I need to check if user with passed email OR login already exists in database.
const userModel = new User();
const user = await userModel.findByLogin(req.body.email, req.body.login);
if (user) {
req.checkBody('email', 'Email already in use').custom(value => user.email === value ? Promise.reject('Email already in use') : value);
req.checkBody('login', 'Login already in use').custom(value => user.login === value ? Promise.reject('Login already in use') : value);
}
const errors = req.validationErrors();
findByLogin takes email and login and returns existing user or null. Email validation works as expected. But if I try to register user with unique email and existing login, it doesn't create any errors (errors is false).
I just messed up with asynchronous validation. I cannot use validationErrors in my case, so I changed it to getValidationResult and it works fine now. Here is the result:
const userModel = new User();
const user = await userModel.findByLogin(req.body.email, req.body.login)
if (user) {
req.checkBody('email', 'Email already in use').custom(value => user.email !== value ? value : Promise.reject('Email already in use')).withMessage('Email already in use');
req.checkBody('login', 'Login already in use').custom(value => user.login !== value ? value : Promise.reject('Login already in use'));
}
const errors = await req.getValidationResult();
Related
I have a testcafe test that checks API response JSON for a matching string and no matter what is in the response JSON, the test always passed.
I am running Gherkin/Testcafe integration. Last "Then" step is to check an API response JSON body.
logger = RequestLogger(config.serverUrl + '/api/v1/service', {
logResponseHeaders: true,
logResponseBody: true,
});
await t
.addRequestHooks(logger)
.navigateTo(config.serverUrl + '/admin/integrations')
.expect(logger.contains(record => record.response.statusCode === 200))
.ok();
await t
.expect(
logger.contains(async record => {
// console.log(record.response.headers);
const body =
record.response.headers['content-encoding'] === 'gzip'
? await getBody(record.response.body)
: record.response.body.toString();
const bodyJson = JSON.parse(body);
return bodyJson.filter(node => node.title === "Devtest").length == 1;
})
)
.ok();
In the end, the code should return true/false depending on finding/not finding at least one item containing "Devtest".
However, the test always passes no matter what is the number.
RequestLogger doesn't support the async function for the predicate parameter of the containsfunction.
So, this expectation always passes - await t.expect(logger.contains(async record => false)).ok().
To fix the problem I suggest you split your code into two pars:
const record = request.records.find(r => ...);
const body = record.response.headers['content-encoding'] === 'gzip'
? await getBody(record.response.body)
: record.response.body.toString();
const bodyJson = JSON.parse(body);
await t.expect(bodyJson.filter(node => node.title === "Devtest").length === 1).ok();
I also see that the capability to automatically unzip response bodies can simplify your test code. If you have time you can try to implement this feature and open a pull request in the TestCafe repository.
Let's say I run this:
var user = new UserSchema { UserName = model.UserName, Email = model.Email };
var result = await _userManager.CreateAsync(user, model.Password);
I see that the Id property of user is generanted on new. What happens if for some extremely unlikely a user with the Id exists?
If you have set UserOptions on Startup, for example options.User.RequireUniqueEmail = true; it will return an IdentityResult with errors (in the example here, the error would be "DuplicateEmail".
Source: Microsoft Docs
I have a Module called "Backend" and in this module I want to check for valid authentication on all pages except the backend_login page. How do I do this? I tried to add it to the onBootstrap in the Backend/Module.php , but it turns out that is called in my other modules as well... which is of course not what I want.
So how do I do this?
Thanks in advance!
