我在我的应用中使用JWT和Passport进行身份验证,但我不知道如何更改密码。
这是我的登录功能:
function login(req, res, next) {
const userObj = {
email: req.body.email,
userType: req.body.userType
};
UserSchema.findOneAsync(userObj, '+password')
.then((user) => {
if (!user) {
const err = new APIError('User not found with the given email id', httpStatus.NOT_FOUND);
return next(err);
} else {
user.comparePassword(req.body.password, (passwordError, isMatch) => {
if (passwordError || !isMatch) {
const err = new APIError('Incorrect password', httpStatus.UNAUTHORIZED);
return next(err);
}
user.loginStatus = true;
user.gpsLoc = [19.02172902354515, 72.85368273308545];
const token = jwt.sign(user, config.jwtSecret);
UserSchema.findOneAndUpdateAsync({ _id: user._id }, { $set: user }, { new: true })
.then((updatedUser) => {
const returnObj = {
success: true,
message: 'user successfully logged in',
data: {
jwtAccessToken: `JWT ${token}`,
user: updatedUser
}
};
res.json(returnObj);
})
.error((err123) => {
const err = new APIError(`error in updating user details while login ${err123}`, httpStatus.INTERNAL_SERVER_ERROR);
next(err);
});
});
}
})
.error((e) => {
const err = new APIError(`erro while finding user ${e}`, httpStatus.INTERNAL_SERVER_ERROR);
next(err);
});
}
我的用户数据库是这样的。
import Promise from 'bluebird';
import mongoose from 'mongoose';
import httpStatus from 'http-status';
import APIError from '../helpers/APIError';
import bcrypt from 'bcrypt';
const UserSchema = new mongoose.Schema({
fname: { type: String, default: null },
lname: { type: String, default: null },
email: { type: String, required: true, unique: true },
password: { type: String, required: true, select: false },
});
UserSchema.pre('save', function userSchemaPre(next) {
const user = this;
if (this.isModified('password') || this.isNew) {
bcrypt.genSalt(10, (err, salt) => {
if (err) {
return next(err);
}
bcrypt.hash(user.password, salt, (hashErr, hash) => {
if (hashErr) {
return next(hashErr);
}
user.password = hash;
next();
});
});
} else {
return next();
}
});
UserSchema.methods.comparePassword = function comparePassword(pw, cb) {
const that = this;
bcrypt.compare(pw, that.password, (err, isMatch) => {
if (err) {
return cb(err);
}
cb(null, isMatch);
});
};
我已经为重置密码设置了另一个功能,匹配已检查的旧密码有效,如登录功能,现在我想在DB中更新新的护照。我该怎么做?
非常感谢
答案 0 :(得分:1)
我不确定你在这里寻找什么,但是changePassword函数只是UserSchema上的一个简单更新。这是一个示例:
function changePassword(req, res, next) {
// Init Variables
var passwordDetails = req.body;
if (req.user) {
if (passwordDetails.newPassword) {
UserSchema.findById(req.user.id, function (err, user) {
if (!err && user) {
if (user.authenticate(passwordDetails.currentPassword)) {
if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
user.password = passwordDetails.newPassword;
user.save(function (err) {
if (err) {
return res.status(422).send({
message: errorHandler.getErrorMessage(err)
});
} else {
req.login(user, function (err) {
if (err) {
res.status(400).send(err);
} else {
res.send({
message: 'Password changed successfully'
});
}
});
}
});
} else {
res.status(422).send({
message: 'Passwords do not match'
});
}
} else {
res.status(422).send({
message: 'Current password is incorrect'
});
}
} else {
res.status(400).send({
message: 'User is not found'
});
}
});
} else {
res.status(422).send({
message: 'Please provide a new password'
});
}
} else {
res.status(401).send({
message: 'User is not signed in'
});
}
};
希望这有帮助!
答案 1 :(得分:1)
您不必在模式中编写任何方法。您可以将ChangePassword函数直接用于这样的模式
user.changePassword(req.body.oldpassword, req.body.newpassword, function(err)
{