Question

我正在尝试在后端使用b crypt来比较加密的密码，并且我一直收到无效的密码，即使如此，仍然允许我在这里输入后端的代码...

router.post('/login', function (req, res) {
const {
userName = req.body.userName,
password = req.body.password,
} = req.query;

connection.query(
SELECT_USER_QUERY + ' WHERE username = ? ',
[userName],
function (error, results, fields) {
  if (error) throw error;
  else {
    if (results.length > 0) {
      bcrypt.compare(password, results[0].password, function (err, result) {
        if (result) {
          return res.send({ message: 'Login Successful' });
        } else {
          return res.status(400).send({ message: 'Invalid Password' });
        }
      });
    } else {
      return res.status(400).send({ message: 'Invalid userName' });
    }
  }
}
);
});

我的查询看起来像这样...

const SELECT_USER_QUERY = 'SELECT id, firstName, lastName, userName,' +
' password, email FROM users';

这就是我所说的...

handleLogIn = () => {
const { userName } = this.state.user;
const { users } = this.state;

postFetch(`/users/login`, {
  id: users.find((user) => user.userName === userName).id,
  firstName: users.find((user) => user.userName === userName)
    .firstName,
  lastName: users.find((user) => user.userName === userName).lastName,
  userName: users.find((user) => user.userName === userName).userName,
  password: users.find((user) => user.userName === userName).password,
  email: users.find((user) => user.userName === userName).email
})
  .then(
    this.setState({
      user: {
        ...this.state.user,
        id: users.find((user) => user.userName === userName).id,
        firstName: users.find((user) => user.userName === userName)
          .firstName,
        lastName: users.find((user) => user.userName === userName).lastName,
        userName: users.find((user) => user.userName === userName).userName,
        password: users.find((user) => user.userName === userName).password,
        email: users.find((user) => user.userName === userName).email,
      },
    }),
    this.getPreference(users.find((user) => user.userName === userName).id),
    this.getReadings(users.find((user) => user.userName === userName).id)
  )
  .catch((err) => console.log(err));
};

我用b隐窝在添加路由中哈希了加盐的密码，但我尝试添加它，但它不会让我请任何帮助将不胜感激

Answer 1

我相信问题在于您正在解构userName和password变量。您目前有这个：

const {
userName = req.body.userName,
password = req.body.password,
} = req.query;

这有点混杂。您应该像这样分别分配变量：

const userName = req.body.userName;
const password = req.body.password;

或者destructuring这样：

const {
    userName,
    password
} = req.query;

您没有指定正在使用的后端类型，但是从第一行的router.post开始，我假设您正在接收帖子。在这种情况下，我希望用户名和密码位于req.post中。但是，当我try your original code in jsfiddle时，我从req.query获得了值。

您提到在浏览器控制台中看到400，并且我看到您的服务器代码在用户名或密码无效时返回400响应。因此，我认为问题在于您的服务器代码无法正确地破坏请求，userName和password变量为空，因此验证失败。

所以正确的代码应该是：

const userName = req.body.userName;
const password = req.body.password;

或者：

const {
    userName,
    password
} = req.body;

如何解决错误的请求

1 个答案: