• (nodebb)

    Even ignoring the other WTFs, the nesting also makes readability more challenging than it needs to be, you can decide for yourself if the following (also assuming the User.Query().where(...).first() is a promise) is easier to read:

    passport.authenticate('local', { session: true }, async (err, user) => {
  if (err) {
    res.send({ success: false, message: 'Error authenticating user.' })
    return;
  }

  if (!user) {
    try {
      const targetUser = await User.query()
        .where({ username: req.body.username })
        .first()

      if (!targetUser) {
        res.send({
          success: false,
          message: 'Incorrect username or password.',
        })
        return;
      }

      const hash = User.hashPassword(
        targetUser.password_salt,
        req.body.password
      )

      if (hash != targetUser.password_hash) {
        res.send({
          success: false,
          message: 'Incorrect username or password.',
        })
        return;
      }

      res.send({
        success: false,
        message: 'Incorrect username or password.',
      })
    } catch (err) {
      res.send({ success: false, message: 'Internal server error' })
    }

    return;
  }

  if (user.firstLogin) {
    //......
  }
})(req, res, next);
  • Hanzito (unregistered)

    Allowing Javascript in the backend is just begging for WTFs.

  • (author) in reply to Hanzito

    I mean, let's be honest, it creates a lot of WTFs on the front end. Sure, we can have the whole "blame the user, not the language," but JavaScript is emphatically not a sane language. It's gotten better, but the demand for backwards compatibility means that it will always remain a little insane.

  • 516052 (unregistered)

    Javascript is like that hot but crazy chick you dated in college. Oh the things she will let you do if you know how to flex her features. But she ain't the kind of girl you want to take to production.

  • Hanzito (unregistered) in reply to Remy Porter

    An external problem is that the use of JS invites inexperienced developers. Everybody can write JS, after all! So it makes the step to contributing to the back-end smaller. Then, under pressure, that fatal step is taken (Can you write JS? Good! Here's the server repo.), and before you know it, your tech debt is larger than your node_modules directory.

  • Loren Pechtel (unregistered)

    My guess: the code paths were more sane in the past and someone came through and removed all error details in the name of security. Thus a bunch of paths that do exactly the same thing.

Leave a comment on “Invalid Passport”

Log In or post as a guest

Replying to comment #691115:

Log Out

« Return to Article