#API is returning unauthorized when call the login in the second to subsequent times

OBS: it's a code from nest auth tutorial: https://docs.nestjs.com/recipes/passport
Git repo: https://github.com/Mario-aj/nestjs-auth-systems/tree/main/nest-auth-tutorial

So basically it's working fine at the first time I do a login request, but the second and subsequent times it's returning 401, I just want to understand if this behavior is expected or not, because when I restart the server it works fine for the first one and then, the error again and again and again.

There is some way to fix or adjust this behavior? I want to call my login route how many times I want with the same user, and it must still authenticate my user.

import { Controller, Get, Request, Post, UseGuards } from '@nestjs/common';
import { JwtAuthGuard } from './auth/jwt-auth.guard';
import { LocalAuthGuard } from './auth/local-auth.guard';
import { AuthService } from './auth/auth.service';
import { PublicRoute } from './utils/public-routes.decorator';

@Controller()
export class AppController {
  constructor(private authService: AuthService) {}

  @PublicRoute()
  @Post('auth/login')
  @UseGuards(LocalAuthGuard)
  async login(@Request() req) {
    return this.authService.login(req.user);
  }

  @UseGuards(JwtAuthGuard)
  @Get('profile')
  getProfile(@Request() req) {
    return req.user;
  }
}

import { ExecutionContext, Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { Observable } from 'rxjs';

@Injectable()
export class LocalAuthGuard extends AuthGuard('local') {
  canActivate(
    context: ExecutionContext,
  ): boolean | Promise<boolean> | Observable<boolean> {
    return super.canActivate(context);
  }
}

import { ExecutionContext, Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { Observable } from 'rxjs';

@Injectable()
export class LocalAuthGuard extends AuthGuard('local') {
}

First of all why do you want to login the user when it's already logged in?

@unreal harness For testing.

I'm currently exploring backend development, and I'm pretty new to all of this. I'm not quite sure if what I'm experiencing is the expected behavior, so I thought I'd ask for some clarification and better understanding.

Can I see the public route decorator?

sure thing. here you are https://github.com/Mario-aj/nestjs-auth-systems/blob/main/nest-auth-tutorial/src/utils/public-routes.decorator.ts

Im not sure but I recall something that you need to add the public decorator after the guard decorator

I'll test it right now

Also why do you use a guard in login route

That's the local auth guard, which set the passport strategy to local. So copy that from the nest auth tutorial.

Oh yeah, sorry I got confused because I have the guard on the controller

So, I've changed the order of the decorators, but the problem remains. The first one was fine, but the subsequent ones were not

Maybe there's something in the local strategy

This is my local strategy file

Is there something wrong with the strategy setup, or is everything okay?

I suppose it has nothing to do with the module ref but just in case I think you can just inject the service directly

Can I see the validate method?

yeh, sure.

I'll change the strategy to inject the authservice directly

I've just changed it, but...

I forgot to send you the findOne method implementation from usersService

Are you getting the user from the find one method every time?

Wait I think the problem is the delete user.passowrd

Since it's saved in memory

Thanks for this question bro! I found the error.

Yeh, you're right, the problem is the delete statement

Thanks man

What was the purpose of that delete anyway

Pa eso estamo