[StackOverflow的第一篇文章,所以我去:我正在为我的朋友创建一个博客。用户可以登录,发布和更新其个人资料。在实施了基本的用户文档(用户配置文件)更新后,仍然需要解决其他问题,发生了一些令人头疼的事情。我不能再使用相同的凭据登录。我已尝试删除了更新用户名的功能,因为我认为这是与该用户登录能力有关的唯一合乎逻辑的事情,但是即使更新映像/生物信息也会导致用户无法登录。
这是我的updateProfile()
exports.updateProfile = async (req, res, next) => {
var image = req.files.image;
const data = {};
if (req.body.username === '' || undefined) {
delete req.body.username;
} else {
data.username = req.body.username.trim();
}
if (req.body.email === '' || undefined) {
delete req.body.email;
} else {
data.email = req.body.email.trim();
}
if (req.body.bio === '' || undefined) {
delete req.body.bio;
} else {
data.bio = req.body.bio.trim();
}
let user = await User.findById(req.session.userID);
if (!data.username === false) {
await user.updateOne({ username: data.username });
}
if (!data.email === false) await user.updateOne({ email: data.email });
if (!data.bio === false) await user.updateOne({ bio: data.bio });
if (image) {
image.mv(
path.resolve(__dirname, '..', 'public/img', image.name),
async (error) => {
await user.updateOne({ image: '/img/' + image.name });
}
);
}
const updatedUser = await User.findById(req.session.userID);
user = updatedUser;
user.save(function () {
res.render('profile', {
user,
});
});
};
这是我的用户模型:
const mongoose = require('mongoose');
const Schema = mongoose.Schema;
const bcrypt = require('bcryptjs');
var uniqueValidator = require('mongoose-unique-validator');
const validator = require('validator');
const UserSchema = new Schema({
username: {
type: String,
required: [true, 'Please provide username.'],
unique: true,
minlength: [2, 'Name must be longer than one character.'],
},
email: {
type: String,
required: [true, 'Please provide a email.'],
lowercase: true,
unique: true,
validate: [validator.isEmail, 'Please provide a valid email'],
},
password: {
type: String,
required: [true, 'Please provide password.'],
minlength: [2, 'Password must be longer than eight characters.'],
},
image: {
type: String, //PATH IN FILE SYSTEM WHERE IMAGE IS UPLOADED
default: '/img/default-user-image.png',
},
role: {
type: String,
enum: ['Neophyte', 'admin'],
default: 'Neophyte',
},
bio: {
type: String,
default: `Tell us about yourself...`,
},
});
UserSchema.plugin(uniqueValidator);
UserSchema.pre('save', function (next) {
const user = this;
bcrypt.hash(user.password, 10, (error, hash) => {
user.password = hash;
next();
});
});
const User = mongoose.model('User', UserSchema);
module.exports = User;
现在从字面上看,我正在写这篇文章,我相信UserSchema.pre('save')...是元凶。但是,因为我已经写了这么多文字,并且希望从社区中听到他们认为是推荐的解决方案的信息,或者告诉我我还有路要走,所以请告诉我! bcrypt是否再次通过密码重新加密导致锁定?
最佳!
您可以检查密码是否被修改,并且仅在使用.isModified()对其进行修改时才对其进行散列处理>
UserSchema.pre('save', function (next) {
const user = this;
if (user.isModified('password')) {
bcrypt.hash(user.password, 10, (error, hash) => {
user.password = hash;
next();
});
} else {
next();
}
});