[英]bcrypt-nodejs.compare always returns false
I am setting up a login using node.js, bcrypt, sequelize, and passport and I've followed the documentation online but for some reason the .compare function always returns false even when I know the passwords match. 我正在使用node.js,bcrypt,sequelize和passport设置登录名,并且已在线关注文档,但由于某些原因,即使我知道密码匹配,.compare函数也始终返回false。
In my model I added a beforCreate hook to encrypt the password: 在我的模型中,我添加了一个beforCreate挂钩来加密密码:
beforeUpdate: function(user, options, fn) {
encryptPassword(user, options, fn);
}
encryptPassword function: cryptoPassword函数:
encryptPassword = function(user, options, fn) {
if (!user.changed('password'))
return fn();
bcrypt.hash(this.password, null, null, function(err, hash) {
if (err) return fn(err);
user.password = hash;
fn();
});
}
My controller where I create the user: 我创建用户的控制器:
User
.create({
username: req.body.username,
password: req.body.password
})
.then(function() {
res.json({
message: 'New beer drinker added to the locker room!'
});
});
That works great, the user is stored in my DB with the hashed password. 效果很好,用户使用哈希密码存储在我的数据库中。
Now I try to log the user in using passport 现在,我尝试使用护照登录用户
passport.use(new BasicStrategy(
function(username, password, callback) {
User
.find({
where: {
username: username
}
})
.then(function(user) {
// No user found with that username
if(!user) return callback(null, false);
// Make sure the password is correct
user.verifyPassword(password, function(err, isMatch) {
if(err) return callback(err);
// Password did not match
if(!isMatch) return callback(null, false);
// Success
return callback(null, user);
});
})
.catch(function(err) {
return callback(err);
});
}
));
This process calls user.verifyPassword which is an instanceMethod of my user model. 此过程调用user.verifyPassword,这是我的用户模型的instanceMethod。
verifyPassword: function(password, callback) {
bcrypt.compare(password, this.password, callback);
}
However the callback is always false regardless of if the passwords match or not. 但是,无论密码是否匹配,回调始终为false。 Does anyone have any ideas what I'm doing wrong?
有人知道我在做什么错吗? I tried to switch to bcrypt but I couldn't get it to install because node-gyp rebuild always fails complaining it can't find the env variable for python which I've installed.
我试图切换到bcrypt,但是我无法安装它,因为node-gyp重建始终无法抱怨它找不到我已安装的python的env变量。 Plus I don't want to have a huge pain in the ass trying to get the server developers to set up a server with all of the dependencies and stuff of the normal bcrypt.
另外,我不想让服务器开发人员使用正常bcrypt的所有依赖项和其他内容来设置服务器,而不会费劲。
When encrypting the password I was using this.password which was undefined. 在加密密码时,我使用了未定义的this.password。 I needed to use
user.password
to get the current password. 我需要使用
user.password
来获取当前密码。
bcrypt.hash(user.password, null, null, function(err, hash) {
if (err) return fn(err);
user.password = hash;
fn();
});
You're not actually passing the password to the verifyPassword function. 您实际上并没有将密码传递给verifyPassword函数。
user.verifyPassword(password, function(err, isMatch) {
... ^^^^^^^^
});`
that password variable isn't actually defined. 该密码变量实际上并未定义。 When you are in the
.then()
function you have access to the object that is returned from the database. 当您使用
.then()
函数时,您可以访问从数据库返回的对象。 Whether it is a single result or a result set. 无论是单个结果还是结果集。
user.verifyPassword(user.password, function(err, isMatch) { ... });
^^^^^^^^^^^^^
You'll have to access the data inside the object that you get back from the .findAll()
query. 您必须访问从
.findAll()
查询返回的对象中的数据。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.