1
00:00:00,640 --> 00:00:01,750
Welcome back.

2
00:00:01,870 --> 00:00:04,070
We have our final end point.

3
00:00:04,090 --> 00:00:09,010
Sign in where we're finally able to sign in users.

4
00:00:09,120 --> 00:00:14,110
Now there might be something that you have realized when we were working on register.

5
00:00:14,490 --> 00:00:26,590
That is we're inserting the user with email, name and joined, but we're never updating our login table.

6
00:00:26,800 --> 00:00:36,190
If I do select star from login, well we have nothing there.

7
00:00:37,080 --> 00:00:38,010
That's not good is it.

8
00:00:38,010 --> 00:00:43,980
We want to create something every time a new user logs in and actually capture their passwords or the

9
00:00:43,980 --> 00:00:45,300
hash of their passwords.

10
00:00:46,470 --> 00:00:51,810
So let's work on that in this video. In order for us to do this.

11
00:00:51,850 --> 00:00:58,300
We first need to register a user and grab their passwords.

12
00:00:59,650 --> 00:01:05,650
Now for us to do this we need to insert into another database.

13
00:01:05,720 --> 00:01:10,000
But first let's use bcrypt to hash out a password that we get.

14
00:01:10,200 --> 00:01:17,730
If you remember we already have bcrypt installed and it's from a previous video we can go back to the

15
00:01:17,970 --> 00:01:24,540
bcrypt Node.js package and although I've shown you the asynchronous way of doing things we're going to

16
00:01:24,540 --> 00:01:27,970
do the synchronous one because it's simpler.

17
00:01:28,200 --> 00:01:33,120
Just keep in mind that with synchronous it means that as this is working javascript is not going to

18
00:01:33,120 --> 00:01:39,120
get executed on the next line versus with asynchronous if you run bcrypt hash,

19
00:01:39,120 --> 00:01:41,080
Javascript keeps executing.

20
00:01:41,220 --> 00:01:44,130
And then when this returns it will come back here.

21
00:01:45,050 --> 00:01:48,200
This way is just a little bit cleaner for now.

22
00:01:48,200 --> 00:01:50,510
So we'll use this code example.

23
00:01:51,080 --> 00:01:59,700
We will copy this, go to our register, and in here - we don't want to compare yet.

24
00:01:59,750 --> 00:02:10,250
We just want to store, so we can say const hash we want to bcrypt the password.

25
00:02:10,280 --> 00:02:15,360
So let's change this to password.

26
00:02:15,580 --> 00:02:22,780
And now that we have the password hash we need to make sure that we update the users as well as the

27
00:02:22,780 --> 00:02:28,480
login table so that we don't have an issue

28
00:02:32,880 --> 00:02:36,020
like this where we have these users.

29
00:02:36,240 --> 00:02:44,640
But if we go to the logon Well we have absolutely nothing.

30
00:02:44,640 --> 00:02:54,090
So to avoid this we have an important concept of transactions and transactions are these code blocks

31
00:02:54,180 --> 00:03:01,740
that we can add to make sure that when we're doing multiple operations on a database if one fails then

32
00:03:01,740 --> 00:03:02,750
they all fail.

33
00:03:02,880 --> 00:03:09,600
If for some reason, I can't enter something in the users table, but I can in login, as long as it's wrapped

34
00:03:09,600 --> 00:03:14,410
around a transaction they both fail so that I never have these inconsistencies.

35
00:03:14,670 --> 00:03:15,950
Let me show you how to do that.

36
00:03:17,060 --> 00:03:25,390
With the users table I want to have this part. I'm going to indent it a little bit.

37
00:03:25,450 --> 00:03:34,810
And before we do the users, I want to create a transaction. I'm going to say DB dot transaction and now

38
00:03:34,810 --> 00:03:42,940
we have a transaction in KNEX and if we go to the KNEX they have transactions and you can read

39
00:03:42,940 --> 00:03:46,230
about them here and SQL has transaction as well.

40
00:03:49,450 --> 00:03:59,680
If we go back this transaction gets a trx parameter that we can now use instead set of the DB to make

41
00:03:59,680 --> 00:04:09,460
sure that whatever we do is a transaction. The first transaction we want to do is that we want to insert

42
00:04:11,460 --> 00:04:24,960
into the users or into the login the hash in the email, so we can say hash email or hash hash that we

43
00:04:24,960 --> 00:04:30,870
just received from bcrypt, and then email which we just got from request dot body.

