堆栈内存溢出
  简体   繁体   English

NodeJS 更新用户 Bcrypt - 密码不会被散列

[英]NodeJS Updating User Bcrypt - Password doesn't get hashed

 原文  2015-12-17 03:32:20       node.js/ passport.js/ updates/ bcrypt/ passport-local

问题描述

I'm trying to set set up an update function for user profiles on a Node.JS application with hash passwords using the bcrypt-nodejs module.我正在尝试使用 bcrypt-nodejs 模块为带有哈希密码的 Node.JS 应用程序上的用户配置文件设置更新功能。 It works when signing in, but when I am updating the profile it updates the user object with the plain text (ie: I type "text" for the password, the db shows "text").它在登录时工作,但是当我更新配置文件时,它会使用纯文本更新用户对象(即:我输入“文本”作为密码,数据库显示“文本”)。 I would like to hash the password when the profile is updated.我想在更新配置文件时散列密码。 How would I fix this?我将如何解决这个问题?

Below is my code for the controller:下面是我的控制器代码:

exports.editUser = function(req, res) {
 // user edit form set to findonendupdate
 User.findByIdAndUpdate({ _id: req.params.user_id, randString: req.body.randString }, req.body, function(err, user) { 

   if (err) 
    res.send(err); 
   res.json({ data: user }); 
 });
};

For reference this is the user model code that works with a new user registration:作为参考,这是适用于新用户注册的用户模型代码:

 passport.use('local', new LocalStrategy(
  function(username, password, callback) {
   User.findOne({ username: username } , function (err, user) {
     if (err) { return callback(err); }

     // No user found with that username
     if (!user) { return callback(null, false); }

     // Make sure the password is correct
     user.verifyPassword(password, function(err, isMatch) {
       if (err) { return callback(err); }

     // Password did not match
       if (!isMatch) { return callback(null, false); }

     // Success
       return callback(null, user);
     });
  });
 }
));

2 个解决方案

解决方案1
 4 已采纳  2015-12-17 03:56:05

User.findByIdAndUpdate({...}, req.body, function(err,...

Here you're receiving the password in req.body and telling it to update it directly as it is (plain text).在这里,您收到req.body的密码并告诉它直接更新它(纯文本)。

You need to hash it and then update你需要散列它然后更新

// retrieve the password field
var password = req.body.password

// update it with hash
bcrypt.hash(password, (hash) => {
  req.body.password = hash

  // then update
  User.findByIdAndUpdate({...}, req.body, function(err,... // then update
});

解决方案2
 0  2021-02-12 11:18:27

I just solved by converting plain text password to hashed password before updating password.我刚刚通过在更新密码之前将纯文本密码转换为散列密码来解决。

req.body.password = await bcrypt.hash(req.body.password, 8);

await Admin.findOneAndUpdate({ _id: req.body._id }, req.body, { new: true }, (err, doc) => {
                    if (!err) { 
                        req.flash('success', 'Admin Updated successfully!');
                        res.status(201).render('admin-views/admin/edit_admin', { success_message: req.flash('success'), admin: doc });
                    }
                    else {
                        res.render("admin-views/admin/edit_admin", {
                            admin: req.body
                        })
                    }
                })

hope this code is works!希望这段代码有效!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Bcrypt.Hash的节点JS-更新后不会对密码进行哈希处理 - Node JS Using Bcrypt.Hash- Password does not get hashed after updating Node.js不会将哈希密码保存到mysql数据库 - Nodejs doesn't save hashed password to mysql db 复制bcrypt散列的密码 - Copy password hashed by bcrypt Bcrypt 没有将散列密码分配给 body.password 变量 - Bcrypt didn't assign the hashed password to body.password variable 无法使用bcrypt和书架将哈希密码保存到数据库 - Can't save hashed password to database using bcrypt and bookshelf 如何使用 bcrypt 返回散列密码? - How to return hashed password with bcrypt? 验证NodeJS中的哈希密码 - Verify hashed password in NodeJS 使用bcrypt在nodejs中进行密码加密 - password encryption in nodejs with bcrypt 我不知道为什么 bcrypt.compare 与散列密码不一样 - I don't know why bcrypt.compare with hashed password isn't same 无法获取哈希密码以使用bcrypt保存 - Can't get the Hash password to save with bcrypt
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM