> 05:34.780 Now what if there is no user? 05:34.780 --> 05:41.530 I can go ahead and say that if there is no user, then obviously I was not able to find the user from 05:41.530 --> 05:42.040 the database. 05:42.040 --> 05:53.770 So I can go ahead and copy this and paste it up here and can say that you are not registered in our 05:54.250 --> 05:56.290 application app website. 05:56.320 --> 06:01.390 However you want to transform the messages, assuming this is all this has also not happened. 06:01.390 --> 06:04.270 That means now we need to check the password as well. 06:04.270 --> 06:09.280 Now when we are grabbing the user, we also have grabbed the field which is user dot password. 06:09.310 --> 06:14.500 In case you are using other mechanism in the mongoose, you are that much advanced level a little bit. 06:14.530 --> 06:19.120 Then make sure you add a plus sign in case you have instructed the mongoose not to send the password. 06:19.120 --> 06:20.290 Make sure the password is coming. 06:20.290 --> 06:22.600 For those who didn't understood this, no worries. 06:22.600 --> 06:26.410 This is not a beginner conversation that I was having for a minute. 06:26.440 --> 06:29.800 Okay, so how are we going to use the password thing now? 06:29.800 --> 06:34.960 Password thing is really, really easy and I'm going to show you the better way of accomplishing this. 06:34.960 --> 06:40.030 So what you can do is you can simply use the script and Bacup has a method of compare. 06:40.480 --> 06:45.730 Now in this compare, you can go ahead and compare the both password, the password that the user has 06:45.730 --> 06:47.320 send me just right now in the body. 06:47.320 --> 06:50.470 And I can also go ahead and compare with that user dot password. 06:51.940 --> 06:57.160 Now this actually returns to a Boolean value that whether the password matches or not. 06:57.160 --> 07:02.530 But let me show you one more thing when you are using this compare since I told you this can take a 07:02.530 --> 07:03.460 little bit of a second. 07:03.460 --> 07:05.410 So you always want to use an eight. 07:05.440 --> 07:12.250 Now you can hold this result into a simple variable and then use the same settings of if the password 07:12.370 --> 07:14.770 matches are not based on that, you can send the response. 07:14.770 --> 07:20.050 But let me show you let me go ahead and comment this out and show you a little bit of better way. 07:20.050 --> 07:22.960 This can actually stop some of the spams as well. 07:22.990 --> 07:25.960 You don't want to individually compare the email and password. 07:25.960 --> 07:30.850 You want to simply say, maybe I want to check out the one time email and password both at the time. 07:30.850 --> 07:33.250 So what you can do again, this is just a flow. 07:33.250 --> 07:35.110 Just wanted to show you both the situation. 07:35.110 --> 07:42.610 I will cut this out and I will say if user again, if there is no user, it will automatically be treated 07:42.610 --> 07:43.060 as false. 07:43.060 --> 07:48.430 So we can go ahead and do that and we can go ahead and treat this entire thing that we just wrote about 07:48.430 --> 07:49.900 the password comparison all here. 07:49.900 --> 07:51.850 We don't need to store that into a variable. 07:51.970 --> 07:57.160 So if user is there and the password also matches, then we go ahead and follow this up. 07:57.160 --> 08:01.540 So what we're going to do in the case when both follows, again, you can use an exclamation sign wrapped 08:01.540 --> 08:03.280 up in the press parenthesis. 08:03.280 --> 08:05.290 If nothing happens, then we can respond. 08:05.290 --> 08:10.930 But in this case we are going with the positive flow that if user is present and the password also matches, 08:10.930 --> 08:12.310 then I'm going to do something. 08:12.400 --> 08:14.110 Okay, what you are going to do? 08:14.140 --> 08:17.500 The flow says you just generate a token and send it back. 08:17.500 --> 08:20.140 Okay, let's go ahead and create a token. 08:20.140 --> 08:23.050 How we're going to create the token again, same JWT sign. 08:23.050 --> 08:24.670 This is how you sign. 08:24.670 --> 08:30.490 This is how you create the token and you pass on just the three things headers we are not worried about. 08:30.490 --> 08:32.260 So let's worry about just the information. 08:32.260 --> 08:36.790 So we're going to say user underscore ID from where you're going to get the value. 08:36.790 --> 08:37.270 Simple. 08:37.270 --> 08:43.270 The user that we have extracted from the database dot underscore id told you the weird one and it is 08:43.270 --> 08:44.110 not compulsory. 08:44.110 --> 08:47.800 But still I'm going to go ahead and send the email as well. 08:47.980 --> 08:52.330 It's not required because based on the ID, we can extract the email whenever we want, but maybe, 08:52.330 --> 08:54.490 maybe for some reason we want to send it up. 08:54.790 --> 08:57.220 Then the second thing is the secret. 08:57.220 --> 08:58.480 So I have to say. 09:00.160 --> 09:03.070 Process dot E and V dot. 09:03.430 --> 09:05.800 Let's grab the secret key. 09:05.800 --> 09:08.590 So I'm going to go ahead and copy this and paste that. 09:09.220 --> 09:14.290 Once this is also done, make sure you always expire your passwords, not password, but tokens as well. 09:14.470 --> 09:21.760 So I'm going to say expires in probably you want to get it more, but I'll just go for the 2 hours now 09:21.760 --> 09:23.740 we have the user, we have got the token as well. 09:23.740 --> 09:29.020 But since this token is not stored in the database itself, so I'm going to go after the if case, not 09:29.020 --> 09:31.210 after the if case where we are sending this token. 