44
00:04:34,470 --> 00:04:37,530
Instead of just doing this syntax which we can do as well.

45
00:04:37,800 --> 00:04:39,420
We can do into

46
00:04:42,950 --> 00:04:53,590
login and then finally returning the email of the user.

47
00:04:53,720 --> 00:05:01,650
Now that we have this returned we can say dot then email because we're returning the email.

48
00:05:03,590 --> 00:05:11,170
And just to keep it separate from the request or body we'll say that this is the login email and this

49
00:05:11,170 --> 00:05:17,020
long email will now be used in here. So we can just copy and paste this

50
00:05:21,690 --> 00:05:22,620
into here.

51
00:05:24,510 --> 00:05:33,400
Just make sure the spacing is right. And we can use the log in email after we've updated the log and

52
00:05:33,400 --> 00:05:40,450
table to update the login email so we don't really change anything.

53
00:05:40,450 --> 00:05:49,210
The only thing we did was this block we moved it inside a dot then so that we first update the login

54
00:05:49,210 --> 00:05:58,430
table we get the login email and in order to make sure that these are both part of the transaction

55
00:05:58,830 --> 00:06:02,910
instead of doing DB here we have the TRX object.

56
00:06:02,970 --> 00:06:08,820
So we will do TRX and let's save and see what happens.

57
00:06:11,610 --> 00:06:16,860
And then I go back to our example here, our NodeMon.

58
00:06:16,860 --> 00:06:18,400
We have a register with John.

59
00:06:18,480 --> 00:06:21,430
If I click send.

60
00:06:21,550 --> 00:06:31,690
All right I get ID 11 John, I get e-mail if I go into the logon.

61
00:06:31,960 --> 00:06:33,940
I don't have login here.

62
00:06:34,060 --> 00:06:37,030
If I go into users I don't have John either.

63
00:06:37,060 --> 00:06:38,630
So something must have gone wrong.

64
00:06:39,880 --> 00:06:47,950
The last thing we want to do is at the end, and you can read about this in the KNEX section, we can do-

65
00:06:48,240 --> 00:06:49,940
dot then

66
00:06:50,150 --> 00:06:57,520
TRX commit, because we weren't able to send these because we didn't say that if all these pass then

67
00:06:57,640 --> 00:07:00,310
commit send this transaction through.

68
00:07:00,820 --> 00:07:04,300
And if I do dot catch, I'll do

69
00:07:04,300 --> 00:07:08,670
TRX roll back

70
00:07:08,700 --> 00:07:11,800
So now let's give this a go.

71
00:07:11,830 --> 00:07:19,770
I'm going to click send, I get a response. If I go to users.

72
00:07:19,770 --> 00:07:28,000
I have John and if I go to login I have John with the hash.

73
00:07:28,000 --> 00:07:35,010
The only thing that's wrong here is that I have this syntax for the e-mail, which is not what we want.

74
00:07:35,030 --> 00:07:38,590
That's a simple fix because we're giving the login email here.

75
00:07:38,590 --> 00:07:42,620
Remember we're returning an array.

76
00:07:42,670 --> 00:07:49,790
So if I go like this let's do John 1 send

77
00:07:53,460 --> 00:07:55,170
go to our example of login.

78
00:07:55,290 --> 00:07:56,270
That looks good.

79
00:07:56,490 --> 00:08:01,670
And login our users we have John1 at gmail dot com.

80
00:08:01,770 --> 00:08:02,300
Amazing.

81
00:08:04,020 --> 00:08:09,220
So this transaction is probably the trickiest part to get used to.

82
00:08:09,420 --> 00:08:11,300
And you can see here it is a little bit.

83
00:08:11,310 --> 00:08:14,800
But once you get the syntax it becomes very easy.

84
00:08:14,970 --> 00:08:22,440
You create a transaction when you have to do more than two things at once, and you use this TRX object

85
00:08:22,620 --> 00:08:26,370
instead of the DB now, to do these operations.

86
00:08:26,370 --> 00:08:36,570
In my case I insert it into login, it returned the email, and then we use the login e-mail to also return

87
00:08:36,570 --> 00:08:46,810
another TRX transaction to insert into the users and responded with Json and then in order for this

88
00:08:46,840 --> 00:08:54,610
to get added We have to make sure that we commit and then in case anything fails we roll back the changes.

