Modify login/register handlers
alexnm opened this issue · comments
Alex Moldovan commented
The login handler should fetch the user by username and not rely on the req.user
object. There are actually a couple of changes needed
- add a call to the user repository to fetch the user by username
- move the password check inside the
if user
condition, otherwise it might fail - remove the userIdCheck middleware
- implement the same logic for the register handler