bcrypt-nodejs compare 方法每次都返回 false
[英]bcrypt-nodejs compare method returns false every time
问题描述
I'm trying to make a login in for my app using mongoose, passport-local, and bcrypt-nodejs.
我正在尝试使用 mongoose、passport-local 和 bcrypt-nodejs 登录我的应用程序。
The userSchema pre('save') function works fine and saves a hashed password. userSchema pre('save') 函数工作正常并保存散列密码。 however the bcrypt compare method will return false every time.但是 bcrypt compare 方法每次都会返回 false。
see bcrypt-nodejs见bcrypt-nodejs
here is my userSchema这是我的 userSchema
var userSchema = mongoose.Schema({
login:{
local:{
email: {type: String, unique: true, required: true},
password: {type: String, unique: true, required: true}
}
}
userSchema.pre('save', function(next) {
bcrypt.hash('user.login.local.password', null, null, function(err, hash){
if(err){
next(err);
}
console.log('hash', hash);
user.login.local.password = hash;
next();
})
});
userSchema.methods.validPassword = function(password, cb){
bcrypt.compare(password, this.login.local.password, function(err, isMatch){
if(err) return cb(err);
cb(null, isMatch);
})
module.exports = mongoose.model('User', userSchema);
this works fine, and saves a new user with a hashed password这工作正常,并使用散列密码保存新用户
here is my my login strategy这是我的登录策略
no matter what info the user inputs, this will always return false无论用户输入什么信息,这将始终返回 false
passport.use('local-login', new LocalStrategy({
usernameField: 'email',
passwordField: 'password',
passReqToCallBack: true
},
function(email, password, done){
User.findOne({ 'login.local.email' : email }, function(err, user){
if(err){
console.log(err);
return done(err);
}
if(!user){
console.log('no user found');
return done(err);
}
user.validPassword(password, function(err,match){
if(err){
console.log(err);
throw err;
}
console.log(password, match);
})
})
}))
lastly my route最后我的路线
app.post('/user/login', passport.authenticate('local-login'{
successRedirect: '/#/anywhereBUThere'
failureRedirect: '/#/'
}))
2 个解决方案
解决方案1
1 已采纳 2015-05-28 02:43:41
Most likely the root of the problem is that the compare function is returning false because you are indeed comparing two non-identical hashes.问题的根源很可能是比较函数返回 false,因为您确实在比较两个不同的哈希值。
You appear to be passing in a string ' user.login.local.password ' instead of the actual password in your userSchema pre save function:您似乎正在传递字符串“ user.login.local.password ”而不是 userSchema 预保存功能中的实际密码:
eg this bcrypt.hash('user.login.local.password', null, null, function(err, hash){ should be bcrypt.hash(user.login.local.password, null, null, function(err, hash){ (no single-quotes on the password being passed in as the first parameter.)例如这个bcrypt.hash('user.login.local.password', null, null, function(err, hash){应该是bcrypt.hash(user.login.local.password, null, null, function(err, hash){ (作为第一个参数传入的密码没有单引号。)
Additionally, you're then setting the generated hash to a 'user' object which seems to live outside of your user model.此外,您然后将生成的哈希设置为一个“用户”对象,该对象似乎位于您的用户模型之外。 I can't see that code, but I suspect that you're not updating the value of the hash on the user model being saved to mongoDB.我看不到该代码,但我怀疑您没有更新保存到 mongoDB 的用户模型上的哈希值。
eg user.login.local.password = hash;例如user.login.local.password = hash; should probably be this.login.local.password = hash;应该是this.login.local.password = hash;
解决方案2
0 2021-11-01 13:48:51
我有一个类似的问题,其中bcrypt.compare()总是返回false ,结果我以不正确的顺序传递参数,请确保将普通密码作为第一个参数传递。
bcrypt.compare(plainPassword, hashedPassword)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.