What's wrong with my code? Currently learning back-end & bumped into a problem.

11 Replies
dys 🐙
dys 🐙12mo ago
What're you expecting to happen & what's your error?
vencewho
vencewhoOP12mo ago
After logging my credentials I'm expecting to be directed to home page. The problem is when I typed my username and password it shows that the password didn't match in red text even it's already stored in my database.
dys 🐙
dys 🐙12mo ago
More than likely the error is arising from LoginValidation.js which you didn't include in your post. Is it expecting there to be two password fields where the user repeats their password to make sure they typed it correctly?
vencewho
vencewhoOP12mo ago
Here's what LoginValidation.js looks like
vencewho
vencewhoOP12mo ago
Wait, I think I know what's wrong. const password_pattern = /^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$!%?&])[A-Za-z\d@$!%?&]{8,}$/; I think in this part because the minimum password should be 8, what do you think?
dys 🐙
dys 🐙12mo ago
It's the:
if(!password_pattern.test(values.password)) {
error.password = "Password Didn't match"
}
if(!password_pattern.test(values.password)) {
error.password = "Password Didn't match"
}
Where password_pattern is /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/ which is a regular expression I'll not try to decipher for you, but you can put it in https://regexr.com/ & it'll break it down for you. "aA1@12345678" is a valid password under that regex, for example. Honestly, there's no good reason to restrict the characters people are allowed to use in their passwords. There's no situation where fewer choices is going to make for better security. The only thing you might do is a minimum length which is achieved with the minlength attribute on the <input> element.
RegExr
RegExr: Learn, Build, & Test RegEx
RegExr is an online tool to learn, build, & test Regular Expressions (RegEx / RegExp).
vencewho
vencewhoOP12mo ago
Maybe I should try to exclude LoginValidation.js for a while to see if it's really the problem and you're right I should not restrict the characters.
dys 🐙
dys 🐙12mo ago
Just comment out setErrors(Validation(values)).
vencewho
vencewhoOP12mo ago
But so far it there something wrong with my codes in server.js? I mean my query for login.
dys 🐙
dys 🐙12mo ago
Though, actually, looking at your code, that should remove the error, but you won't get past the guard:
if(errors.username === "" && errors.password === "")
if(errors.username === "" && errors.password === "")
Since errors is initialized to an empty object, errors.username & errors.password will be undefined. To make it more flexible in several respects, I would change the guard to:
if(!Object.values(errors).some((err) => !!err))
if(!Object.values(errors).some((err) => !!err))
(!!undefined is false & so is !!'', but !!'any non-empty string' is true.) I'm pretty sure that a query returning zero rows is not an error. So, if their password doesn't match it will just return no rows, but it won't be an error, so the login will always succeed.
vencewho
vencewhoOP12mo ago
Wow, it works now. Thank very much!
Want results from more Discord servers?
Add your server