19 replies

Implementing login with Prisma

Below is the source code of my api but I figure out that any one entering credentials when an entered email resemble that of the one in the database, the user is authenticated without checking the corresponding password, how can I fix this, as the stored password is hashed?

import { NextResponse,type NextRequest } from "next/server"; 
 import prisma from "@/prisma/client"; 
 import {Redis} from "@upstash/redis" 
  
  
 const redis = Redis.fromEnv(); 
  
 export async function POST(req: NextRequest, res: NextResponse) { 
   try { 
     const body = await req.json(); 
     const { email, password } = body; 
  
     console.time() 
  
     if (!email || !password) { 
       return new NextResponse("Email and password are required", { status: 400 }); 
     } 
  
     const user = await prisma.user.findFirst({ 
       where: { 
         email: email as string, 
         role: "ADMIN", 
         ustate:"NON_BLOCKED", 
       }, select: { 
         id: true, 
         email: true, 
         name: true, 
         image: true, 
         role:true 
       }, 
     }); 
  
     if (!user) { 
       return new NextResponse("User not found", { status: 404 }); 
     } 
  
     const member = await redis.set("user",user) 
     console.log(member) 
  
     const response = { 
       message: "Authenticated!", 
     }; 
  
     console.timeEnd() 
  
     return new Response(JSON.stringify(response), { 
       status: 200, 
     }); 
  
  
   } catch (error) { 
     console.error("Error fetching user:", error); 
     return new NextResponse("Internal Error", { status: 500 }); 
   } 
 }

import { NextResponse,type NextRequest } from "next/server"; 
 import prisma from "@/prisma/client"; 
 import {Redis} from "@upstash/redis" 
  
  
 const redis = Redis.fromEnv(); 
  
 export async function POST(req: NextRequest, res: NextResponse) { 
   try { 
     const body = await req.json(); 
     const { email, password } = body; 
  
     console.time() 
  
     if (!email || !password) { 
       return new NextResponse("Email and password are required", { status: 400 }); 
     } 
  
     const user = await prisma.user.findFirst({ 
       where: { 
         email: email as string, 
         role: "ADMIN", 
         ustate:"NON_BLOCKED", 
       }, select: { 
         id: true, 
         email: true, 
         name: true, 
         image: true, 
         role:true 
       }, 
     }); 
  
     if (!user) { 
       return new NextResponse("User not found", { status: 404 }); 
     } 
  
     const member = await redis.set("user",user) 
     console.log(member) 
  
     const response = { 
       message: "Authenticated!", 
     }; 
  
     console.timeEnd() 
  
     return new Response(JSON.stringify(response), { 
       status: 200, 
     }); 
  
  
   } catch (error) { 
     console.error("Error fetching user:", error); 
     return new NextResponse("Internal Error", { status: 500 }); 
   } 
 }

import { NextResponse,type NextRequest } from "next/server"; 
 import prisma from "@/prisma/client"; 
 import {Redis} from "@upstash/redis" 
  
  
 const redis = Redis.fromEnv(); 
  
 export async function POST(req: NextRequest, res: NextResponse) { 
   try { 
     const body = await req.json(); 
     const { email, password } = body; 
  
     console.time() 
  
     if (!email || !password) { 
       return new NextResponse("Email and password are required", { status: 400 }); 
     } 
  
     const user = await prisma.user.findFirst({ 
       where: { 
         email: email as string, 
         role: "ADMIN", 
         ustate:"NON_BLOCKED", 
       }, select: { 
         id: true, 
         email: true, 
         name: true, 
         image: true, 
         role:true 
       }, 
     }); 
  
     if (!user) { 
       return new NextResponse("User not found", { status: 404 }); 
     } 
  
     const member = await redis.set("user",user) 
     console.log(member) 
  
     const response = { 
       message: "Authenticated!", 
     }; 
  
     console.timeEnd() 
  
     return new Response(JSON.stringify(response), { 
       status: 200, 
     }); 
  
  
   } catch (error) { 
     console.error("Error fetching user:", error); 
     return new NextResponse("Internal Error", { status: 500 }); 
   } 
 }

import { NextResponse,type NextRequest } from "next/server"; 
 import prisma from "@/prisma/client"; 
 import {Redis} from "@upstash/redis" 
  
  
 const redis = Redis.fromEnv(); 
  
 export async function POST(req: NextRequest, res: NextResponse) { 
   try { 
     const body = await req.json(); 
     const { email, password } = body; 
  
     console.time() 
  
     if (!email || !password) { 
       return new NextResponse("Email and password are required", { status: 400 }); 
     } 
  
     const user = await prisma.user.findFirst({ 
       where: { 
         email: email as string, 
         role: "ADMIN", 
         ustate:"NON_BLOCKED", 
       }, select: { 
         id: true, 
         email: true, 
         name: true, 
         image: true, 
         role:true 
       }, 
     }); 
  
     if (!user) { 
       return new NextResponse("User not found", { status: 404 }); 
     } 
  
     const member = await redis.set("user",user) 
     console.log(member) 
  
     const response = { 
       message: "Authenticated!", 
     }; 
  
     console.timeEnd() 
  
     return new Response(JSON.stringify(response), { 
       status: 200, 
     }); 
  
  
   } catch (error) { 
     console.error("Error fetching user:", error); 
     return new NextResponse("Internal Error", { status: 500 }); 
   } 
 }

Implementing login with Prisma

Similar Threads

Similar Threads

Similar Threads