在Mongo中使用bcryptjs
[英]Using bcryptjs with Mongo
问题描述
I am trying to encrypt user passwords using Bcrpyt for my Angular app which uses Mongodb in the backend. 
我正在尝试为我的Angular应用程序使用Bcrpyt加密用户密码,该应用程序在后端使用Mongodb。
Here is the code 这是代码
Model 模型
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
bcrypt = require('bcryptjs'),
SALT_WORK_FACTOR = 10;
var UserSchema = new mongoose.Schema({
name: String,
username: { type: String, required: true, index: { unique: true } },
email: String,
password: { type: String, required: true },
created_at: Date,
topics: [{type: Schema.Types.ObjectId, ref: 'Topic'}],
posts: [{type: Schema.Types.ObjectId, ref: 'Post'}],
comments: [{type: Schema.Types.ObjectId, ref: 'Comment'}]
});
UserSchema.pre('save', function(next) {
var user = this;
// only hash the password if it has been modified (or is new)
if (!user.isModified('password')) return next();
// generate a salt
bcrypt.genSalt(SALT_WORK_FACTOR, function(err, salt) {
if (err) return next(err);
// hash the password along with our new salt
bcrypt.hash(user.password, salt, function(err, hash) {
if (err) return next(err);
// override the cleartext password with the hashed one
user.password = hash;
next();
});
});
});
UserSchema.methods.comparePassword = function(candidatePassword, cb) {
bcrypt.compare(candidatePassword, this.password, function(err, isMatch) {
if (err) return cb(err);
cb(null, isMatch);
});
};
mongoose.model('User', UserSchema);
Create & Login inside Controller 在Controller内部创建和登录
var mongoose = require('mongoose');
var User = mongoose.model('User');
module.exports = (function() {
return {
login: function(req, res) {
User.findOne({email: req.body.email}, function(err, user) {
if(user === null) {
var error = "User not found"
console.log(error);
}
else{
user.comparePassword(req.body.password, function(err, isMatch){
if(err){
console.log("Password dont match");
} else{
console.log(user)
res.json(user);
}
})
}
})
},
create: function(req, res) {
var user = new User({name: req.body.name, username:req.body.username, email:req.body.email, password:req.body.password, created_at: req.body.created_at});
user.save(function(err) {
if(err) {
console.log('something went wrong');
} else {
console.log('successfully added a user!');
res.redirect('/');
}
})
}
})();
The user create function is working fine, saving in the passwords encrypted. 用户创建功能运行良好,保存了加密的密码。 But during Login it is not properly comparing the encrypted password against the input. 但是在登录期间,它无法正确地将加密密码与输入进行比较。 Lets user through regardless of any password. 允许用户通过而不管任何密码。
Also how would I go about showing errors incase of user not found and also for password not matching(this is a secondary Q. 另外,如果找不到用户并且密码不匹配,我将如何显示错误(这是第二个Q.
Primary concerned about even wrong password being accepted. 主要担心甚至会接受错误的密码。
Thanks for the Help. 谢谢您的帮助。
1 个解决方案
解决方案1
1 已采纳 2016-02-16 03:00:41
You are checking if there is any error during password matching but not checking if the input password matches the hashed one. 您正在检查密码匹配过程中是否有任何错误,但不会检查输入的密码是否与哈希密码匹配。
user.comparePassword(req.body.password, function(err, isMatch){
if(err){
return console.log("Password dont match");
}
if (isMatch) {
// password matches. Log the user in
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.