09:31.210 --> 09:35.740 So this is signed, this is where the token is created. 09:35.770 --> 09:36.790 Few lines of enter. 09:36.790 --> 09:37.390 There we go. 09:37.750 --> 09:41.110 Okay, once we are done, let's add this property to the user. 09:41.110 --> 09:43.000 So token is going to be token. 09:43.360 --> 09:45.700 And also we don't want to send the password right now. 09:45.700 --> 09:47.260 This user property has the password. 09:47.260 --> 09:53.890 So I'm going to say user dot password and that is going to be undefined just like we did last time, 09:54.880 --> 09:56.200 if I can write that. 09:56.200 --> 09:57.130 There we go. 09:57.430 --> 10:01.450 And finally, we want to simply does dot status. 10:01.450 --> 10:05.830 We want to raise the status of 200, which is always a good sign that everything is happy. 10:05.950 --> 10:10.180 And in the JSON, I'm going to go ahead and say, let's send this user. 10:10.480 --> 10:10.900 Okay? 10:11.560 --> 10:17.050 Now what happens if all of this if case doesn't work, maybe user is missing, maybe the password is 10:17.050 --> 10:17.440 missing. 10:17.440 --> 10:21.040 So we're going to go ahead and send a message based on that. 10:21.040 --> 10:27.340 So let's go outside of this if statement and say that in case nothing of that if statement works, then 10:27.340 --> 10:39.670 let's go ahead and send a status of 400 and send a user to message that email or password is incorrect. 10:40.030 --> 10:41.500 Again, it's all up to you. 10:41.500 --> 10:42.370 Not correct. 10:42.370 --> 10:43.660 Incorrect. 10:43.660 --> 10:44.320 There we go. 10:44.350 --> 10:46.480 Now it's up to you which flow you want to go with. 10:46.480 --> 10:48.880 That maybe user is a little bit confused in this case. 10:48.880 --> 10:53.950 If he is not registered, maybe you like the upper flow better that if user is not registered, we probably 10:53.950 --> 10:58.240 want to give a better message to the user that hey, you are not yet registered and probably you want 10:58.240 --> 11:00.310 to have a separate thing for the password. 11:00.430 --> 11:01.840 Maybe you want to give it all ones. 11:01.840 --> 11:04.600 Definitely up to you how you are designing your application. 11:04.600 --> 11:05.980 You are the boss here. 11:06.220 --> 11:06.790 Okay. 11:07.760 --> 11:08.840 So this is all done. 11:08.840 --> 11:10.820 Let's go ahead and save this one. 11:10.820 --> 11:12.830 I guess we don't need to worry about anything else. 11:12.830 --> 11:18.260 Yeah, we can actually go ahead and remove extra spaces and this is basically a log in flow. 11:18.870 --> 11:19.940 Okay, that's great. 11:19.940 --> 11:23.480 In the same video, we can actually go ahead and test this out as well. 11:23.480 --> 11:24.620 So let me go up here. 11:24.620 --> 11:29.240 So there are two users here in the database we can see which is on AE. 11:29.270 --> 11:31.220 I mistakenly added instead of one. 11:31.220 --> 11:35.570 I said that I know the password, let's see if we are able to grab it back from the post. 11:35.570 --> 11:40.700 Man So Post Postman Let's go ahead and save this one and I'm going to create another route. 11:40.700 --> 11:42.740 So let me first copy this. 11:43.880 --> 11:44.840 And paste that. 11:44.840 --> 11:48.140 And this time we are going to go for register. 11:48.150 --> 11:50.480 So I'm going to go ahead and say login. 11:51.020 --> 11:54.000 This one is going to be post route. 11:54.650 --> 11:59.000 We need to send some information in the body inside raw. 11:59.360 --> 12:01.490 And Jason, there we go. 12:02.990 --> 12:05.450 And the first information is email. 12:05.600 --> 12:07.610 So these are the two that are required. 12:10.450 --> 12:13.870 And the email is on the date ae dot dev. 12:14.830 --> 12:20.410 And the password again, this needs to go in the double codes password. 12:20.410 --> 12:24.010 And that password that I added is one, two, three, four, five, six really bad. 12:24.010 --> 12:25.420 But this is what we got. 12:25.420 --> 12:27.820 And let's go ahead and try to send this one. 12:29.370 --> 12:32.370 And it looks like we are hitting some of the issues. 12:32.700 --> 12:36.050 And it says underscore ID is not defined. 12:36.060 --> 12:38.090 So let's go ahead and see where we messed it up. 12:38.100 --> 12:38.480 Yep. 12:38.490 --> 12:40.170 This is the place where we messed it up. 12:40.230 --> 12:45.030 I'm pretty sure most of you have already seen that and might be pointing out from your screens that, 12:45.030 --> 12:46.320 hey, you missed it there. 12:46.770 --> 12:50.190 Okay, now let's go ahead and try to send it one more time. 12:50.610 --> 12:51.780 And there we go again. 12:51.780 --> 12:53.520 Debugging is always the part. 12:53.520 --> 12:54.660 Please don't be afraid. 12:54.660 --> 12:55.470 Don't be scared. 12:55.500 --> 12:57.270 Sometimes it takes just a few minutes. 12:57.270 --> 12:59.550 Sometimes it takes weeks, probably months. 12:59.550 --> 13:00.990 So don't be afraid of that. 13:00.990 --> 13:05.520 Now we are able to grab the ID, first name, last name, email and the token itself. 13:05.520 --> 13:08.100 Maybe you don't want to send that much of information to the user. 13:08.100 --> 13:09.810 You can always undefined something. 13:09.810 --> 13:12.960 Maybe you just only want to send the token, not even the ID. 13:13.200 --> 13:15.930 That's up to you how you want to play out the application. 13:15.930 --> 13:18.060 So this is the entirety of the login flow. 13:18.060 --> 13:20.190 Let's go ahead and catch up in the next video.