Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where is the user object coming from? #456

Open
arimourao opened this issue Dec 29, 2018 · 6 comments
Open

Where is the user object coming from? #456

arimourao opened this issue Dec 29, 2018 · 6 comments

Comments

@arimourao
Copy link

arimourao commented Dec 29, 2018
edited
Loading

Hey guys, I'm currently studying nodejs, and this boilerplate is helping me a great deal. But I got stuck in one thing. See the code below to update an user

function update(req, res, next) {
  const user = req.user;
  user.username = req.body.username;
  user.mobileNumber = req.body.mobileNumber;

  user.save()
    .then(savedUser => res.json(savedUser))
    .catch(e => next(e));
}

Is the client supposed to send the entire user in the request? If not, how is the user embedded in the request?
@okonon
Copy link

okonon commented Dec 29, 2018

few.user is not what you want. It is an object which contains information that was encoded in JWT and got decided after successfull JWT validation.

Client should send user information in req.body
And you should:

  • Select user from database fires to see if user exists
  • update user that you selected in previous step with information from req.body
  • save user to database

@arimourao
Copy link
Author

@okonon Ok tnx man. So I have to first have a succesful login through JWT so I can update the user, is that it? Can I test this using Postman?

@okonon
Copy link

okonon commented Dec 29, 2018

First check if the route that your update function is tied to is protected with JWT. If yes then you will get req.user automatically if client (Postman) sends requests with valid Authorization token (you get this token from auth endpoint)

Usually this req.user object is for checking JWT decoded info.

I think you are confusing it with user records stored in the database.

@okonon
Copy link

okonon commented Dec 29, 2018

User routes are not protected. So I think you will not get req.user object at all.

@arimourao
Copy link
Author

@okonon exactly, it is not protected. This is very confusing. How come no one noticed until now? Maybe we are missing something. This should be more clear in the documentation.

@okonon
Copy link

okonon commented Dec 29, 2018

see example pseudoscode below wrote it on my phone so I do not know if this actual code will work and I apologize for formatting

const user = User.findById(req.params.userId).then((user) => {
  //update user here
  user.username = req.body.username;
  user.mobileNumber =  req.body.mobileNumber;

  user.save()
    .then(savedUser => res.json(savedUser))
    .catch(e => next(e));
})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@okonon @arimourao