问题描述
这是我在authentication
中输入的passport.js
护照代码:
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
passport.serializeUser(function (user,done) {
done(null,user._id);
});
passport.deserializeUser(function (id,done) {
User.findOne({_id: id},function (err,user) {
done(err,user);
})
});
passport.use(new LocalStrategy({
usernameField: 'email'
},function (username,password,done) {
User.findOne({email: username},user) {
if (err) return done(err);
if (!user) {
return done(null,false,{
message: 'Incorrect username or password'
});
}
if (!user.validPassword(password)) {
return done(null,{
message: 'Incorrect username or password'
});
}
return done(null,user);
})
}
));
这是Schema code
,我正在使用猫鼬查询将salt
和hash
形式的密码存储在mongoDB
中:
var mongoose = require('mongoose');
var crypto = require('crypto');
var userSchema = new mongoose.Schema({
email: {
type: String,unique: true,required: true
},name: {
type: String,hash: String,salt: String
});
userSchema.methods.setPassword = function(password) {
this.salt = crypto.randomBytes(16).toString('hex');
this.hash = crypto.pbkdf2Sync(password,this.salt,1000,64,'sha1').toString('hex');
};
userSchema.methods.validPassword = function(password) {
var hash = crypto.pbkdf2Sync(password,'sha1').toString('hex');
return this.hash === hash;
};
module.exports = mongoose.model('User',userSchema);
这是auth.js
路线的Login
代码:
var express = require('express');
var router = express.Router();
var passport = require('passport');
var mkdirp = require('mkdirp');
var nodemailer = require('nodemailer');
var config = require('../config');
var transporter = nodemailer.createTransport(config.mailer);
router.route('/login')
.get(function(req,res,next) {
res.render('login',{ title: 'Login your account'});
})
.post(passport.authenticate('local',{
failureRedirect: '/login'
}),function (req,res) {
res.redirect('/profile');
})
下面是我正在尝试的password change route
execute
,它可能无法正常工作。我认为我需要在用户成功更改密码的同时将hash
和salt
的值更新到数据库中,但我不知道该怎么办。请帮忙!!!!!!!!!!!!!!!
router.post('/api/changePassword',function(req,next){
req.checkBody('oldPass','Empty Password').notEmpty();
req.checkBody('newPass','Password do not match').equals(req.body.confirmPass).notEmpty();
var errors = req.validationErrors();
if (errors) {
console.log("Errors hain bhai");
console.log(errors);
res.render('settingsClient',{
oldPass: req.body.oldPass,newPass: req.body.newPass,confirmPass:req.body.confirmPass,errorMessages: errors
});
}
else {
User.findOne({id: req.user.id},data) {
console.log("came inside api changePassword else condition inside User.findOne");
if (err) {
console.log(err);
}
else {
data.setPassword(req.body.newPass,function(err,datas){
if(datas) {
data.save(function (err,datass) {
if (err) {
res.render('settingsClient',{errorMessages: err});
} else {
console.log("Hash and Salt saved");
}
});
}
else {
console.log("setPassword error"+ err);
}
});
}
})
}
})
它不起作用/不将密码值更新到数据库中。我可能正在做的可能原因和错误是什么?
解决方法
是的!因此,我从setPassword中删除了回调函数,并尝试使用promises方式/路由来解决此查询: 我在这里发布了现在可以正常工作的解决方案。
User.findOne(userObj).then(function(sanitizedUser) {
if (sanitizedUser) {
console.log("sanitizedUser.hash = "+ sanitizedUser.hash);
sanitizedUser.setPassword(req.body.newPass);
console.log("Password going to be changed successfully now")
sanitizedUser.save(function (err,data) {
if (err) {
res.render('register',{errorMessages: err});
} else {
console.log("Password changed successfully");
res.send('Password reset successful');
}
});
} else {
res.send('user does not exist');
}
},function(err) {
console.error(err);
});