89
00:08:54,880 --> 00:09:03,220
If I enter the same user again I get unable to register. If I send the wrong information I'll get unable

90
00:09:03,220 --> 00:09:04,390
to register. Perfect.

91
00:09:07,610 --> 00:09:15,280
Now that we have this working we can finally go to our signin. we are containing the hash now on to

92
00:09:15,280 --> 00:09:20,290
our table and all we need to do now is, well let's remove this.

93
00:09:20,710 --> 00:09:38,950
And in this signin we can do a DB we'll do a select, we'll select email and hash from login.

94
00:09:38,980 --> 00:09:43,040
Dot then we'll get the e-mail and hash.

95
00:09:43,040 --> 00:09:46,820
So let's get response or in this case let's just do data

96
00:09:51,520 --> 00:09:53,950
and let's just console log to see what we receive

97
00:09:57,440 --> 00:10:06,400
I'm going to save go to signin and see if we still have something. There you go. Let's do signin body 

98
00:10:06,610 --> 00:10:13,350
John cookies I senD this. I'm not responding with anything so it hangs.

99
00:10:13,500 --> 00:10:21,630
But if I go back I see that I get e-mail and hash and I receive everything because well I haven't selected

100
00:10:21,990 --> 00:10:23,400
any specific criteria.

101
00:10:23,520 --> 00:10:33,220
We can say that now we want to do the WHERE clause where email

102
00:10:37,440 --> 00:10:41,930
equals the request

103
00:10:42,000 --> 00:10:50,110
dot body dot email. If that's the case let's save and try again, send.

104
00:10:50,280 --> 00:10:55,060
We got a syntax error because we don't need an object here.

105
00:10:55,060 --> 00:10:56,200
There you go.

106
00:10:56,530 --> 00:10:57,410
Let's try that again.

107
00:10:57,410 --> 00:10:59,030
Click send.

108
00:10:59,250 --> 00:11:01,600
This will hang so we'll cancel.

109
00:11:01,770 --> 00:11:02,700
And there you go.

110
00:11:02,700 --> 00:11:05,840
We have John's e-mail and hash.

111
00:11:06,270 --> 00:11:11,760
And now we need to check to see if John put in the right password.

112
00:11:12,040 --> 00:11:21,220
So within data here we can grab the array which is the first one.

113
00:11:21,480 --> 00:11:31,140
And now use bcrypt. And remember with bcrypt we have compare sync.

114
00:11:31,340 --> 00:11:37,040
We can simply say bcrypt dot compare sync with whatever the user entered.

115
00:11:37,030 --> 00:11:48,910
In this case request a body dot password with the hash, in our case we can just say data zero dot

116
00:11:49,060 --> 00:11:50,040
hash.

117
00:11:50,230 --> 00:11:55,200
If this returns true well let's just have a const is valid.

118
00:11:59,110 --> 00:12:01,520
In that case - let's make this a little bit smaller so you can see

119
00:12:05,960 --> 00:12:07,990
we'll say if is valid

120
00:12:10,910 --> 00:12:12,710
this will return true or false.

121
00:12:12,740 --> 00:12:17,130
We'll do a response dot Json with the user information.

122
00:12:17,210 --> 00:12:24,830
So we'll have to do a DB dot select star from

123
00:12:27,370 --> 00:12:30,520
users dot where

124
00:12:33,390 --> 00:12:46,220
email equals to  request dot body dot email then we'll get the user.

125
00:12:46,300 --> 00:12:49,090
And finally within here we can

126
00:12:54,020 --> 00:13:02,740
move this to response dot Json user array first item.

127
00:13:03,150 --> 00:13:06,810
And if there's some issue getting that down we'll say catch

128
00:13:11,070 --> 00:13:11,760
error response dot

129
00:13:11,790 --> 00:13:26,370
Json we'll do status again 400 Json unable to get user, and also down here because we're still doing

130
00:13:26,370 --> 00:13:29,090
the database search right here.

131
00:13:29,250 --> 00:13:35,190
And this doesn't need to be a transaction because, well we're just checking, we're not modifying any of

132
00:13:35,190 --> 00:13:37,950
the database items in here. We can say dot catch

133
00:13:41,760 --> 00:13:42,990
if there's an error.