To get clear information about zf2 authentication you can follow:
ZF2 authentication
adapter auth
database table auth
LDAP auth
digest auth....These all are different methods here is an example of database table auth:
in every controller's action, where you need user auth something should like this:
use Zend\Authentication\Result;
use Zend\Authentication\AuthenticationService;
use Zend\Authentication\Adapter\AdapterInterface;
use Zend\Db\Adapter\Adapter as DbAdapter;
use Zend\Authentication\Adapter\DbTable as AuthAdapter;
public function login($credential)
{
$bcrypt = new Bcrypt();
$user = new User();
$auth = new AuthenticationService();
$user->exchangeArray($credential);
$password = $user->password;
$data = $this->getUserTable()->selectUser($user->username);
if (!$data){
$message = 'Username or password is not correct!';
}
elseif($auth->getIdentity() == $user->username){
$message = 'You have already logged in';
}
elseif($bcrypt->verify($password, $data->password)){
$sm = $this->getServiceLocator();
$dbAdapter = $sm->get('Zend\Db\Adapter\Adapter');
$authAdapter = new AuthAdapter(
$dbAdapter,
'user',
'username',
'password'
);
$authAdapter -> setIdentity($user->username) -> setCredential($data->password);
$result = $auth->authenticate($authAdapter);
$message = "Login succesfull.Welcome ".$result->getIdentity();
} else {
$message = 'Username or password is not correct';
}
return new ViewModel(array("message" =>$message));
}
Like this in every action you can check whether it is authenticated or not
if($auth -> hasIdentity()){
//your stuff
}
else{
//redirected to your login route;
}
I had once a similar problem and figured it out within my Module.php in the onBootstrap() function. Try this, it worked for me:
class Module {
// white list to access with being non-authenticated
//the list may contain action names, controller names as well as route names
protected $whitelist = array('login');
//....
public function onBootstrap($e){
$app = $e->getApplication();
$em = $app->getEventManager();
$sm = $app->getServiceManager();
$list = $this->whitelist;
$auth = new AuthenticationService();
$em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
$match = $e->getRouteMatch();
// No route match, this is a 404
if (!$match instanceof RouteMatch) {
return;
}
// Route is whitelisted
$action = $match->getParam('action');
if (in_array($action, $list) ) {
return;
}
// User is authenticated
if ($auth->hasIdentity()){
return;
}
// the user isn't authenticated
// redirect to the user login page, as an example
$router = $e->getRouter();
$url = $router->assemble(array(
'controller' => 'auth',
'action'=>'login'
), array(
'name' => 'route_name',
));
$response = $e->getResponse();
$response->getHeaders()->addHeaderLine('Location', $url);
$response->setStatusCode(302);
return $response;
}, -100);
}
}
Or you may see bjyauthorize.
In yii i am creating login functionality. When user enters correct username but wrong password i want to make serach in database for this correct username and want to put that username's id into loginattemmpt table and display wrong password message to him. So can please someone help me.
in userIdentity.php save data in table .
public function authenticate() {
$user = User::model()->findByAttributes(array('username' => $this->username));
if ($user === null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
elseif($user->password !== crypt($this->password, $salt))
{ // save $user->id in attempt table here .
$this->errorCode = self::ERROR_PASSWORD_INVALID;
}else{
//set id
}
and in file from where authenticate function is called setError.
$this->_identity = new UserIdentity($this->username, $this->password);
if (!$this->_identity->authenticate())
if ($this->_identity->errorCode === UserIdentity::ERROR_USERNAME_INVALID) {
$this->addError('password', 'Incorrect email Id');
}elseif($this->_identity->errorCode === UserIdentity::ERROR_PASSWORD_INVALID){
$this->addError('password', 'Incorrect Password');
}
I'm trying to login with the following controller action, but my login attempt keeps failing (I get the 'invalid username and/or password' message). What am I doing wrong? I also tried the other method given in the examples in the auth documentation, Auth::instance()->login($user->username, $form->password);, but I get the same result. Kohana version is 2.3.4.
public function login() {
$auth = Auth::instance();
if ($auth->logged_in()) {
url::redirect('/account/summary');
}
$view = new View('login');
$view->username = '';
$view->password = '';
$post = $this->input->post();
$form = new Validation($post);
$form->pre_filter('trim', 'username')
->pre_filter('trim', 'password')
->add_rules('username', 'required');
$failed = false;
if (!empty($post) && $form->validate()) {
$login = array(
'username' => $form->username,
'password' => $form->password,
);
if (ORM::factory('user')->login($login)) {
url::redirect('/accounts/summary');
} else {
$view->username = $form->username;
$view->message = in_array('required', $form->errors()) ?
'Username and password are required.' :
'Invalid username and/or password.';
}
}
$view->render(true);
}
Figured out my problem... Something in my registration process is missing, because it's creating the user record but not the role-to-user assoc record. Login needs a specific role to log in to, or it won't work even with a valid username and password. Manually inserting the record allowed my to log in, so I'll just have to debug my registration action a bit.