1. 首页
  2. 问答
  3. 如何在注册时使用我的猫鼬护照js密码?

如何在注册时使用我的猫鼬护照js密码?

2017-02-11 42 views
0

我想弄清楚如何在用户注册时哈希密码。我正在使用猫鼬和护照js。是否有任何节点模块可用于散列密码,这些密码可以用我当前的代码轻松实现?这里是我的LocalStrategies:如何在注册时使用我的猫鼬护照js密码?

// Passport login LocalStrategy 
passport.use('login', new LocalStrategy({ 
    passReqToCallback : true 
}, function(req, username, password, done) { 
    // check in mongo if a user with username exists or not 
    User.findOne({ 'username' : username }, 
     function(err, user) { 
      // In case of any error, return using the done method 
      if (err) 
       return done(err); 
      // Username does not exist, log error & redirect back 
      if (!user){ 
       console.log('User Not Found with username '+username); 
       return done(null, false, 
        req.flash('message', 'User Not found.')); 
      } 
      // User exists but wrong password, log the error 
      if (!user.validPassword(password)){ 
       console.log('Invalid Password'); 
       return done(null, false, 
        req.flash('message', 'Invalid Password')); 
      } 
      // User and password both match, return user from 
      // done method which will be treated like success 
      return done(null, user); 
     } 
    ); 
})); 

passport.use('signup', new LocalStrategy({ 
     passReqToCallback : true 
    }, 
    function(req, username, password, done) { 
     findOrCreateUser = function(){ 
      // find a user in Mongo with provided username 
      User.findOne({'username':username},function(err, user) { 
       // In case of any error return 
       if (err){ 
        console.log('Error in SignUp: '+err); 
        return done(err); 
       } 
       // already exists 
       if (user) { 
        console.log('User already exists'); 
        return done(null, false, 
         req.flash('message','User Already Exists')); 
       } else { 
        // if there is no user with that email 
        // create the user 
        var newUser = new User(); 
        // set the user's local credentials 
        newUser.username = username; 
        newUser.password = password; 
        newUser.email = req.param('email'); 
        // save the user 
        newUser.save(function(err) { 
         if (err){ 
          console.log('Error in Saving user: '+err); 
          throw err; 
         } 
         console.log('User Registration succesful'); 
         return done(null, newUser); 
        }); 
       } 
      }); 
     }; 
    process.nextTick(findOrCreateUser); 
}));

这里是我的用户模型:

var mongoose = require("mongoose"); 

var UserSchema = new mongoose.Schema({ 
    username: String, 
    email: String, 
    password: String, 
    friends: [this] 
}); 
UserSchema.methods.validPassword = function (pwd) { 
    return (this.password === pwd); 
} 

module.exports = mongoose.model("User", UserSchema);

当我检查我的蒙戈DBS不散列密码。我如何散列它们?非常感谢!

来源

2017-02-11 Russell C.

+0

的可能的复制(http://stackoverflow.com/questions/37668680/how-to-hash-password- [如何保存到数据库要与护照模块(护照本地)兼容之前哈希密码]之前节省转DB将要兼容,与护照模块) – matt

回答

4

您可以使用bcrypt-nodejs模块来散列密码。

在你用户模型

var mongoose = require("mongoose"); 
var bcrypt = require('bcrypt-nodejs'); // use const or import if you're using ES6 


// store this funciton in some helper file, instead of storing it in this User Model. 
var hash_password = function(password) { 
    let salt = bcrypt.genSaltSync(); // enter number of rounds, default: 10 
    let hash = bcrypt.hashSync(password, salt); 
    return hash; 
}, 


var UserSchema = new mongoose.Schema({ 
    username: String, 
    email: String, 
    password: String, 
    friends: [this] 
}); 

UserSchema.methods.comparePassword = function(password) { 
    if (! this.password) { return false; } 
    return bcrypt.compareSync(password, this.password); 
}; 

UserSchema.pre('save', function(next) { 
    // check if password is present and is modified. 
    if (this.password && this.isModified('password')) { 
     this.password = hash_password(this.password); 
    } 
    next(); 
}); 

module.exports = mongoose.model("User", UserSchema);

在你LocalStrategies

可以删除代码user.validPassword与下面的代码块。

... 
// User exists but wrong password, log the error 
// if (!user.validPassword(password)){ 
// console.log('Invalid Password'); 
//  return done(null, false, req.flash('message', 'Invalid Password')); 
// } 
// // User and password both match, return user from 
// // done method which will be treated like success 
// return done(null, user); 

if (user && user.comparePassword(password)) { 
    // user found, password is correct. do what you want to do 
    return done(null, user); 
} else { 
    // user not found or wrong password. 
    console.log('Invalid Password'); 
    return done(null, false, req.flash('message', 'Invalid Password')); 
} 
...

来源

2017-02-11 04:21:55

相关问题

 相关问题