Request Body:
{
"name": "string",
"email": "string",
"password": "string"
}Success Response (201):
{
"message": "User registered successfully",
"user": {
"id": number,
"name": string | null,
"email": string
}
}- ✅ Password Hashing: Using bcrypt with salt rounds = 10
- ✅ No Password in Response: User object returned without password field
- ✅ Email Uniqueness: Prevents duplicate email registrations
- ✅ Input Validation: Comprehensive validation for all fields
- ✅ Required Fields: name, email, password must be provided
- ✅ Email Format: Valid email format validation using regex
- ✅ Password Length: Minimum 6 characters required
- ✅ Email Uniqueness: Prevents duplicate registrations
- ✅ 400 Bad Request: Invalid input data (missing fields, invalid email, short password)
- ✅ 409 Conflict: Email already exists
- ✅ Proper Error Messages: Clear, descriptive error messages
- ✅ Login Integration: Updated login to work with bcrypt passwords
- ✅ Consistent Security: All passwords now use bcrypt hashing
- ✅ JWT Generation: Seamless integration with existing auth system
- ✅ Signup user.bru - Successful registration test
- ✅ Signup - Invalid Email.bru - Email format validation test
- ✅ Signup - Short Password.bru - Password length validation test
- ✅ Signup - Duplicate Email.bru - Email uniqueness test
- ✅ Signup - Missing Fields.bru - Required fields validation test
# ✅ Successful signup
POST /auth/signup -> 201 Created
Response: {"message":"User registered successfully","user":{"id":3,"name":"Test User","email":"test@example.com"}}
# ✅ Duplicate email
POST /auth/signup -> 409 Conflict
Response: {"message":"User with this email already exists","error":"Conflict","statusCode":409}
# ✅ Invalid email
POST /auth/signup -> 400 Bad Request
Response: {"message":"Invalid email format","error":"Bad Request","statusCode":400}
# ✅ Short password
POST /auth/signup -> 400 Bad Request
Response: {"message":"Password must be at least 6 characters long","error":"Bad Request","statusCode":400}
# ✅ Missing fields
POST /auth/signup -> 400 Bad Request
Response: {"message":"Name, email, and password are required","error":"Bad Request","statusCode":400}
# ✅ Login with new user
POST /auth/login -> 200 OK
Response: {"userId":3,"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}
# ✅ Login with seed users (after bcrypt migration)
POST /auth/login -> 200 OK
- alfredo@mail.test / password -> {"userId":1,"access_token":"..."}
- jane@mail.test / password -> {"userId":2,"access_token":"..."}/src/auth/auth.service.ts- Added signup method and bcrypt password verification/src/auth/auth.controller.ts- Added signup endpoint/prisma/seed.ts- Updated to use bcrypt passwords and properly update existing users
/bruno/aschat/Auth/Signup user.bru/bruno/aschat/Auth/Signup - Invalid Email.bru/bruno/aschat/Auth/Signup - Short Password.bru/bruno/aschat/Auth/Signup - Duplicate Email.bru/bruno/aschat/Auth/Signup - Missing Fields.bru
bcrypt- Secure password hashing@types/bcrypt- TypeScript definitions
All MD5 password hashing has been successfully replaced with bcrypt:
- New user signups use bcrypt with salt rounds = 10
- Login authentication uses bcrypt.compare()
- Existing seed users updated to bcrypt passwords
- Seed file now properly updates existing users with new password hashes
The signup endpoint is fully functional and ready for production use. Future enhancements could include:
- Email verification workflow
- Password strength requirements (uppercase, numbers, special characters)
- Rate limiting for signup attempts
- User profile completion flow
- Welcome email notifications
Status: ✅ COMPLETED AND TESTED - All authentication now uses secure bcrypt hashing