Unfortunately the result of the compare function is always false? Even when correct data is posted. Think it may have something to do with the compare function for bcrypt?
signup hash and salt the password
module.exports.signupPost = async (req, res) => {
const { email, password } = req.body;
//create a user with hashed password
try {
const newUser = await User.create({ email, password });
newUser.password = await bcrypt.hash(newUser.password, 12);
newUser.save();
res.status(200).json({ user: newUser._id });
} catch (err) {
errors = handlerErr(err);
res.status(400).json({ errors });
}
};
login compare the password to the hashed password
module.exports.loginPost = async (req, res) => {
const { email, password } = req.body;
try {
const user = await User.findOne({ email });
if (!user) {
res.status(404).json({ email: "No user found" });
}
//if user exist check password is a match
const user = await User.findOne({ email });
if (!user) {
return res.status(404).json({ email: "No user found" });
}
try {
const match = await bcrypt.compare(
password.toString(),
user.password,
function (err, res) {
console.log(res);// returns false
}
);
} catch (err) {}
};
user schema
database user schema
const userSchema = new mongoose.Schema({
email: {
type: String,
required: [true, "Please enter a email"],
unique: true,
lowercase: true,
},
password: {
type: String,
required: [true, "Please enter a password"],
lowercase: true,
},
});
Remove lowercase: true
from the password schema.
You're converting the password to lowercase both before hashing it and when saving the hash.
You should allow capitalization in passwords by removing lowercase: true
in your mongoose “password” schema. This setting causes all strings to be transformed to lowercase before being stored in the database.
The current implementation has 2 bugs:
newUser
, the input password gets converted to lowercase in the DB which you then use to generate the hash.According to documentation , you must check the result through this way:
bcrypt.compareSync(password, user.password); // result true or false
const userSchema = new mongoose.Schema({
email: {
type: String,
required: [true, "Please enter a email"],
unique: true,
lowercase:true,
},
password: {
type: String,
required: [true, "Please enter a password"],
},
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.