function login(email, password, callback) {
const bcrypt = require('bcrypt');
const MongoClient = require('mongodb@4.1.0').MongoClient;
const url = 'mongodb+srv://<userName>:'+configuration.password+'@cluster0.<>.mongodb.net/?retryWrites=true&w=majority';
const client = new MongoClient(url, { useNewUrlParser: true } );
client.connect(function (err) {
if (err) return callback(err);
const db = client.db('db-name');
const users = db.collection('users');
users.findOne({ email: email }, function (err, user) {
if (err || !user) {
client.close();
return callback(err || new WrongUsernameOrPasswordError(email));
}
console.log(user.password); // returns undefined
bcrypt.compare(password, user.password, function (err, isValid) {
client.close();
if (err || !isValid) return callback(err || new WrongUsernameOrPasswordError(email));
return callback(null, {
user_id: user._id.toString(),
nickname: user.nickname,
email: user.email
});
});
});
});
}
social signUp returns no password and i would like to know how auth0 verifies already registered user. currently i have noticed that auth0 will login user, registered or not and will only throw “data and hash arguments required” , actions never gets triggered but works fine on test, i’m confused and i cant find any straight forward documentation.
1 Like
Hi @nattyjojo,
Welcome to the Auth0 Community!
This looks like a custom DB connection. In a custom DB there is no social signup, they would occur in a separate social connection.
Can you provide some additional info? I’m having a hard time understanding the root of the problem. Thank you!
exports.onExecutePostLogin = async (event, api) => {
const MongoClient = require('mongodb').MongoClient;
const user = event.user
const url = 'mongodb+srv://sdfghjkllkjhg:'+event.secrets.password+'@cluster0.za2rhu2.mongodb.net/?retryWrites=true&w=majority';
const client = new MongoClient(url);
try {
await client.connect();
const db = client.db('db-name');
const users = db.collection('users');
const existingUser = await users.findOne({ email: user.email });
if (!existingUser) {
// User not found in the database
await client.close();
//api.access.deny(`Access to ${event.client.name} is not allowed.`)
api.redirect.sendUserTo(event.secrets.redirect)
return;
}
// Additional logic if the user exists
client.close();
} catch (err) {
// Handle errors gracefully
console.error('Error in PostLogin flow:', err);
client.close();
}
};
i wish to return users Home if they don’t exist on my custom database, reason why is because Auth0 grants access to user on login even without been registered. the Action is fine but i have a problem with api.access.deny(
Access to ${event.client.name} is not allowed.)
and api.redirect.sendUserTo(event.secrets.redirect)
, when comment out the api.access.deny(
Access to ${event.client.name} is not allowed.)
, user never gets redirected, also when i have just api.redirect.sendUserTo(event.secrets.redirect)
the redirect works fine but auth0 assigns cookies to user which means is a valid user,. i still don’t understand why.
my main problem is that i want only registered users to be able to login, i dont want to register users on first login attempt and also
import { handleAuth, handleLogin } from "@auth0/nextjs-auth0";
export const GET = handleAuth({
login: handleLogin({
authorizationParams: {
prompt: "login",
},
returnTo: "/profile",
}),
signup: handleLogin({
authorizationParams: {
prompt: "login",
screen_hint: "signup",
},
returnTo: "/profile",
}),
});
this leads to same login page. i want to have two buttons, one for login and the other for sign up, i can’t find direct end point for registration . every user is listed on my user management including those that couldn’t pass Action