When you log in for the first time it works. But once you update some user information, it returns unauthorized on each request.

Hi,
I followed your YouTube series and it is great. However i am facing problem in the signin part. I have working signup and secret api.
My signin end point is not working. Even if i give the right password passport still returns false.
Then, i put some console.log statements in there and found out that the pre is running twice somehow. I don't know why. And because it is running twice what it does that, first it takes plaintext-password then hashes it and then again take to hashed password and re-hashes it again.

userSchema.pre("save", async function(next) {
  try {
      console.log('Normal Pass: ', this.password);
    // Generate a salt
    const salt = await bcrypt.genSalt(10);
    console.log('Salt: ', salt);
    // Generate a password hash (salt + hash)
    const passwordHash = await bcrypt.hash(this.password, salt);
    console.log('HashedPass: ', passwordHash);
    // Re-assign hashed version over original, plain text password
    this.password = passwordHash;
    next();
  } catch (error) {
    next(error);
  }
});

That is why i am getting false eveytime. Now i don't know how to solve this can anyone help me out here..

If I sign up with Google OAuth and then after signing out, if I create another account with google's email and password. So there are two docs in database with same email.

Ok,

I have setup Travis and it looks like it works, however, there is a small problem as I am not the owner or I do not have the repo right I can't set Travis to work on this repo. I think I need to be a part of the organization in the settings of the repo so I can setup Travis working here as well.

I will try to add MongoDB in memory package for a local test or we can come up with some kind of DB seed before each test.

also, I think there is an issue with mongoose

(node:4392) DeprecationWarning: `open()` is deprecated in mongoose >= 4.11.0, use `openUri()` instead, or set the `useMongoClient` option if using `connect()` or `createConnection()`. See http://mongoosejs.com/docs/connections.html#use-mongo-client

You can see the Travis build here on my forked repo: Link

During the server side validation of the user data input...it return the response::

` const result = Joi.validate(req.body, schema);
if (result.error) {
return res.status(400).json(result.error);
}

if (!req.value) { req.value = {}; }
req.value['body'] = result.value;
next();
`

response is received but the user is saved in the DB with corrupted data.
would like to contribute. :-)

when i cloned the repo, installed everything , app is running fine , google authentication is working fine
but when i click login with facebook , its showing

NodeOAuth needs to update the security settings and you wont be able to use it until nodeoauth updates its setttings, please fix this

There is no

app.use(bodyParser.urlencoded({
extended: true
}));

statement in app.js

when testing for the login password is correct or not
in your code in passport.js file
when using local strategy
you wrote :
const users = await user.findOne({email })
so when you enter wrong password , it generate normally token
i added password and it solved this issue to be like that
const users = await user.findOne({email ,password})

I have tried all the solutions offered in this site and GitHub but it didn't work for me because my routes/user.js is structured differently. Also, I am new in Nodejs. I need help to change const result = Joi.validate(req.body, schema); in the routeHelper.js and

const {validateBody, schemas} = require('../helpers/routehelpers');
router.route('/signup')
.post(validateBody(schemas.authSchema),userController.signup);
in the routes/user.js

//===Here is my Code ===

 //== helpers/routeHelper.js ==
 const Joi = require('joi');
    module.exports = {
      validateBody: (schema) => {
        return (req, res, next) => {
          const result = Joi.validate(req.body, schema);
          if (result.error) {
            return res.status(400).json(result.error);
          }


  if (!req.value) { req.value = {}; }
      req.value['body'] = result.value;
      next();
    }

  },

  schemas: {
    authSchema: Joi.object().keys({
      email: Joi.string().email().required(),
      password: Joi.string().required()
    })
  }
}

//== routes/user.js ====
const express = require('express'),
      router  = require('express-promise-router')();
const userController = require('../controller/user');
const {validateBody, schemas} = require('../helpers/routehelpers');
const passport = require('passport')
const passportConfig = require('../passport')

router.route('/signup')
.post(validateBody(schemas.authSchema),userController.signup);



router.route('/signin')
.post(userController.signin);

router.route('/secret')
.get(passport.authenticate('jwt',{session:false}),userController.secret);

module.exports = router;

A lot of the tests do not throw an error.

it('should return status 401', async () => { try { await chai.request(server).get(secret); } catch (error) { expect(error.status).to.equal(401); expect(error.response.text).to.equal('Unauthorized'); } });

should be:

it('Should return 401 without token in request', async () => { try { const result = await chai.request(server).get(secret); expect(result.status).to.equal(401); expect(result.response.text).to.equal('Unauthorized'); } catch (e) { throw new Error(e); } });

Because the error in the first example isn't thrown, it causes the assertion to fail, but the test still passes. Remember, try/catch causes the error to not be thrown unless you explicitly tell it to.

Google Depricated legacy People's API for new projects.

I had a problem that the google-plus-token-strategy is using old people's API which was made unavailable for new projects on March 7, 2019. So when you will add you clientID and client secret in the code and run it. So if you try to login it will give error.

Solution

Install the passport-token-google

and replace the require statement of GooglePlusTokenStrategy with:
const GoogleStrategy = require("passport-token-google").Strategy;

After this replace GooglePlusTokenStrategy with GoogleStrategy.

Now everything will work fine.

Hello, I am having a problem. I watched your youtube series and it was simply awesome. The problem I have is that passport.js file has not been imported anywhere so how did the passport come to know about the strategies?

I am having trouble solving it. Please help me.

to get this issue you must

1. sign up with local account
2. link your account with google
3. unlink your google account
4. sign out
5. login again with local account => you cant login with your email and password because your password already hashed again in step 2.
   if you notice this i will explain another issue in this project
   thank you

Should we merge part 8 to master?

@eXtremeXR
The link points to the correct video on youtube now.

@eXtremeX Should I fork the repo or can you add me as a contributor to it?
Also, I would suggest refactor the code into branches and not commit. it would be easy for us to push the master and users still can view the video specific branch.