问题描述
我正在尝试使用猫鼬,本地护照和bcrypt-nodejs登录我的应用.
I'm trying to make a login in for my app using mongoose, passport-local, and bcrypt-nodejs.
userSchema pre('save')函数可以正常工作并保存哈希密码.但是bcrypt compare方法每次都会返回false.
The userSchema pre('save') function works fine and saves a hashed password. however the bcrypt compare method will return false every time.
请参见 bcrypt-nodejs
这是我的userSchema
here is my userSchema
var userSchema = mongoose.Schema({
login:{
local:{
email: {type: String, unique: true, required: true},
password: {type: String, unique: true, required: true}
}
}
userSchema.pre('save', function(next) {
bcrypt.hash('user.login.local.password', null, null, function(err, hash){
if(err){
next(err);
}
console.log('hash', hash);
user.login.local.password = hash;
next();
})
});
userSchema.methods.validPassword = function(password, cb){
bcrypt.compare(password, this.login.local.password, function(err, isMatch){
if(err) return cb(err);
cb(null, isMatch);
})
module.exports = mongoose.model('User', userSchema);
这可以正常工作,并使用哈希密码保存新用户
this works fine, and saves a new user with a hashed password
这是我的登录策略
无论用户输入什么信息,它总是返回false
no matter what info the user inputs, this will always return false
passport.use('local-login', new LocalStrategy({
usernameField: 'email',
passwordField: 'password',
passReqToCallBack: true
},
function(email, password, done){
User.findOne({ 'login.local.email' : email }, function(err, user){
if(err){
console.log(err);
return done(err);
}
if(!user){
console.log('no user found');
return done(err);
}
user.validPassword(password, function(err,match){
if(err){
console.log(err);
throw err;
}
console.log(password, match);
})
})
}))
最后我的路线
app.post('/user/login', passport.authenticate('local-login'{
successRedirect: '/#/anywhereBUThere'
failureRedirect: '/#/'
}))
推荐答案
问题的根源很可能是compare函数返回false,因为您确实在比较两个不同的哈希值.
Most likely the root of the problem is that the compare function is returning false because you are indeed comparing two non-identical hashes.
您似乎正在传递字符串' user.login.local.password ',而不是userSchema预保存功能中的实际密码:
You appear to be passing in a string 'user.login.local.password' instead of the actual password in your userSchema pre save function:
例如这bcrypt.hash('user.login.local.password', null, null, function(err, hash){
应该为bcrypt.hash(user.login.local.password, null, null, function(err, hash){
(密码中的单引号不能作为第一个参数传递.)
e.g. thisbcrypt.hash('user.login.local.password', null, null, function(err, hash){
should be bcrypt.hash(user.login.local.password, null, null, function(err, hash){
(no single-quotes on the password being passed in as the first parameter.)
此外,您还要将生成的哈希值设置为似乎位于用户模型之外的用户"对象.我看不到该代码,但是我怀疑您没有更新要保存到mongoDB的用户模型上的哈希值.
Additionally, you're then setting the generated hash to a 'user' object which seems to live outside of your user model. I can't see that code, but I suspect that you're not updating the value of the hash on the user model being saved to mongoDB.
例如user.login.local.password = hash;
应该是this.login.local.password = hash;
这篇关于bcrypt-nodejs compare方法每次都返回false的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!