检查更新的密码时,Bcrypt.hashSync 返回 false

问题描述 投票:0回答:1

我希望登录成功,但即使密码在数据库中更新并显示为已更改,bcrypt 上的 CompareSync 也会返回 false。

    async login(req: Request, res: Response) {
    let email = req.body.email
    const user = await User.findOne({ email: email })
    if (user) {
      if (user.schema.methods.isVerified) {
        let password: string = req.body.password
        let hashedPassword = user.password
        console.log(password, hashedPassword)
        console.log(user.schema.methods.checkPassword(password, hashedPassword))
        if (user.schema.methods.checkPassword(password, hashedPassword)) {
          res.json(dataResponse({ userId: user.id }, 200, 'Login sucess'))
        } else {
          res.json(dataResponse('', 200, 'Invalid email or password'))
        }
      } else {
        const tokenItem = await Token.findOne({ userId: user.id })
        if (tokenItem) {
          if (tokenItem.schema.methods.isNotExpired) {
            await Token.deleteMany().where({ userId: user._id })
            await tokenController.create({ userId: user._id, email: email })
            res.json(
            dataResponse(null, 406, 'Your\'e account is not verified,a new token has been sent to your email')
          )
          } else {
            await Token.deleteMany().where({ userId: user.id })
            await User.deleteMany().where({ _id: user.id })
            res.json(
              dataResponse(
                '',
                401,
                "Your account doesn't exist, please sign up "
              )
            )
          }
        } else{
            await tokenController.create({ userId: user._id, email: email })
            res.json(
                dataResponse(null, 406, 'Your\'e account is not verified,a new token has been sent to your email')
            )
        }
      }
    } else{
        res.json(dataResponse('', 401, 'This account doesn\'t exist, please sign up'))
    }
  }

  async forgotPassword(req: Request, res: Response) {
    let email = req.body.email 
    let password = req.body.password
    const user = await User.findOne({email:email})
    if(user){
      if(user.schema.methods.isVerified){
        await user.updateOne({ password })
        await user.save()
        res.json(dataResponse('', 200, 'Password reset successful'))
      } else {
        res.json(dataResponse('', 401, 'Your account is not verified please try logging in'))
      }
    } else {
      res.json(dataResponse('', 401, 'This account does not exist.'))
    }
  }

上面是我创建的用于让用户登录的登录功能。我正在使用 mongoose 中间件来哈希密码并检查哈希密码

    userSchema.pre('save', function (next) {
  this.password = bcrypt.hashSync(this.password, 10)
  next()
})

用于哈希密码

    userSchema.methods.checkPassword = function (
  password: string,
  hashedPassword: string
) {
return bcrypt.compareSync(password, hashedPassword)
}

用于更新密码。现在的问题是当我注册并登录时,它可以工作。但是,当我更新密码时,bcrypt 返回 false。

    async forgotPassword(req: Request, res: Response) {
    let email = req.body.email 
    let password = req.body.password
    const user = await User.findOne({email:email})
    if(user){
      if(user.schema.methods.isVerified){
        await user.updateOne({ password })
        await user.save()
        res.json(dataResponse('', 200, 'Password reset successful'))
      } else {
        res.json(dataResponse('', 401, 'Your account is not verified please try logging in'))
      }
    } else {
      res.json(dataResponse('', 401, 'This account does not exist.'))
    }
  }

这就是我用来更新密码的方法。

javascript mongoose backend mongoose-schema bcrypt
1个回答
0
投票

在这种情况下,

updateOne
函数绕过了
mogoose.save
,导致了错误。当我使用
user.password = password
时它起作用了。

答案来源:ruakh

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.