134
00:13:43,290 --> 00:13:55,910
We can just respond dot status 400 This time we can say wrong credentials.

135
00:13:56,120 --> 00:13:57,130
All right let's give that a go.

136
00:13:57,140 --> 00:14:01,110
I'm going to save no errors here.

137
00:14:01,110 --> 00:14:04,800
Fine go back to postman and click.

138
00:14:04,820 --> 00:14:08,360
John cookies send.

139
00:14:08,550 --> 00:14:09,600
I get it 200.

140
00:14:09,620 --> 00:14:15,320
OK but I didn't receive a user so let's console log here.

141
00:14:20,410 --> 00:14:22,780
And this is a simple error.

142
00:14:22,930 --> 00:14:31,680
We always want to make sure that we're returning this so that this database knows about it.

143
00:14:31,680 --> 00:14:33,150
We always want to make sure we're returning.

144
00:14:33,150 --> 00:14:34,800
Let's try that again.

145
00:14:34,800 --> 00:14:40,780
I'm going to send with the right information with password cookies.

146
00:14:40,780 --> 00:14:42,850
All right I got 200.

147
00:14:43,000 --> 00:14:45,310
But let's do a console log here.

148
00:14:46,710 --> 00:14:51,120
Is valid. We'll save and see what we get here.

149
00:14:51,120 --> 00:14:55,190
We're going to send OK.

150
00:14:55,350 --> 00:14:59,820
Is valid is running and then users is zero.

151
00:14:59,820 --> 00:15:03,750
So we're not grabbing the users properly.

152
00:15:03,750 --> 00:15:04,420
Let's see why.

153
00:15:07,060 --> 00:15:09,580
And that is because our e-mail for John.

154
00:15:09,580 --> 00:15:14,410
Remember we made a mistake of not returning it properly.

155
00:15:14,410 --> 00:15:19,420
So let's register a new user and make sure that they have the right password.

156
00:15:19,900 --> 00:15:33,460
We'll go back to register we'll register with Eddy password it will be hello and his name will be Andy

157
00:15:33,490 --> 00:15:37,770
We'll click send. Perfect.

158
00:15:37,960 --> 00:15:40,810
And now if we sign in with Eddy

159
00:15:44,540 --> 00:15:47,870
you don't need to send the name just the password.

160
00:15:48,390 --> 00:15:51,840
If we click send.

161
00:15:51,940 --> 00:15:54,770
All right we've got 200.

162
00:15:54,820 --> 00:15:56,150
Looks like it's working.

163
00:15:57,510 --> 00:16:02,320
But if Eddy enters the wrong password.

164
00:16:02,390 --> 00:16:02,610
All right.

165
00:16:02,630 --> 00:16:03,740
This is still hanging.

166
00:16:03,770 --> 00:16:08,420
Because we never stated if this is false what should happen.

167
00:16:09,550 --> 00:16:23,230
In our case we want to say response dot status 400 dot Json wrong credentials and make sure

168
00:16:23,230 --> 00:16:26,330
that I do an else statement here.

169
00:16:27,420 --> 00:16:30,160
And put that up here.

170
00:16:32,430 --> 00:16:33,000
Let's save

171
00:16:36,170 --> 00:16:40,080
Click send. Wrong credentials.

172
00:16:40,180 --> 00:16:41,350
But if I click hello

173
00:16:45,190 --> 00:16:47,020
I get Eddy.

174
00:16:47,140 --> 00:16:48,240
That is awesome.

175
00:16:48,370 --> 00:16:52,060
We have our entire signin flow working.

176
00:16:52,210 --> 00:16:54,080
We can remove the console logs here

177
00:16:56,960 --> 00:17:04,380
and now that we have everything working we have our users our new Eddy user and he's also part of the login

178
00:17:04,380 --> 00:17:13,700
with the hash with storing everything securely because in our database we never store Eddy's password.

179
00:17:13,740 --> 00:17:19,109
And we finally have our logs working. In the next video we're finally going to test all this out with

180
00:17:19,109 --> 00:17:26,310
our Front-End and hopefully everything works well and looks like we don't need this database any more.

181
00:17:26,460 --> 00:17:27,630
Good job everybody.

182
00:17:27,660 --> 00:17:29,150
I'll see you on the next one.

183
00:17:29,150 --> 00:17:29,630
Bye-bye.