Bug in Express js/Node js enpoint login not working properly

Question

I have a simple CRUD application that allows users to register and log in There is a registration endpoint in General.js, this works fine and the login prints

"message": "Invalid login. Please check username and password"

- index.js
- router
- - general.js
- - auth_users.js
- - booksdb.js

Register on Postman

When I log into the endpoint in auth_users.js

This is the login code of auth_users.js. It has a login endpoint, which is mainly the express function responsible for login. regd_users.post()

const express = require('express');
const jwt = require('jsonwebtoken');
let books = require("./booksdb.js");
const regd_users = express.Router();

let users = [];

const isValid = (username)=>{ //returns boolean
//write code to check is the username is valid
let userswithsamename = users.filter((user)=>{
    return user.username === username
  });
  if(userswithsamename.length > 0){
    return true;
  } else {
    return false;
  }
}

const authenticatedUser = (username,password)=>{ //returns boolean
//write code to check if username and password match the one we have in records.
let validusers = users.filter((user)=>{
    return (users.username === username &&users.password === password)
  });
  if(validusers.length > 0){
    return true;
  } else {
    return false;
  }
}
 
//only registered users can login
regd_users.post("/login", (req,res) => {

    const username = req.query.username;
    const password = req.query.password;
    if (!username || !password) {
        return res.status(404).json({message: "Error logging in"});
    }
    if (authenticatedUser(username,password)) {
      let accessToken = jwt.sign({
        data: password
      }, 'access', { expiresIn: 60 * 60 });
      req.session.authorization = {
        accessToken,username
    }
    return res.status(200).send("User successfully logged in");
    } else {
      return res.status(208).json({message: "Invalid Login. Check username and password"});
}
});

// Add a book review
regd_users.put("/auth/review/:isbn", (req, res) => {
  //Write your code here
  return res.status(300).json({message: "Yet to be implemented"});
});

module.exports.authenticated = regd_users;
module.exports.isValid = isValid;
module.exports.users = users;

Answer 1

Based on the code provided, there appears to be an issue that may cause the "Invalid Login" message.

Compare username and password in authenticatedUser function: In the authenticatedUser function, you filter the users array for matching usernames and passwords. However, there are issues with the filtering functionality. Instead of using users.username and users.password, use user.username and user.password. This variable should be singular because it represents each element in the users array during the iteration.

Change this line:

return (users.username === username && users.password === password)

to:

return (user.username === username && user.password === password)