Graphql/bcrypt error "Illegal arguments: string, function" - graphql

I am working with graphql to signup/sign in. Registration runs smoothly but I am running into this the bcrypt error upon logging back in. When I change it to user.password in the if statement below the loginUser function, it says throws a newUser is undefined error. Where is my error in this one?
Resolvers:
const resolvers = {
Mutation: {
async registerUser(_, { registerInput: { username, email, password } }) {
const previousUser = await User.findOne({ email });
if (previousUser) {
throw new ApolloError(
"A user with this email already exists" + email,
"User_Already_Exists"
);
}
var encryptedPassword = await bcrypt.hash(password, 10);
const newUser = new User({
username: username,
email: email.toLowerCase(),
password: encryptedPassword,
});
const token = jwt.sign(
{ user_id: newUser._id, email },
"this is the secret",
{
expiresIn: "2h",
}
);
newUser.token = token;
const res = await newUser.save();
return {
id: res.id,
...res._doc,
};
},
async loginUser(_, { loginInput: { email, password } }) {
const user = await User.findOne({ email });
if (user && (await bcrypt.compare(password, user.model))) {
const token = jwt.sign(
{ user_id: newUser._id, email },
"this is the secret",
{
expiresIn: "2h",
}
);
user.token = token;
return {
id: res.id,
...res._doc,
};


You need to compare to user.password not user.model
newUser isn't defined if the passwords match, use user instead.
async loginUser(_, { loginInput: { email, password } }) {
const user = await User.findOne({ email });
if (user && (await bcrypt.compare(password, user.password))) {
const token = jwt.sign(
{ user_id: user._id, email },
"this is the secret",
{ expiresIn: "2h"}
);
user.token = token; // this isn't used anywhere, why?
return {id: res.id,...res._doc}; // this looks wrong too, res is not in scope
}
}

Related

Post Error with Apollo Client While Creating a New User

I am running into a POST http://localhost:4000/ 400 (Bad Request) Error.
I am trying to create a new user with the following frontend.
const REGISTER_USER = gql`
mutation Mutation(
$createUser: CreateUserInput!
) {
createUser(createUserInput: $createUserInput){
email
name
token
password
}
}
`
const Register = () => {
const context = useContext(AuthContext)
let navigate = useNavigate()
const [errors, setErrors] = useState([])
function registerUserCallback() {
console.log("Callback hit")
registerUser()
}
const {onChange, onSubmit, values} = useForm(registerUserCallback, {
name: '',
email: '',
password:'',
confirmPassword: '',
})
const [registerUser, {loading}] = useMutation(REGISTER_USER, {
update(proxy, {data: {registerUser: userData}}) {
context.login(userData)
navigate('/Dashboard')
},
onError({graphQLErrors}) {
setErrors(graphQLErrors)
console.log("Error: " + graphQLErrors)
console.log(graphQLErrors)
},
variables: {createUserInput: values}
})
However, the grapQLErrors is not even being console.logged for some reason. When I run the Mutation via Apollo Studio it works. Any information would be great!
Edit: Network Tab Screenshot:
Adding Code for my httpLink:
import { ApolloClient, InMemoryCache, createHttpLink } from "#apollo/client";
import { setContext } from "#apollo/client/link/context";
const httpLink = createHttpLink({
uri: 'http://localhost:4000'
})
const authLink = setContext((_, {headers}) => {
return {
headers: {
...headers,
authorization: localStorage.getItem('token') || ""
}
}
})
export const client = new ApolloClient({
link: authLink.concat(httpLink),
cache: new InMemoryCache()
});
Edit: createUser Mutation seems to be the issue. This is the Network response error: ["GraphQLError: Unknown argument "createUserInput" on field "Mutation.createUser".","
#Mutation((returns) => User)
async createUser(#Arg('data') data:CreateUserInput, #Ctx() ctx: Context) {
const oldUser = await ctx.prisma.user.findFirst({ where: { email: data.email}})
if(oldUser) {
throw new ApolloError('A user is already registered with the email' + data.email, 'USER_ALREADY_EXISTS')
}
var encryptedPassword = await bcrypt.hash(data.password, 10)
const newUser = await ctx.prisma.user.create({
data: {
name: data.name,
email: data.email,
password: encryptedPassword
}
})
return {token: jwt.sign(newUser, 'supersecret')}
}
Here is a screen shot of my Preview in my Network...I really don't get it.
export class CreateUserInput {
#Field((type) => String)
name: string
#Field((type) => String)
email: string
#Field((type) => String)
password: string

