authentication using node.js and mongodb

Question

authentication using node.js and mongodb

Guys I am trying to get myself authenticated and for this I am using node.js and mongo DB.But the thing is that after registarion the user is not able to authenticate himself.Here is my snippet

app.post('/login',function(req,res){
    ContactProvider.findAll(function(error, posts) {
        var aut = req.body;
        if (aut.user == posts.user && aut.pass == posts.pass) {
            req.session.name = {name:aut.user};
            res.redirect('/home');
        } else {
            res.send('Bad user/pass');
        }
    });
});

Below is my snippet for registering the user

app.post('/register',function(req, res) {
    var post=req.body;
    if(post.pass!=post.cpass) {
        res.send("Error:Password doesnt match");
    } else {
        ContactProvider.save({
            user: req.param('user'),
            pass: req.param('pass'),
            cpass: req.param('cpass'),
            email: req.param('email')
        }, function(error, docs) {
            res.redirect('/');
        });
    }
});

The ContactProvider is the one below where post provider is a different file where all the mongoose things happen

var ContactProvider = require('./PostProvider').ContactProvider;
var ContactProvider= new ContactProvider();

This is the finone query in the postprovider file

ContactProvider.prototype.findone = function(name,pass, callback) {
  Post.findOne({name:name},{pass:pass}, function (err, post) {
                  callback(null, post);

          });
  };

node.js
mongodb
authentication

Answer 1

Something's seriously wrong with your code ( why you use name posts for an array of ContactProvider? ). You have to search for ContactProvider based on username and password. Something like this:

app.post('/login',function(req,res){
    var aut = req.body;
    ContactProvider.findOne(
        {
            user: aut.user,
            pass: aut.pass
        },
        function(err, usr) {
            if (error || !usr) {
                res.send('Bad user/pass');
            } else {
                // we have a user, authenticate!
                req.session.name = {name:aut.user};
                res.redirect('/home');
            }
        }
    );
});

SIDE NOTE: This is a very simple way of authenticating users, but it is not secure at all. You should read more about authentication and security in the internet. Very useful knowledge indeed.

EDIT: There's also an issue with your registration. Your data is stored in post variable, so use it on ContactProvider as well:

// some other code
ContactProvider.save({
    user: post.user,
    pass: post.pass,
    cpass: post.cpass, // no need to store the same thing twice
    email: post.email