[Solved] Examine this LocalStrategy validate method:async validate(username: string, password: string) { const user = await this.authService.... }What is the main issue with this implementation? | NestJS

NestJS - Authentication

Examine this LocalStrategy validate method:

async validate(username: string, password: string) {
  const user = await this.authService.validateUser(username, password);
  if (!user) {
    return null;
  }
  return user;
}

What is the main issue with this implementation?

AUsing await with validateUser which should be synchronous

BReturning null instead of throwing an UnauthorizedException when user is not found

CNot hashing the password before validation

DReturning the user object directly without removing sensitive data

Step-by-Step Solution

Solution:

Step 1: Understand the validate method's role
The validate method must reject invalid credentials by throwing an UnauthorizedException.
Step 2: Analyze the current behavior
Returning null when the user is not found will not trigger the proper authentication failure response.
Final Answer:
Returning null instead of throwing an UnauthorizedException when user is not found -> Option B
Quick Check:
Authentication failure must throw UnauthorizedException [OK]

Quick Trick: Always throw UnauthorizedException on invalid credentials [OK]

Common Mistakes:

Returning null instead of throwing an exception
Not awaiting asynchronous calls
Not handling invalid credentials properly

Master "Authentication" in NestJS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Perf

More NestJS Quizzes

Examine this LocalStrategy validate method:

Step 1: Understand the validate method's role

Step 2: Analyze the current behavior

Final Answer:

Quick Check:

Want More Practice?