bcrypt /猫鼬更改用户密码

问题描述

我正在尝试向我构建的仪表板添加更改密码选项。我的表单具有三个输入，currentPassword，newPassword，confirmNewPassword。这是您针对数据库的标准检查当前密码，如果匹配，则使用新密码进行更新。

无论我做什么，我都无法使代码在匹配成功的地方运行（bcrypt.compare之后的代码）。我知道我使用了正确的密码。我不知道我在做什么错。感谢帮助。

router.post("/changepassword",ensureAuthenticated,(req,res) => {
    const { currentPassword,newPassword,confirmNewPassword } = req.body;
    const userID = req.user.userID;
    let errors = [];

    //Check required fields
    if (!currentPassword || !newPassword || !confirmNewPassword) {
        errors.push({ msg: "Please fill in all fields." });
    }

    //Check passwords match
    if (newPassword !== confirmNewPassword) {
        errors.push({ msg: "New passwords do not match." });
    }

    //Check password length
    if (newPassword.length < 6 || confirmNewPassword.length < 6) {
        errors.push({ msg: "Password should be at least six characters." });
    }

    if (errors.length > 0) {
        res.render("changepassword",{
            errors,name: req.user.name,});
    } else {
        //VALIDATION PASSED
        //Ensure current password submitted matches
        User.findOne({ userID: userID }).then(user => {
            //encrypt newly submitted password
            bcrypt.compare(currentPassword,user.password,(err,isMatch) => {
                if (err) throw err;
                if (isMatch) {
                    console.log(user.password);
                    //Update password for user with new password
                    bcrypt.genSalt(10,salt) =>
                        bcrypt.hash(newPassword,salt,hash) => {
                            if (err) throw err;
                            user.password = hash;
                            user.save();
                        })
                    );
                    req.flash("success_msg","Password successfully updated!");
                    res.redirect("/dashboard");
                } else {
                    //Password does not match
                    errors.push({ msg: "Current password is not a match." });
                    res.render("changepassword",{
                        errors,});
                }
            });
        });
    }
});

解决方法

尝试使用异步等待语法

router.post("/changepassword",ensureAuthenticated,async (req,res) => {
  const { currentPassword,newPassword,confirmNewPassword } = req.body;
  const userID = req.user.userID;
  let errors = [];

  //Check required fields
  if (!currentPassword || !newPassword || !confirmNewPassword) {
    errors.push({ msg: "Please fill in all fields." });
  }

  //Check passwords match
  if (newPassword !== confirmNewPassword) {
    errors.push({ msg: "New passwords do not match." });
  }

  //Check password length
  if (newPassword.length < 6 || confirmNewPassword.length < 6) {
    errors.push({ msg: "Password should be at least six characters." });
  }

  if (errors.length > 0) {
    res.render("changepassword",{
      errors,name: req.user.name,});
  } else {
    //VALIDATION PASSED
    //Ensure current password submitted matches

    User.findOne({ userID: userID }).then(async (user) => {
      //encrypt newly submitted password
      // async-await syntax
      const isMatch = await bcrypt.compare(currentPassword,user.password);

      if (isMatch) {
        console.log(user.password);
        //Update password for user with new password
        bcrypt.genSalt(10,(err,salt) =>
          bcrypt.hash(newPassword,salt,hash) => {
            if (err) throw err;
            user.password = hash;
            user.save();
          })
        );
        req.flash("success_msg","Password successfully updated!");
        res.redirect("/dashboard");
      } else {
        //Password does not match
        errors.push({ msg: "Current password is not a match." });
        res.render("changepassword",{
          errors,});
      }
    });
  }
});

我弄清楚是什么。 const userID应该已经设置为等于req.user.id。然后，在我的猫鼬中，我应该一直使用_id作为查询。

router.post("/changepassword",(req,res) => {
const { currentPassword,confirmNewPassword } = req.body;
const userID = req.user.id;
let errors = [];
//Check required fields
if (!currentPassword || !newPassword || !confirmNewPassword) {
    errors.push({ msg: "Please fill in all fields." });
}

//Check passwords match
if (newPassword !== confirmNewPassword) {
    errors.push({ msg: "New passwords do not match." });
}

//Check password length
if (newPassword.length < 6 || confirmNewPassword.length < 6) {
    errors.push({ msg: "Password should be at least six characters." });
}

if (errors.length > 0) {
    res.render("changepassword",{
        errors,});
} else {
    //VALIDATION PASSED
    //Ensure current password submitted matches
    User.findOne({ _id: userID }).then(user => {
        //encrypt newly submitted password
        bcrypt.compare(currentPassword,user.password,isMatch) => {
            if (err) throw err;
            if (isMatch) {
                //Update password for user with new password
                bcrypt.genSalt(10,salt) =>
                    bcrypt.hash(newPassword,hash) => {
                        if (err) throw err;
                        user.password = hash;
                        user.save();
                    })
                );
                req.flash("success_msg","Password successfully updated!");
                res.redirect("/dashboard");
            } else {
                //Password does not match
                errors.push({ msg: "Current password is not a match." });
                res.render("changepassword",{
                    errors,});
            }
        });
    });
}

}）;

bcrypt javascript mongodb mongodb mongoose