Is it correct to make a user authentication by the backend return message?

Asked

Viewed 79 times

3

Good afternoon, you guys!

Earlier I took a question regarding user authentication in my application and after some good tips I was able to authenticate my user, the doubt now is whether the method applied to validate is correct:

Follows code snippet:

This is my backend, done in python:

class Login(Resource):
    def post(self):
        parser.add_argument('username', type=str)
        parser.add_argument('password', type=str)
        args = parser.parse_args()
        print(args)
        password = hashlib.md5(args['password'].encode('utf-8')).hexdigest()
        sql = "SELECT * FROM usuarios WHERE username = (%s) and password = (%s)"
        value = (args['username'], password)
        dbcursor.execute(sql, value)
        result = dbcursor.fetchall()
        print(result)
        if len(result) > 0:
            return {"message": "user valido"}
        else:
            return {"message": "user invalido"}

And this is my Angular component:

 this.authService
    .authenticate(username, password)
.subscribe((res) => {
  if(res ["message"] == 'user valido') {
    this.router.navigate(['dashboard'])
  }
  else {
    console.log('user invalido')
  }

Basically I send a POST to my server and it will check if the user exists in the database, if there will return me a JSON with the message "valid user", if it does not exist returns the message "invalid user". If validated it will direct me to the /Dashboard route.

It is correct that I validate the user according to the JSON q message I receive from my server as I am doing ?

python json angular http auth

  • Why you do not return true/false?

  • Filipe, you say that instead of returning: Return {"message": "user invalido"} or Return {"message": "user valido"} return a true or false? In that case I would have to change my component in Angular for if I received true or false and then I would still, no ?

  • 1

    Return true; or Return {"message": true}

1 answer

3

It is correct that I validate the user according to the JSON message I receive from my server like I’m doing ?

Not ideal, prefer to return http status code success 2xx if login was successful and http status code 401 if it is not possible to log in.

Suggestions:

  1. optimize query query, for example:

    "SELECT COUNT(username,password) FROM usuarios WHERE username = (%s) and password = (%s) LIMIT 1"

  2. do not make the conditional logic to redirect based on body text.

    res ["message"] == 'validated user'

  • Speak Pedro, will you? Very good your suggestions, I applied the SQL, but referring to your 2nd suggestion, in both cases my backend returns 2xx, being invalid or not, the difference is that if it is invalid it does not let me go to another route, how can I apply ?

  • 1

    So, the very first step to be corrected is the backend. If not to follow this premise any other if/Else done on the front can help but is not ideal.

Browser other questions tagged python json angular http auth

You are not signed in. Login or sign up in order to post.