如何检查用户密码是否与在oldPassword输入中输入的用户相同?

时间:2019-06-29 13:52:50

标签: javascript express mongoose bcrypt

因此,我基本上希望检查用户的密码是否与用户在“ oldPassword”输入字段中键入的密码相同。我遇到的问题是我应该如何检查,显然导致我必须哈希用户输入到“ oldPassword”输入中的内容。我该怎么做,还请检查我的ejs文件和您的想法?我在那里也获得了新密码,这是供用户通过一种方式将其旧密码更改为新密码* 

exports.postChangedPassword = async (req, res) => {
            const {
                oldPassword,
                newPassword,
                confirmNewPassword
            } = req.body;

            try {
                const userId = await req.params.userId;
                const user = await User.findById(userId)

                const oldHashedPassword = await bcrypt.hash(oldPassword, 10);

                if (user.password === oldHashedPassword && newPassword === confirmNewPassword) {
                    const hashedPassword = await bcrypt.hash(newPassword, 10);
                    user.password = hashedPassword;
                    user.save();
                    console.log(user);
                    res.render("admin/settings/appliedSettings/changed-password", {
                        pageTitle: "Succesfully Changed Password",
                        path: "/settings/changed-password",
                        user: user
                    })
                }
            } catch (error) {
                console.log(error);
                req.flash("error", "Password do not match!");
                res.redirect("/settings/password");

            }
        }

model.js 

const mongoose = require("mongoose"),
    Schema = mongoose.Schema,
    bcrypt = require("bcryptjs");




const postSchema = new Schema({
    title: String,
    description: String,
    context: String,
    author: {
        type: Schema.Types.ObjectId,
    }
});


const userSchema = new Schema({
    name: {
        type: String,
        required: true
    },

    email: {
        type: String,
        required: true,
    },

    password: {
        type: String,
        required: true
    },

    posts: [postSchema]
});


userSchema.pre("save", async function save(next) {
    const user = this;
    if (!user.isModified("password")) return next();
    const hashedPassword = await bcrypt.hash(user.password, 10);
    user.password = hashedPassword;
    next();
});


const Post = mongoose.model("Post", postSchema);
const User = mongoose.model("User", userSchema);

module.exports = {
    User,
    Post
}

change-password.ejs 

    <% if (errorMessage) { %>
        <div class="user-message-error"> <%= errorMessage %> </div>
        <% } %>
    <form class="change-password" action="/settings/changed-password/<%=user._id%>" method="POST">
        <label for="password">Old Password</label>
        <input type="password" name="oldPassword" placeholder="Enter Your Old Password ..." required>
        <label for="password">Your New Password</label>
        <input type="password" name="newPassword" placeholder="Enter Your New Password ..." required>
        <label for="password">Confirm Your New Password</label>
        <input type="password" name="confirmNewPassword" placeholder="Confirm Your Password ..." required>
        <input type="hidden" name="_csrf" value="<%= csrfToken %>">
        <button type="submit">
            Submit Password
        </button>
    </form>

管理路线

router.post("/settings/changed-password/:userId", adminController.postChangedPassword);

1 个答案:

答案 0 :(得分:0)

要检查密码是否更改,只需对新密码进行哈希处理,然后将哈希值与旧密码进行比较:

const oldHashedPassword = await bcrypt.hash(oldPassword, 10);
const newHashedPassword = await bcrypt.hash(newPassword, 10);
if (
    user.password === oldHashedPassword &&
    newPassword === confirmNewPassword &&
    oldHashedPassword !== newHashedPassword
) {
  user.password = newHashedPassword;
  user.save();
  console.log(user);
  res.render("admin/settings/appliedSettings/changed-password", {
    pageTitle: "Succesfully Changed Password",
    path: "/settings/changed-password",
    user: user
  })
}

您是否检查user.passwordoldHashedPassword都没关系,因为您确定它们在第一个条件下是同一件事

相关问题
最新问题