时间戳

首页 > 解决方案 > 如何将passportjs自动生成的哈希密码与登录密码进行比较?

node.js - 如何将passportjs自动生成的哈希密码与登录密码进行比较?

问题描述

我正在使用 passportJs 进行用户身份验证。此外,我正在使用 passport-local-mongoose 将密码转换为散列密码并将散列和盐存储在 DB 中。登录时,我创建了 login-strategy ,它需要 email 和 password 。那么,如何将存储在数据库中的密码(哈希和盐)与用户在登录时输入的密码进行比较。

用户模式

const userSchema = new mongoose.Schema({
  username: {
    type: String,
  },
  email: {
    type: String,
    required: true,
    unique: true,
  },
  role: {
    type: String,
    required: true,
    default: "User",
  },
});

报名路线

router.post("/register", async (req, res) => {
  try {
    const user = new User({
      username: req.body.username,
      email: req.body.email,
      role: req.body.role,
    });
    const newUser = await User.register(user, req.body.password);
    // console.log(newUser);
    res.send(newUser);
  } catch (error) {
    console.log(error.message);
    res.send(error);
  }
});

本地策略

passport.use(
  "local-login",
  new localStrategy(
    {
      usernameField: "email",
    },
    async function (email, password, done) {
      await User.findOne({ email: email }, function (err, user) {
        console.log(user);
        if (!user) {
          console.log("Incorrect username.");
        }
       
        bcrypt.compareSync(password, user.password),//unable to get user.password because it store in hash
          function (err, res) {
            if (err) console.log(err);

            if (res === false) {
              console.log("Incorrect password.");
            }

            return user;
          };
      });
    }
  )
);

标签: node.jsexpresspassport.jspassport-localpassport-local-mongoose

解决方案

实际上,您同时使用等待和回调。检查以下代码:

passport.use(
    "local-login",
    new localStrategy(
      {
        usernameField: "email",
      },
      async function (email, password, done) {
       try {
        const user =  await User.findOne({ email: email });
            console.log(user);
            if (!user) {
            console.log("Incorrect username.");
            }
       
       const passwordMatched = await bcrypt.compare(password, user.passwordHash);//unable to get user.password because it store in hash
            if (passwordMatched) {
              return user;
            }
            else  {
              console.log("Incorrect password.");
            }

       } catch (error) {
            console.log(error)
       }  
    }
));

推荐阅读