Property 'pipe' does not exist on type 'Promise

I`m developing auth guard in nestjs, I got This error.
If I call .pipe()
async validateUser(email: string, password: string): Promise<User> {
const findUser = await this.userRepository.findOneBy({email: email, password: password });
if (!findUser) throw new NotFoundException("user not found");
return findUser;
}
login(user: User): Observable<string> {
const { email, password } = user;
return this.validateUser(email, password).pipe(
switchMap((user: User) => {
if (user) {
// create JWT - credwntials
return from(this.jwtServices.signAsync({ user }));
}
}),
);
}
This my authService.

You need transform promise to observable using from()
import { from } from 'rxjs';
login(user: User): Observable<string> {
const { email, password } = user;
return from(this.validateUser(email, password)).pipe(
switchMap((user: User) => {
if (user) {
// create JWT - credwntials
return from(this.jwtServices.signAsync({ user }));
}
}),
);

How to add custom header in NestJS GraphQL Resolver

I want to add custom header in the response of one of my GraphQL resolver Queries in Nestjs. here is the code.
#Query(() => LoginUnion)
async login(
#Args({ type: () => LoginArgs }) { LoginInfo: { email, password } } : LoginArgs
): Promise<typeof LoginUnion> {
try {
let userInfo = await this.userModel.findOne({ email, password: SHA256(password).toString() }, { 'password': false });
if (userInfo === null) {
return new CustomErrorResponse({ message: 'Wrong password or username'});
}
if (!userInfo.isVerified) {
return new CustomErrorResponse({ message: 'User in not verified'});
}
const token = await this.authentication.sign(userInfo, config.get('Secure_JWT_Sign_Key'));
// set header here
console.log('_DEBUG_ =>', token);
} catch(error) {
console.log('user.resolver.login => ', error);
return new CustomErrorResponse({ message: 'Server Exception', additonalInfo: JSON.stringify(error) });
}
}

"The model user-permissions can't be found."

System Information
Strapi Version: 3.6.5
Operating System: MacOS 11.4
Database: SQL
Node Version: 14.17.0
NPM Version: 6.14.13
Hey there,
I wanted to have a function to change the password by passing the old password and a new one. For that, I found this solution from yohanes (https://stackoverflow.com/a/65237275/9476651). Unfortunately, if I want to execute the POST request, I get the error "Error: The model users-permissions can’t be found. It’s coming from this piece of code:
const user = await strapi.query('user', 'users-permissions').findOne({ email: params.identifier });
This is the first out of maximum three times I need to use the users-permissions plugin and I am pretty sure this error will occur at the other usages as well.
Is there anyone who is able to help me?
Have a great day!
Lucas
My full code:
"use strict";
/**
* api/password/controllers/password.js
*/
const { sanitizeEntity } = require("strapi-utils");
const formatError = (error) => [
{ messages: [{ id: error.id, message: error.message, field: error.field }] },
];
module.exports = {
index: async (ctx) => {
// const params = JSON.parse(ctx.request.body);
const params = ctx.request.body;
// The identifier is required
if (!params.identifier) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.email.provide",
message: "Please provide your username or your e-mail.",
})
);
}
// The password is required
if (!params.password) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.provide",
message: "Please provide your password.",
})
);
}
// The new password is required
if (!params.newPassword) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.provide",
message: "Please provide your new password.",
})
);
}
if (!params.confirmPassword) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.provide",
message: "Please provide your new password confirmation.",
})
);
}
if (
params.newPassword &&
params.confirmPassword &&
params.newPassword !== params.confirmPassword
) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.matching",
message: "New passwords do not match.",
})
);
} else if (
params.newPassword &&
params.confirmPassword &&
params.newPassword === params.confirmPassword
) {
// Get user based on identifier
const user = await strapi
.query("user", "users-permissions")
.findOne({ email: params.identifier });
// Validate given password against user query result password
const validPassword = await strapi.plugins[
"users-permissions"
].services.user.validatePassword(params.password, user.password);
if (!validPassword) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.invalid",
message: "Identifier or password invalid.",
})
);
} else {
// Generate new hash password
const password = await strapi.plugins[
"users-permissions"
].services.user.hashPassword({
password: params.newPassword,
});
// Update user password
await strapi
.query("users-permissions")
.update({ id: user.id }, { resetPasswordToken: null, password });
// Return new jwt token
ctx.send({
jwt: strapi.plugins["users-permissions"].services.jwt.issue({
id: user.id,
}),
user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
model: strapi.query("user", "users-permissions").model,
}),
});
}
}
},
};```

