From fa21cd85519c6c2c6aa55e7c1cba04edf142b7f3 Mon Sep 17 00:00:00 2001 From: Anuj Gupta Date: Thu, 18 Dec 2025 17:16:57 +0530 Subject: [PATCH 1/3] fix(auth): return consistent error response for invalid login --- controller/auth.js | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/controller/auth.js b/controller/auth.js index 3dbca61..4852724 100644 --- a/controller/auth.js +++ b/controller/auth.js @@ -17,13 +17,14 @@ async function login(req, res) { res.json({ res: "welcome", user: userDetails }); } catch (error) { logger.error("Error while login", error); - if (error.name === "UserDoesNotExist") { - res.status(403); - res.json({ err: "Incorrect ID password" }); - } else { - res.status(500); - res.json({ err: "User doesn't exist" }); - } + if (error.name === "UserDoesNotExist" || err.name === "InvalidPassword") { + return res.status(401).json({ + err: "Incorrect username or password", + }); + } + return res.status(500).json({ + err: "Internal server error. Please try again Later.", + }); } } From 7a07335648f4e11d2bf89366385e25aad53f0ef4 Mon Sep 17 00:00:00 2001 From: Anuj Gupta Date: Thu, 18 Dec 2025 17:35:28 +0530 Subject: [PATCH 2/3] fix(auth): return consistent error response for invalid login --- controller/auth.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controller/auth.js b/controller/auth.js index 4852724..35c027f 100644 --- a/controller/auth.js +++ b/controller/auth.js @@ -17,7 +17,7 @@ async function login(req, res) { res.json({ res: "welcome", user: userDetails }); } catch (error) { logger.error("Error while login", error); - if (error.name === "UserDoesNotExist" || err.name === "InvalidPassword") { + if (error.name === "UserDoesNotExist" || error.name === "InvalidPassword") { return res.status(401).json({ err: "Incorrect username or password", }); From 01f59d97d02e98d672f31999a8f98a8bbbe9c72f Mon Sep 17 00:00:00 2001 From: Anuj Gupta Date: Thu, 18 Dec 2025 17:36:38 +0530 Subject: [PATCH 3/3] Delete controller/auth.js --- controller/auth.js | 77 ---------------------------------------------- 1 file changed, 77 deletions(-) delete mode 100644 controller/auth.js diff --git a/controller/auth.js b/controller/auth.js deleted file mode 100644 index 35c027f..0000000 --- a/controller/auth.js +++ /dev/null @@ -1,77 +0,0 @@ -import OTPStore from "#models/otpStore"; -import util, { logger } from "#util"; -import { authenticateUser, userExists, updatePassword } from "#services/user"; - -async function login(req, res) { - const { id, password } = req.body; - try { - const userValidated = await authenticateUser(id, password); - const userDetails = { - uid: userValidated.uid, - name: userValidated.name, - emailId: userValidated.emailId, - type: userValidated.userType, - }; - const token = util.generateToken(userDetails, req.ip); - userDetails.token = token; - res.json({ res: "welcome", user: userDetails }); - } catch (error) { - logger.error("Error while login", error); - if (error.name === "UserDoesNotExist" || error.name === "InvalidPassword") { - return res.status(401).json({ - err: "Incorrect username or password", - }); - } - return res.status(500).json({ - err: "Internal server error. Please try again Later.", - }); - } -} - -function validateUser(req, res) { - if (req.user) { - res.json({ res: req.user, msg: "user validated", err: null }); - } else { - res - .status(401) - .json({ res: null, msg: "unauthorised", err: "User not authorised" }); - } -} - -async function sendOTP(req, res) { - const { uid, emailId } = req.body; - if (await userExists(uid, emailId)) { - const otp = Math.floor(1000 + Math.random() * 9000); - await OTPStore.update({ uid }, { otp }); - util.sendOTP(emailId, otp); - res.json({ res: "otp sent to emailID" }); - } else { - res.json({ err: "incorrect UID or emailId" }); - } -} - -async function resetPassword(req, res) { - const { uid, otp, password } = req.body; - const storedOtp = await OTPStore.read({ uid }); - if (storedOtp[0].otp === `${otp}`) { - try { - await updatePassword(uid, password); - res.json({ res: "successfully updated password" }); - } catch (error) { - logger.error("Error while updating", error); - res.status(500); - if (error.name === "UpdateError") - res.json({ err: "Something went wrong while updating password" }); - else res.json({ err: "something went wrong" }); - } - } else { - res.json({ err: "incorrect otp" }); - } -} - -export default { - validateUser, - sendOTP, - resetPassword, - login, -};