App crashed after the wrong login credential attempt in node .js-CodePudding

Here is my code of login its work when the user enter the right credential but the app crashed when its enter the wrong credential by showing showing the error message "Internal server error" which is right beacause I wriiten in it catch code but what I want the app should not be crashed when the user enter the wrong credentials.

router.post(
  "/login",
  [
    body("email", "you enter wrong email").isEmail(),
    body("password", "password cannot be blank").exists(),
  ],
  async (req, res) => {
    const errors = validationResult(req);

    if (!errors.isEmpty()) {
      return res.status(400).json({ errors: errors.array() });
    }
    const { email, password } = req.body;
    try {
      let user = await User.findOne({ email });
      if (!user) {
        res.status(400).json({ error: "Please try to login with correct credentials" });
      }
      const passwordcompare = await bcrypt.compare(password, user.password);
      if (!passwordcompare) {
        res.status(400).json({ error: "Please Try to login with correct credential" });
      }
      const data = {
        user: {
          id: user.id,
        },
      };
      const authtoken = jwt.sign(data, JWTSECRET);
      res.json({ authtoken });
    } catch (error) {
      console.log(error.message);
      res.status(500).send("Internal  server error");
    }
  },
);

module.exports = router;

CodePudding user response：

You're not returning after those res.status(400).json()s, so your program just continues on its merry way.

      if (!user) {
        res.status(400).json({error: "Please try to login with correct credentials"});
        return;  // add this
      }

CodePudding user response：

I think The problem in this line

const passwordcompare = await bcrypt.compare(password, user.password);

When password is undefined or wrong bcrypt.compare will throw an error and the catch block will catch it and return internal server error message

Try add return to res

if (!passwordcompare) {
       return res.status(400).json({ error: "Please Try to login with correct credential" });
      }
      const data = {
        user: {
          id: user.id,
        },
      };
      const authtoken = jwt.sign(data, JWTSECRET);
     return res.json({ authtoken

});

CodePudding user response：

You should add return statements on your error checks, otherwise, the function will keep executing and try to access user.password also if the user has not been found:

router.post(
    "/login",
    [
      body("email", "you enter wrong email").isEmail(),
      body("password", "password cannot be blank").exists(),
    ],
    async (req, res) => {
      const errors = validationResult(req);
  
      if (!errors.isEmpty()) {
        return res.status(400).json({ errors: errors.array() });
      }
      const { email, password } = req.body;
      try {
        let user = await User.findOne({ email });
        if (!user) {
          return res.status(400).json({ error: "Please try to login with correct credentials" });
        }
        const passwordcompare = await bcrypt.compare(password, user.password);
        if (!passwordcompare) {
          return res.status(400).json({ error: "Please Try to login with correct credential" });
        }
        const data = {
          user: {
            id: user.id,
          },
        };
        const authtoken = jwt.sign(data, JWTSECRET);
        res.json({ authtoken });
      } catch (error) {
        console.log(error.message);
        res.status(500).send("Internal  server error");
      }
    },
  );
  
  module.exports = router;

CodePudding user response：

You do not return res.status() that's why your code crashed.