diff --git a/backend/index.js b/backend/index.js index 1a6a679..f4047b6 100644 --- a/backend/index.js +++ b/backend/index.js @@ -91,11 +91,28 @@ app.all("/*", function (req, res, next) { } else return next(); }); +const validatePassword = (email, password) => { + return new Promise(function (resolve, reject) { + connection.query(`SELECT * from user WHERE email = ${mysql.escape(email)} AND deactivated = 0`, function (err, rows) { + if (err) { + return reject("error querying the database - Please contact sys admin"); + } + if (!rows.length) { + return resolve(false); + } + if (!bcrypt.compareSync(password, rows[0].password)) { + return resolve(false); + } + return resolve(rows[0]); + }); + }); +} + passport.use('local-login', new LocalStrategy({ usernameField: "email", passwordField: "password", passReqToCallback: true -}, function (req, email, password, done) { +}, async function (req, email, password, done) { if (DEBUG) { if (email === "test" && password === "test") { return done(null, { @@ -107,19 +124,18 @@ passport.use('local-login', new LocalStrategy({ }); } else return done(null, false); } - email = mysql.escape(email); - connection.query(`SELECT * from user WHERE email = ${email} AND deactivated = 0`, function (err, rows) { - if (err) { - return res.status(static.INTERNAL_SERVER_ERROR).send("error querying the database - Please contact sys admin"); + try { + let user = await validatePassword(email, password); + if (user) { + return done(null, user); } - if (!rows.length) { + else { return done(null, false); } - if (!bcrypt.compareSync(password, rows[0].password)) { - return done(null, false); - } - return done(null, rows[0]); - }) + } catch (e) { + console.log(e); + return done(null, false); + } } ));