my result from using bcryptjs compare returns false. When comparing plaintext to hashed password from database (mongodb).(node-js)

Question

Unfortunately the result of the compare function is always false? Even when correct data is posted. Think it may have something to do with the compare function for bcrypt?

signup hash and salt the password

 module.exports.signupPost = async (req, res) => {
        const { email, password } = req.body;
    //create a user with hashed password
            try {
        const newUser = await User.create({ email, password });
        newUser.password = await bcrypt.hash(newUser.password, 12);
        newUser.save();
        res.status(200).json({ user: newUser._id });
    } catch (err) {
        errors = handlerErr(err);
        res.status(400).json({ errors });
    }
    };

login compare the password to the hashed password

    module.exports.loginPost = async (req, res) => {
        const { email, password } = req.body;
        try {
            const user = await User.findOne({ email });
            if (!user) {
                res.status(404).json({ email: "No user found" });
            }
//if user exist check password is a match
        const user = await User.findOne({ email });
    if (!user) {
        return res.status(404).json({ email: "No user found" });
    }
    try {
        const match = await bcrypt.compare(
            password.toString(),
            user.password,
            function (err, res) {
                console.log(res);// returns false
            }
        );
    } catch (err) {}
    };
    

user schema

database user schema

    const userSchema = new mongoose.Schema({
        email: {
            type: String,
            required: [true, "Please enter a  email"],
            unique: true,
            lowercase: true,
            
        },
        password: {
            type: String,
            required: [true, "Please enter a password"],
            lowercase: true,
        },
    });

Answer 1

Remove lowercase: true from the password schema.

You're converting the password to lowercase both before hashing it and when saving the hash.

---

You should allow capitalization in passwords by removing lowercase: true in your mongoose “password” schema. This setting causes all strings to be transformed to lowercase before being stored in the database.

The current implementation has 2 bugs:

1. When you save newUser , the input password gets converted to lowercase in the DB which you then use to generate the hash.
2. When you save the hashed password to the database, you lose capitalization and therefore the hash is no longer accurate.

Answer 2

According to documentation , you must check the result through this way:

bcrypt.compareSync(password, user.password); // result true or false

Answer 3

   const userSchema = new mongoose.Schema({
        email: {
            type: String,
            required: [true, "Please enter a  email"],
            unique: true,
            lowercase:true,
        
            
        },
        password: {
            type: String,
            required: [true, "Please enter a password"],
           
        },
    });