javascript - bcrypt / Mongoose 更改用户密码
问题描述
我正在尝试向我构建的仪表板添加更改密码选项。我的表单有三个输入,currentPassword、newPassword、confirmNewPassword。这是您对数据库的标准检查当前密码,如果匹配,则使用新密码更新它。
无论我做什么,我都无法让代码在匹配成功的地方运行(bcrypt.compare 之后的代码)。我知道我使用了正确的密码。我无法弄清楚我做错了什么。感谢帮助。
router.post("/changepassword", ensureAuthenticated, (req, res) => {
const { currentPassword, newPassword, confirmNewPassword } = req.body;
const userID = req.user.userID;
let errors = [];
//Check required fields
if (!currentPassword || !newPassword || !confirmNewPassword) {
errors.push({ msg: "Please fill in all fields." });
}
//Check passwords match
if (newPassword !== confirmNewPassword) {
errors.push({ msg: "New passwords do not match." });
}
//Check password length
if (newPassword.length < 6 || confirmNewPassword.length < 6) {
errors.push({ msg: "Password should be at least six characters." });
}
if (errors.length > 0) {
res.render("changepassword", {
errors,
name: req.user.name,
});
} else {
//VALIDATION PASSED
//Ensure current password submitted matches
User.findOne({ userID: userID }).then(user => {
//encrypt newly submitted password
bcrypt.compare(currentPassword, user.password, (err, isMatch) => {
if (err) throw err;
if (isMatch) {
console.log(user.password);
//Update password for user with new password
bcrypt.genSalt(10, (err, salt) =>
bcrypt.hash(newPassword, salt, (err, hash) => {
if (err) throw err;
user.password = hash;
user.save();
})
);
req.flash("success_msg", "Password successfully updated!");
res.redirect("/dashboard");
} else {
//Password does not match
errors.push({ msg: "Current password is not a match." });
res.render("changepassword", {
errors,
name: req.user.name,
});
}
});
});
}
});
解决方案
我弄清楚那是什么。const userID 应该设置为等于 req.user.id。然后,在我的 Mongoose 中,我应该一直使用 _id 作为查询。
router.post("/changepassword", ensureAuthenticated, (req, res) => {
const { currentPassword, newPassword, confirmNewPassword } = req.body;
const userID = req.user.id;
let errors = [];
//Check required fields
if (!currentPassword || !newPassword || !confirmNewPassword) {
errors.push({ msg: "Please fill in all fields." });
}
//Check passwords match
if (newPassword !== confirmNewPassword) {
errors.push({ msg: "New passwords do not match." });
}
//Check password length
if (newPassword.length < 6 || confirmNewPassword.length < 6) {
errors.push({ msg: "Password should be at least six characters." });
}
if (errors.length > 0) {
res.render("changepassword", {
errors,
name: req.user.name,
});
} else {
//VALIDATION PASSED
//Ensure current password submitted matches
User.findOne({ _id: userID }).then(user => {
//encrypt newly submitted password
bcrypt.compare(currentPassword, user.password, (err, isMatch) => {
if (err) throw err;
if (isMatch) {
//Update password for user with new password
bcrypt.genSalt(10, (err, salt) =>
bcrypt.hash(newPassword, salt, (err, hash) => {
if (err) throw err;
user.password = hash;
user.save();
})
);
req.flash("success_msg", "Password successfully updated!");
res.redirect("/dashboard");
} else {
//Password does not match
errors.push({ msg: "Current password is not a match." });
res.render("changepassword", {
errors,
name: req.user.name,
});
}
});
});
}
});
推荐阅读
- selenium - 当 selenium 脚本以无头模式运行时,应用程序无法录制声音
- c++ - Is it ok to have Interface with void* as arguments? what is a better practice?
- php - 如果我的 php 会话未设置,则会收到通知。如何解决这个问题?(注意:未定义的索引:myname ...)
- html - 致命:远程来源已经存在
- django - Scrapyrt 不使用回调函数
- excel - COUNTIFS、数字、通配符、公式
- java - 输入到 ArrayList Java 的整数列表
- python - 如何在pylab matplotlib python中分层嵌套子图?
- php - htaccess 将子文件夹 .php 文件重定向到斜杠
- vb.net - VB.net - ReadAllLines - 文件未声明错误