This part of the code works perfectly fine.
const user = await strapi.query('user', 'users-permissions').findOne({ email: params.identifier });
The issue is with the other places where users-permissions is used. You need to use "user", "users-permissions" instead of only "users-permissions". I modified the code below so it works now.
"use strict";
/**
* api/password/controllers/password.js
*/
const { sanitizeEntity } = require("strapi-utils");
const formatError = (error) => [
{ messages: [{ id: error.id, message: error.message, field: error.field }] },
];
module.exports = {
index: async (ctx) => {
// const params = JSON.parse(ctx.request.body);
const params = ctx.request.body;
console.log("params is ", params);
// The identifier is required
if (!params.identifier) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.email.provide",
message: "Please provide your username or your e-mail.",
})
);
}
// The password is required
if (!params.password) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.provide",
message: "Please provide your password.",
})
);
}
// The new password is required
if (!params.newPassword) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.provide",
message: "Please provide your new password.",
})
);
}
if (!params.confirmPassword) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.provide",
message: "Please provide your new password confirmation.",
})
);
}
if (
params.newPassword &&
params.confirmPassword &&
params.newPassword !== params.confirmPassword
) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.password.matching",
message: "New passwords do not match.",
})
);
} else if (
params.newPassword &&
params.confirmPassword &&
params.newPassword === params.confirmPassword
) {
// Get user based on identifier
const user = await strapi
.query("user", "users-permissions")
.findOne({ email: params.identifier });
// Validate given password against user query result password
const validPassword = await strapi.plugins[
("user", "users-permissions")
].services.user.validatePassword(params.password, user.password);
if (!validPassword) {
return ctx.badRequest(
null,
formatError({
id: "Auth.form.error.invalid",
message: "Identifier or password invalid.",
})
);
} else {
// Generate new hash password
const password = await strapi.plugins[
("user", "users-permissions")
].services.user.hashPassword({
password: params.newPassword,
});
// Update user password
await strapi
.query("user", "users-permissions")
.update({ id: user.id }, { resetPasswordToken: null, password });
// Return new jwt token
ctx.send({
jwt: strapi.plugins[("user", "users-permissions")].services.jwt.issue(
{
id: user.id,
}
),
user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
model: strapi.query("user", "users-permissions").model,
}),
});
}
}
},
};

Apollo Client Mutation get an error 400 with React Component

Mutation gql tag:
// AppAdminLoinInput is wrong spell don't focus it.
const LOGIN_MUTATION = gql`
mutation AppAdminLoinInput($email: String!, $password: String!) {
appAdminLogin(email: $email, password: $password) {
name
email
token {
accessToken
refreshToken
}
}
}
`;
Mutation Function onSubmit
onSubmitLogin = async (e, appAdminLogin) => {
const { email, password } = this.state;
e.preventDefault();
if (!validator.isEmail(email)) {
console.log("Not email format");
return;
}
if (password.length < 8) {
return;
}
appAdminLogin({
variables: {
email,
password
}
});
};
When onSubmitLogin do i get an error 400 (Bad request)
What am i do wrong?
sorry about my english skill xD

Resources