比较密码,同时在node.js中放置密码
注册时间密码被encryption并存储在数据库(mongoDB)中。 为了encryption这个密码,我在模型中使用了bcrypt.hash 。 现在我正在使用node.js重置密码如何比较encryption的密码和用户input的密码。
user.js的
var mongoose = require('mongoose'); var Schema = mongoose.Schema; var bcrypt = require('bcrypt-nodejs'); var passportLocalMongoose = require('passport-local-mongoose'); var UserSchema = new Schema({ name: String, email: {type: String, required: true, select: true}, mobile: {type: String, required: true, select: true}, password: {type: String, required: true, select: true}, active:{ type: 'Boolean', default: false}, generatedOtp:{ type: String}, resetPasswordToken: String, resetPasswordExpires: Date, //occasiontype: {type: String, required: true, select: true}, //date: {type: Date , required: true, select: true} }); UserSchema.pre('save', function (next) { var user = this; if(!user.isModified('password')) return next(); bcrypt.hash(user.password, null, null, function(err, hash){ if(err) return next(err); user.password = hash; next(); }); }); UserSchema.methods.comparePassword = function(password){ var user = this; //console.log(user.password + password); return bcrypt.compareSync(password, user.password); } UserSchema.plugin(passportLocalMongoose); module.exports = mongoose.model('User', UserSchema); api.js
router.post('/resetPasswordafterlogin',function(req,res){ var uId = ObjectId(req.body.userId); var oldPassword = req.body.formdata.oldPassword; var newPassword = req.body.formdata.newPassword; console.log(req.body.formdata.validPassword) return res.json({}) });
controller.js
(function () { 'use strict'; angular .module('app.security') .controller('SecurityController', SecurityController); /** @ngInject */ //SecurityController.$inject = ['$http', '$location']; function SecurityController($http, $location, $rootScope, $localStorage) { var vm = this; vm.uId = $localStorage._id; vm.save = function(userData){ $http({ url: 'http://192.168.2.8:7200/api/resetPasswordafterlogin', method: 'POST', data: {userId: vm.uId, formdata: userData} }).then(function(res) { console.log("success"); }, function(error) { alert(error.data); }); }; vm.cancel = function(){ $location.url('/pages/dashboard'); } } })();
所以现在我必须将这个oldPassword与用户模型中的encryption密码进行比较。 这个怎么做?
我在node.js中使用了以下内容。
api.js
router.post('/resetPasswordafterlogin',function(req,res){ var uId = ObjectId(req.body.userId); var oldPassword = req.body.formdata.oldPassword; var newPassword = req.body.formdata.newPassword; async.waterfall([ function(done) { User.findOne({ _id : uId}, function(err, user) { var validPassword = user.comparePassword(oldPassword); if (!validPassword) { var message = { message: 'Incorrect password.' }; done(null, message); }else if (user, done){ user.password = newPassword; user.save(function(err) { req.logIn(user, function(err) { done(err, user); }); }); var message = { message: 'Success! Your password has been changed.' }; done(null, message); } }); } ], function(err, result){ if (err) return next(err); return res.json({ result: result.message }); }); });
这是比较密码的简单function:
exports.comparePassword = (passwordToCompare, dbPassword, callback) => { console.log("comparePassword", passwordToCompare) bcrypt.compare(passwordToCompare, dbPassword, (err, isMatch) => { if (err) { return callback(err); } else callback(null, isMatch); }); };