当用户在nodejs中更改密码时如何更新mongoDB中的salt和hash值？

Question

I have to implement a functionality for the user who can after login change the password to new one. For that I want to update the hash and salt value for new password set. How can I do that? Since on registration I am saving the password first time in hash and salt form in mongoDB. How can I update that now?

Here is the code I am trying to use for password change:

    router.get('/api/changePassword', function(req,res,next){
      req.checkBody('oldPass', 'Empty Password').notEmpty();
      req.checkBody('newPass', 'Password do not match').equals(req.body.confirmPassword).notEmpty();
    
      var user = new User();
      user.setPassword(req.body.newPass);
  user.save(function (err,data) {
        if (err) {
          res.render('register', {errorMessages: err});
        } else {
console.log("password set successfully");

    }
})
})

But here I doubt that it will get updated into the existing user's database since I am creating the object user again here and saving it. Will it create again a new user in Collections and update the hash and salt value for that? How to then update the existing user password hash and salt value?

Below is the hash and salt model User schema code:

userSchema.methods.setPassword = function(password) {
  this.salt = crypto.randomBytes(16).toString('hex');
  this.hash = crypto.pbkdf2Sync(password, this.salt, 1000, 64, 'sha1').toString('hex');
};

userSchema.methods.validPassword = function(password) {
  var hash = crypto.pbkdf2Sync(password, this.salt, 1000, 64, 'sha1').toString('hex');
  return this.hash === hash;
};

module.exports = mongoose.model('User', userSchema); 

And this is the route code of registartion page, first time when user registers and put password:

router.route('/register')
  .get(function(req, res, next) {
    res.render('register', { title: 'Register a new account'});
  })
  .post(function(req, res, next) {
    req.checkBody('name', 'Empty Name').notEmpty();
    req.checkBody('email', 'Invalid Email').isEmail();
    req.checkBody('location', 'Empty Location').notEmpty();
    req.checkBody('password', 'Empty Password').notEmpty();
    req.checkBody('password', 'Password do not match').equals(req.body.confirmPassword).notEmpty();

    var errors = req.validationErrors();
    if (errors) {
      res.render('register', {
        name: req.body.name,
        email: req.body.email,
        location:req.body.location,
        errorMessages: errors
      });
    } else {
      var user = new User();
      user.name = req.body.name;
      user.email = req.body.email;
      user.location = req.body.location;
      user.setPassword(req.body.password);

      user.save(function (err,data) {
        if (err) {
          res.render('register', {errorMessages: err});
        } else {
console.log("user saved successfully");

}
})

Answer 1

Sorry, my previous explanation was incorrect, so I am going to write this as an answer. You won't actually be able to access the User object in the method alone, so what you will have to do is something like the following:

create a function with User.find() that returns the user.

Then pass in this user as a parameter to the new method you created as I described in the comment above, and continue to .update() this user that was passed into the setPassword() method as a parameter.

So your methods for the schema should be:

createPassword()

validPassword()

setPassword()

and the part of your code where you actually have the function that uses these methods to set this data should look something like:

function findUser() {
  return User;
}

function setPassword(password) {
  User.setPassword(User, password, passwordValid /*This is a boolean*/)
}