search

SE310-1 / W.A.K

W.A.K is a movie tracker web-app developed to simplify and enhance the movie-rating experience while making this process more fun and customisable.
MIT License
2 stars 12 forks source link

Able to login as a user that doesn't exist #65

Closed leas022 closed 12 months ago

leas022 commented 1 year ago

Describe the bug You are able to login using made up credentials. No error message is shown to the user if the user they are trying to login as does not exist.

Test cases N/A - Identified when reviewing PR #64

When running the forked repo from PR #64 I discovered this bug:

JsonWebTokenError: jwt malformed
    at module.exports [as verify] (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\jsonwebtoken\verify.js:70:17)
    at requireAuth (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\src\middleware\requireAuth.js:14:27)
    at Layer.handle [as handle_request] (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\route.js:144:13)
    at Route.dispatch (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\route.js:114:3)
    at Layer.handle [as handle_request] (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\layer.js:95:5)
    at C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:284:15
    at param (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:365:14)
    at param (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:376:14)
    at Function.process_params (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:421:3)
JsonWebTokenError: jwt malformed
    at module.exports [as verify] (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\jsonwebtoken\verify.js:70:17)
    at requireAuth (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\src\middleware\requireAuth.js:14:27)
    at Layer.handle [as handle_request] (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\route.js:144:13)
    at Route.dispatch (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\route.js:114:3)
    at Layer.handle [as handle_request] (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\layer.js:95:5)
    at C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:284:15
    at param (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:365:14)
    at param (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:376:14)
    at Function.process_params (C:\Users\lucae\OneDrive - The University of Auckland\Desktop\UOA\2023\SOFTENG310\a2-alex\W.A.K\server\node_modules\express\lib\router\index.js:421:3)

Originally posted by @leas022 in https://github.com/SE310-1/W.A.K/issues/64#issuecomment-1735217940

To Reproduce Login using fake credentials (a user that does not actually exist).

Expected behaviour I would expect an error message to be displayed and the user to not be redirected to a logged in view.

Stack Traces Shown above.

Error Reports Shown above.

Screenshots View when logged in as a fake user. image

Device the bug was found on (please complete the following information):

Additional context N/A

MRlolface249 commented 12 months ago

I have been experiencing this bug as well, i think it might be beneficial to wait for the typescript intergration before trying to fix this issue