我有一个使用passport.js本地登录并注册的应用程序。它工作正常,但我有服务器端密码验证的问题。 passport.js文件在保存用户之前生成密码哈希:
access via B: 20
access via A: 0
access via A*: 0
access via B::A::x: 0
set x to 100
access via B: 20
access via A: 0
access via A*: 100
access via B::A::x: 100
我需要将散列密码与验证器进行比较或计算其他内容。我正在使用bcrypt。我的user.js模型带有验证器:
passport.use("local-signup", new LocalStrategy({
usernameField: "email",
passwordField : "password",
passReqToCallback: true
},
function(req, email, password, done) {
process.nextTick(function() {
User.findOne({ "local.email" : email }, function(err, user) {
if(err) {
console.log(err);
}
if(user) {
return done(null, false, req.flash("signupMessage", "That email is already taken"));
} else {
var newUser = new User();
newUser.local.email = email;
newUser.local.password = newUser.generateHash(password);
newUser.personal.firstname = req.body.firstname;
newUser.personal.lastname = req.body.lastname;
newUser.save(function(err) {
if(err) {
if(err.errors["local.email"]) {
return done(null, false, req.flash("signupMessage", err.errors["local.email"].message));
} else if (err.errors["personal.firstname"]) {
return done(null, false, req.flash("signupMessage", err.errors["personal.firstname"].message));
} else if (err.errors["personal.lastname"]) {
return done(null, false, req.flash("signupMessage", err.errors["personal.lastname"].message));
} else if (err.errors["local.password"]) {
return done(null, false, req.flash("signupMessage", err.errors["local.password"].message));
}
}
return done(null, newUser);
});
}
});
});
}));