stackoom
  简体   繁体   中英

How do I retrieve an encrypted password from my database with bcrypt?

 原文  2020-06-18 02:19:22       javascript/ node.js/ express/ bcrypt

Question

I have an application with a register and login form. I've managed to get the encrypted password into the database, but i can't seem to get it to work when I want to compare it when logging in. How would I implement bcrypt in my login post method?

Here is my register post where the password is stored successfully:

router.post('/register', (req, res) => {
bcrypt.hash(req.body.password, 10).then((hash) => {
    let userData = req.body;
    let user = new User(userData);
    user.password = hash;
    user.save((error, registeredUser) => {
        if (error) {
            console.log(error);
        } else {
            let payload = {subject: registeredUser._id};
            let token = jwt.sign(payload, 'secretKey');
            res.status(200).send({token});
        }
    });
  });
});

And here is my login post:

router.post('/login', (req, res) => {
let userData = req.body;

User.findOne({email: userData.email}, (error, user) => {
    if (error) {
        console.log(error);
    } else {
        if(!user) {
            res.status(401).send('Invalid Email');
        } else
        if (user.password !== userData.password) {
            res.status(401).send('Invalid Password');
        } else {
            let payload = {subject: user._id};
            let token = jwt.sign(payload, 'secretKey');
            res.status(200).send({token});
        }
    }
  });
});

2 answers

solution1
 0  2020-06-18 03:04:41

Few things to note here.

  1. Password are usually encrypted using one-way hashing function, which means you shouldn't be expecting to decrypt the saved password back to original text.

  2. In a one way hash function, same hash (encryption output) is created for same input, every time. Eg: If you can encrypt the word "mysimplepassword", the output is going to be the same "xjjklqjlj34309dskjle4" (just a sample) every time.

  3. The method of checking password in such scenarios is: (a) Store the encrypted password (hash) when its first provided (usually during sign up) (b) During login, receive the password as input and encrypt it using same encryption method, to obtain the hash (c) Compare the hash

If you are using bcrypt , you can use bcrypt.compare() to perform these operations

solution2
 0 ACCPTED  2020-06-18 03:16:13

I figured it out and am now comparing the hashed passwords successfully. Here is the new login post:

router.post('/login', (req, res) => {
let userData = req.body;

User.findOne({email: userData.email}, (error, user) => {
    if (error) {
        console.log(error);
    } else {
        if(!user) {
            res.status(401).send('Invalid Email');
        } else {
        bcrypt.compare(req.body.password, user.password, function (err, result) {
            if (result == false) {
                res.status(401).send('Invalid Password');
            } else {
                let payload = {subject: user._id};
                let token = jwt.sign(payload, 'secretKey');
                res.status(200).send({token});
            }
        });
    }}
  });
});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How Can I update each password in my database with hashed bcrypt version? How do I retrieve data from my MYSQL database as an array? If I change my server bcrypt can remember salt and decrypt Password,How can do that? verifying a password encrypted with bcrypt in Express how to store CryptoJS encrypted password in database How can I retrieve data from my firebase database? How to check check the password from login with the password hashed by bcrypt in register? How do i retrieve data from the database using jsp How do I retrieve images from XML and append to my webpage? how to compare bcrypt hash password
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM