fix(validation):joi validation for login

-login data from request.body are validated by joi

[Fixes #187419169]

__test__/user.test.ts

@@ -63,7 +63,7 @@ test('should return 500 when registering with an invalid credential', async () =
   test("Should return status 401 to indicate Unauthorized user",async() =>{
     const loggedInUser ={
       email:userData.email,
-      password:"test",
+      password:"test12345",
     };
     const spyonOne = jest.spyOn(User,"findOne").mockResolvedValueOnce({
       //@ts-ignore

package.json

@@ -52,7 +52,9 @@
     "cross-env": "^7.0.3",
     "cryptr": "^6.3.0",
     "dotenv": "^16.4.5",
+    "email-validator": "^2.0.4",
     "express": "^4.19.2",
+    "joi": "^17.12.3",
     "jsonwebtoken": "^9.0.2",
     "path": "^0.12.7",
     "pg": "^8.11.5",

src/controllers/userControllers.ts

@@ -33,16 +33,17 @@ export const userLogin =  async(req:Request,res:Response) =>{
   const user = await loggedInUser(email);
   const accessToken = await generateToken(user);
   if(!user){
-    res.status(404).json({
-      status:404,
-      message:'User Not Found ! Please Register new ancount'
+
+    res.status(401).json({
+      status:401,
+      message:'Invalid credentials'
     }); 
   }else{
   const match = await comparePasswords(password,user.password);
       if(!match){
         res.status(401).json({
           status:401,
-          message:' User email or password is incorrect!'
+          message:' Invalid credentials'
        });
       }else{
         res.status(200).json({

src/helpers/validation.ts

@@ -0,0 +1,21 @@
+import { Request,Response,NextFunction } from "express";
+export const dataValidation = async(req:Request,res:Response,next:NextFunction,data:any) => {
+    const {error} = data.validate(req.body);
+    if(error){
+       return res.status(406)
+        .json({
+            status:406,
+            mesage:`Error in User Data : ${error.message}`
+        })
+    }
+    const allowedFields = Object.keys(data.describe().keys);
+    const unknownFields = Object.keys(req.body).filter(field => !allowedFields.includes(field));
+    if (unknownFields.length > 0) {
+        return res.status(406).json({
+            status: 406,
+            message: `Unknown fields: ${unknownFields.join(", ")}`
+        });
+    }else{
+        next();
+    }
+}

src/middlewares/joiValidation.ts

@@ -0,0 +1,11 @@
+import Joi from "joi";
+import { Request,Response,NextFunction } from "express";
+import { dataValidation } from "../helpers/validation";
+  const loginValidation:any = Joi.object({
+        email:Joi.string().email().trim(true).required(),
+        password:Joi.string().min(8).trim(true).required(),
+    }).options({ abortEarly: false });
+
+export const loginDataValidation = async(req:Request,res:Response,next:NextFunction) =>{
+   await dataValidation(req,res,next,loginValidation);
+};

src/routes/userRoutes.ts

@@ -4,12 +4,12 @@ import {
     createUserController,
     userLogin  } 
 from "../controllers/userControllers";
-
+import { loginDataValidation } from "../middlewares/joiValidation";
 const userRoutes = Router();
 
 userRoutes.get("/", fetchAllUsers);
-userRoutes.post('/login',userLogin);
-userRoutes.post("/register", createUserController)
+userRoutes.post('/login',loginDataValidation,userLogin);
+userRoutes.post("/register", createUserController);
 
 
 export default userRoutes;