Conversation
gbowne1
requested review from
EricKart,
Mustansir-06,
abhisheksingh1204 and
gbowne1
and removed request for
abhisheksingh1204
gbowne1
added
enhancement
…s and added test_auth
There was a problem hiding this comment.
PR #50 includes a sample .env file.
I checked out this change locally for testing and review for merge.
I found that this change is able to be merged as is but has some overlap and introduces a number of new files which turns main.js into several files.
This is fine but I think it would be best if this PR landed after the other 7 have.
Feel free to review those for possible overlapping code.
Also see comments I made in Discussion tab
There was a problem hiding this comment.
These changes seem consistent with the repository structure.
One minor suggestion:
- In HTML files, please check that all elements use consistent classes (e.g., same spacing/style).
- In JS, adding a short comment explaining the error handling logic in login.js might improve clarity.
Thanks for this update.
|
@gbowne1 @shishir-21 merge conflicts have been resolved |
Ved178
left a comment
Ved178
left a comment
There was a problem hiding this comment.
Looks good, thank you. This is ready to merge.
|
@EricKart @Mustansir-06 @abhisheksingh1204 you are requested to review this |
|
I'm not sure at this point if we will get reviews from those three collaborators but.. who knows 🤷♂️ unless we hear from them. Right now it's only myself, @Ved178 and @shishir-21 It'll take time to find regular contributors and collaborators and maintainers. Help Wanted and Good First Issue tags on items in the Issue tab will help with this |
shishir-21
left a comment
shishir-21
left a comment
There was a problem hiding this comment.
Reviewed the PR.
Login flow and status code handling look correct.
Nice work — approved and ready to merge. 🚀
4 participants
Fixed Login API Status Codes & Add Frontend Auth UI
This PR fixes incorrect HTTP status codes in the login API and implements a complete, professional frontend authentication system.
Backend Changes:
Replaced non-standard HTTP 444 with standard HTTP 401 for password mismatches
Changed HTTP 400 to HTTP 401 for user-not-found cases to prevent email enumeration
Ensured consistent error messages for security
Kept HTTP 400 only for missing/empty fields
Frontend Changes:
Created modern login page with professional design
Created matching registration page
Implemented complete authentication flow with JWT token storage
Added theme persistence across all pages
Added login button to main navigation
Centralized all authentication styles
Testing: Back-end logic verified via unit tests confirming all status codes work correctly:
Empty credentials return 400
Invalid email returns 401
Wrong password returns 401 (previously was 444)
Valid credentials return 200 with token
End-to-end testing requires MongoDB connection. The repository does not include a MongoDB URI environment variable, so live API testing returns server errors. Unit tests confirm the logic is correct. Repository maintainers can verify full functionality after merging by adding their MongoDB connection string to the environment.
The code is complete, tested, and ready to merge. @gbowne1 You are requested to view the changes.