因此,我基本上希望检查用户的密码是否与用户在“ oldPassword”输入字段中键入的密码相同。我遇到的问题是我应该如何检查,显然导致我必须哈希用户输入到“ oldPassword”输入中的内容。我该怎么做,还请检查我的ejs文件和您的想法?我在那里也获得了新密码,这是供用户通过一种方式将其旧密码更改为新密码*
exports.postChangedPassword = async (req, res) => {
const {
oldPassword,
newPassword,
confirmNewPassword
} = req.body;
try {
const userId = await req.params.userId;
const user = await User.findById(userId)
const oldHashedPassword = await bcrypt.hash(oldPassword, 10);
if (user.password === oldHashedPassword && newPassword === confirmNewPassword) {
const hashedPassword = await bcrypt.hash(newPassword, 10);
user.password = hashedPassword;
user.save();
console.log(user);
res.render("admin/settings/appliedSettings/changed-password", {
pageTitle: "Succesfully Changed Password",
path: "/settings/changed-password",
user: user
})
}
} catch (error) {
console.log(error);
req.flash("error", "Password do not match!");
res.redirect("/settings/password");
}
}
model.js
const mongoose = require("mongoose"),
Schema = mongoose.Schema,
bcrypt = require("bcryptjs");
const postSchema = new Schema({
title: String,
description: String,
context: String,
author: {
type: Schema.Types.ObjectId,
}
});
const userSchema = new Schema({
name: {
type: String,
required: true
},
email: {
type: String,
required: true,
},
password: {
type: String,
required: true
},
posts: [postSchema]
});
userSchema.pre("save", async function save(next) {
const user = this;
if (!user.isModified("password")) return next();
const hashedPassword = await bcrypt.hash(user.password, 10);
user.password = hashedPassword;
next();
});
const Post = mongoose.model("Post", postSchema);
const User = mongoose.model("User", userSchema);
module.exports = {
User,
Post
}
change-password.ejs
<% if (errorMessage) { %>
<div class="user-message-error"> <%= errorMessage %> </div>
<% } %>
<form class="change-password" action="/settings/changed-password/<%=user._id%>" method="POST">
<label for="password">Old Password</label>
<input type="password" name="oldPassword" placeholder="Enter Your Old Password ..." required>
<label for="password">Your New Password</label>
<input type="password" name="newPassword" placeholder="Enter Your New Password ..." required>
<label for="password">Confirm Your New Password</label>
<input type="password" name="confirmNewPassword" placeholder="Confirm Your Password ..." required>
<input type="hidden" name="_csrf" value="<%= csrfToken %>">
<button type="submit">
Submit Password
</button>
</form>
管理路线
router.post("/settings/changed-password/:userId", adminController.postChangedPassword);
答案 0 :(得分:0)
要检查密码是否更改,只需对新密码进行哈希处理,然后将哈希值与旧密码进行比较:
const oldHashedPassword = await bcrypt.hash(oldPassword, 10);
const newHashedPassword = await bcrypt.hash(newPassword, 10);
if (
user.password === oldHashedPassword &&
newPassword === confirmNewPassword &&
oldHashedPassword !== newHashedPassword
) {
user.password = newHashedPassword;
user.save();
console.log(user);
res.render("admin/settings/appliedSettings/changed-password", {
pageTitle: "Succesfully Changed Password",
path: "/settings/changed-password",
user: user
})
}
您是否检查user.password或oldHashedPassword都没关系,因为您确定它们在第一个条件下是同一件事