发表新帖
发表新帖

Node.js and Passport Object has no method validPassword

前端 未结
关注
3 1910
说谎
说谎 2021-02-02 14:40

I\'m using Node.js + Express + Passport to create a simple authentication(local)

and what I\'ve reached so far that when a wrong username or password entered user is re

相关标签:
3条回答
  • 悲哀的现实
    2021-02-02 15:30

    Looks like you copied example from passportjs website, where Jared failed to mention how to implement it..

    On the passport js github page he has another (simpler) example; he removed validPassword method altogether (line 18):

    Example

    if (user.password != password) { return cb(null, false); }

    That's what I based my app on (using encryption) on top of it.

    0 讨论(0)
  • 刺人心
    2021-02-02 15:37

    You are using

    if (!user.validPassword(password)) {
    return done(null, false, { message: 'Incorrect password.' });
}

    but you haven't defined validPassword method. Attach it to your schema:

    var authSchema = mongoose.Schema({ 
    username: 'string',
    password: 'string'
});
authSchema.methods.validPassword = function( pwd ) {
    // EXAMPLE CODE!
    return ( this.password === pwd );
};

    EDIT You've also incorrectly defined the schema. It should be:

    var authSchema = mongoose.Schema({ 
    username: String,
    password: String
});

    Note that both username and password should be String type objects, not strings "string", if you know what I mean. :)

    0 讨论(0)
  • 别那么骄傲
    2021-02-02 15:44

    Also being a noob at this, it took me a whole day to figure this one out. I used the history from another one of Jared's example apps and some crypto advice from folks on here.

    First off I made a method that generates a salt (a big random number which is stringified), uses the salt and the user's password to create a hash (with the help of the nodejs 'crypto' module), and finally stores both the salt and the hash every time before mongoose saves a new account.

    //make hash
userSchema.pre('save', function(next) {
    var user = this;
    if(!user.isModified('password')) return next();
    var rand = (Math.floor(Math.random() * 1000000000)).toString(36);
    var hash = crypto.createHash('md5').update(user.password + rand).digest("hex");
    user.password = hash;
    user.salt = rand;
    next();
});

    For the verification I simply take the inputted password (at login) and attempt the make the same hash again using the salt. I then compare the stored hash to the new one and return true or false accordingly.

     // Password verification
    userSchema.methods.validPassword = function(password) {
      var testhash = crypto.createHash('md5').update(password + this.salt).digest("hex");
      if(testhash === this.password) {
        return true;
      } else {
        return false;
      }
    }
    0 讨论(0)
 看不清?
提交回复
热议问题