node.js - 数据库JWT中不存在用户?
问题描述
所以我在使用 JWT 令牌进行用户身份验证时遇到了一个小问题。当我登录时,它返回给我“用户不存在”,尽管数据库中显然有一个用户。我试图通过不在数据库中查找密码并进行比较来解决它并且它有效,但我的问题是我如何比较猫鼬数据库中的密码并检查用户是否存在?
登录路径:
//create route for sign in
router.post('/signin', async (req, res) => {
//destructure email and password from req.body
const user = await User.findOne({
email: req.body.email,
password: req.body.password,
})
if (!user) res.status(400).send({ message: 'User doesnt exist' })
else {
const valid = compare(req.body.password, user.password)
if (!valid) res.send(400).send({ message: 'Password doesnt match' })
if (valid) {
const accesstoken = createAccessToken(user._id)
const refreshtoken = createRefreshToken(user._id)
return res.send({
email: user.email,
refreshtoken: user.refreshtoken,
sendAccessToken: sendAccessToken(req, accesstoken),
sendRefreshToken: sendRefreshToken(refreshtoken),
})
}
}
})
用户型号:
const mongoose = require('mongoose')
// const SALT_WORK_FACTOR = 10
// const bcrypt = require('bcryptjs')
//how a user will be stored in the mongodb schema
const userSchema = new mongoose.Schema({
name: { type: String, required: true, index: { unique: true } },
email: { type: String, required: true, unique: true, dropDups: true },
password: { type: String, required: true, minlength: 6, trim: true },
isAdmin: { type: Boolean, required: true, default: false },
refreshtoken: { type: String },
})
const userModel = mongoose.model('Users', userSchema)
module.exports = userModel
登录页面:
import React, { useState, useEffect, useContext } from 'react'
import { userContext } from '../../App'
// import { useDispatch, useSelector } from 'react-redux'
// import { login } from '../../actions/userActions'
function Login(props) {
const [email, setEmail] = useState('')
const [password, setPassword] = useState('')
const [user, setUser] = useContext(userContext)
//acces the userLogin from redux store
// const userLogin = useSelector((state) => state.userLogin)
// const { loading, userInfo, error } = userLogin
// const dipsatch = useDispatch()
// useEffect(() => {
// if (userInfo) {
// props.history.push('/')
// }
// }, [userInfo])
//handlesubmit
const handleSubmit = async (e) => {
e.preventDefault()
const result = await (
await fetch('http://localhost:5000/users/signin', {
method: 'POST',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email,
password,
}),
})
).json()
if (result.accesstoken) {
setUser({
accesstoken: result.accesstoken,
})
window.location = '/'
} else {
alert(result.error)
}
}
useEffect(() => {
console.log(user)
}, [user])
return (
<div>
<h1 className="login-h">Login</h1>
<form onSubmit={handleSubmit} className="login">
<div className="login-form">
<label>email</label>
<br />
<input
type="email"
placeholder="username or email"
for="email"
onChange={(e) => setEmail(e.target.value)}
></input>
<br />
<label>Password</label>
<br />
<input
type="password"
placeholder="Password"
for="password"
onChange={(e) => setPassword(e.target.value)}
></input>
<br />
<p className="forget-pw">
<a href="/">Forgot password?</a>
</p>
<button>Login</button> <br />
<br />
{/* <p style={{ color: 'red' }}>{result.error}</p> */}
</div>
<p className="have-ccl">
{' '}
No account yet?<a href="/signup">Signup</a>
</p>
</form>
</div>
)
}
export default Login
解决方案
有几个问题:
password: req.body.password从您的猫鼬查询中删除不必要的行。这基本上是将未散列的密码与纯 JavaScript 对象中的散列密码进行比较。这永远不会返回 true,因为散列总是与未散列的密码不同。- 有没有可能你的身体从未真正被发送出去?您需要
name先将属性添加到输入,然后才能对其进行解析。你在用body-parser吗?
推荐阅读
- javascript - 我想提醒一条错误消息
- angular - Angular:ng-select选项宽度到某个组
- jenkins - 在 Jenkins 中定义 Kubernetes 副本集/部署和服务
- ios - iOS 键盘扩展崩溃
- python - ValueError:传递值的形状为 (1, 6),索引暗示 (6, 6)
- php - 当我们在数据库中进行更改时如何更新会话用户数据值?
- query-performance - 行级安全,性能差
- sql - 查找日期差异的标准方法 - SQL
- javascript - for in 循环在 for 语句中插入最后一个表单值
- mongodb - 中止陷阱:Mongodb 中的 6 - MAC OS