fix(validation):joi validation for login

-login data from request.body are validated by joi [Fixes #187419169]
atlp-rwanda · Apr 24, 2024 · 462f7c7 · 462f7c7
1 parent 1a54b1d
commit 462f7c7
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 6 deletions.
diff --git a/__test__/user.test.ts b/__test__/user.test.ts
@@ -63,7 +63,7 @@ test('should return 400 when registering with an invalid credential', async () =
   test("Should return status 401 to indicate Unauthorized user",async() =>{
     const loggedInUser ={
       email:userData.email,
-      password:"test",
+      password:"test12345",
     };
     const spyonOne = jest.spyOn(User,"findOne").mockResolvedValueOnce({
       //@ts-ignore

diff --git a/src/controllers/userControllers.ts b/src/controllers/userControllers.ts
@@ -33,16 +33,17 @@ export const userLogin =  async(req:Request,res:Response) =>{
   const user = await loggedInUser(email);
   const accessToken = await generateToken(user);
   if(!user){
-    res.status(404).json({
-      status:404,
-      message:'User Not Found ! Please Register new ancount'
+
+    res.status(401).json({
+      status:401,
+      message:'Invalid credentials'
     }); 
   }else{
   const match = await comparePasswords(password,user.password);
       if(!match){
         res.status(401).json({
           status:401,
-          message:' User email or password is incorrect!'
+          message:' Invalid credentials'
        });
       }else{
         res.status(200).json({

diff --git a/src/helpers/validation.ts b/src/helpers/validation.ts
@@ -0,0 +1,21 @@
+import { Request,Response,NextFunction } from "express";
+export const dataValidation = async(req:Request,res:Response,next:NextFunction,data:any) => {
+    const {error} = data.validate(req.body);
+    if(error){
+       return res.status(406)
+        .json({
+            status:406,
+            mesage:`Error in User Data : ${error.message}`
+        })
+    }
+    const allowedFields = Object.keys(data.describe().keys);
+    const unknownFields = Object.keys(req.body).filter(field => !allowedFields.includes(field));
+    if (unknownFields.length > 0) {
+        return res.status(406).json({
+            status: 406,
+            message: `Unknown fields: ${unknownFields.join(", ")}`
+        });
+    }else{
+        next();
+    }
+}
diff --git a/src/routes/userRoutes.ts b/src/routes/userRoutes.ts
@@ -9,11 +9,12 @@ import {
     validateSchema,
  } from "../middleware/validator";
 import signUpSchema from "../schemas/signUpSchema";
+import { loginSchema } from "../schemas/signUpSchema";
 
 const userRoutes = Router();
 
 userRoutes.get("/", fetchAllUsers);
-userRoutes.post('/login',userLogin);
+userRoutes.post('/login',emailValidation,validateSchema(loginSchema),userLogin);
 userRoutes.post("/register", 
  emailValidation, 
  validateSchema(signUpSchema), 

diff --git a/src/schemas/signUpSchema.ts b/src/schemas/signUpSchema.ts
@@ -18,4 +18,16 @@ export const signUpSchema = Joi.object({
         .required()
 }).options({ allowUnknown: false });
 
+
+export const loginSchema = Joi.object({
+    email: Joi.string()
+        .min(6)
+        .required()
+        .email(),
+    password: Joi.string()
+        .min(6)
+        .max(20)
+        .required()
+}).options({ allowUnknown: false });
+
 export default signUpSchema