仅在NodeJS和ExpressJS中满足条件后才更新密码
我正在尝试创建一个组件,在该组件中,我向用户请求其当前密码和两个需要匹配以更改其密码的iinput。
到目前为止,我按照以下步骤创建了路线:
// @route POST api/profiles/edit-password
// @description Update user password
// @access Private
// @task ALMOST DONE - NEEDS TO AVOID PASSWORD UPDATING IF NULL
router.post(
'/edit-password',
[
auth,
[
check('old_password', 'Old Password is required')
.not()
.isEmpty(),
check('old_password', 'Old Password does not match')
.exists(),
check('password', 'New Password is required')
.not()
.isEmpty(),
check('new_password', 'Confirm Password is required')
.not()
.isEmpty()
]
],
async (req, res) => {
const errors = validationResult(req);
// Check for errors
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
// Destructure
const {
old_password,
password,
new_password,
} = req.body;
// Build profile object
const profileFields = {};
profileFields.user = req.user.id;
if (password === new_password) {
// Encrypt Password
passwordEncrypt = password;
const salt = await bcrypt.genSalt(10);
profileFields.password = await bcrypt.hash(passwordEncrypt, salt);
}
try {
let formOldPassword = old_password; // req.body.old_password can be used as well.
let loggedPassword = await User.findById(req.user.id).select('password');
// Old password input with password stored in DB
const isMatch = await bcryptpare(formOldPassword, loggedPassword);
console.log(isMatch ? 'yes' : 'no');
// In case old password input does not match with password stored in DB, prevent from updating password
if (!isMatch) {
return res
.status(400)
.json({ errors: [{ msg: 'Invalid credentials' }] });
}
let profile = await User.findByIdAndUpdate(req.user.id, profileFields, { new: true });
return res.json(profile);
} catch (err) {
console.error(err.message);
res.status(500).send('Server error');
}
}
);
我从功能组件中具有的形式传递三个输入,这些输入是:
- 旧密码
- 密码
- new_password
之后,我将建立一个空对象,该对象将用于更新与用户请求它的用户相对应的值。之后,我要确定一个条件,如果new_password和Confirm_password都匹配,则应该使用哈希对密码进行加密(此处是我假设引起错误的地方;可能是错误的):
if (password === new_password) {
// Encrypt Password
passwordEncrypt = password;
const salt = await bcrypt.genSalt(10);
profileFields.password = await bcrypt.hash(passwordEncrypt, salt);
}
然后,我移动到数据库以获取与登录用户相对应的密码,并将其存储的密码与从表单提交的数据进行比较:
let formOldPassword = old_password; // req.body.old_password can be used as well.
let loggedPassword = await User.findById(req.user.id).select('password');
// Old password input with password stored in DB
const isMatch = await bcryptpare(formOldPassword, loggedPassword);
现在两个输入必须匹配,但如果不匹配,则返回400 http错误。如果到目前为止一切都成功,请更新已登录的用户数据。
// In case old password input does not match with password stored in DB, prevent from updating password
if (!isMatch) {
return res
.status(400)
.json({ errors: [{ msg: 'Invalid credentials' }] });
}
let profile = await User.findByIdAndUpdate(req.user.id, profileFields, { new: true });
return res.json(profile);
我在控制台中得到的意外(错误)输出是这个:
Illegal arguments: string, object
关于解决此问题的任何想法?
回答如下:我想问题是您要尝试
bcryptpare(formOldPassword, loggedPassword);
formOldPassword = req.body.old_password ----> String
loggedPassword = await User.findById(req.user.id).select('password') ---> Hash