电脑我帮您(www.dn580.com)

    最新消息: 电脑我帮您提供丰富的电脑知识,编程学习,软件下载,win7系统下载。
    你的位置: 首页 > IT培训 > 仅在NodeJS和ExpressJS中满足条件后才更新密码

    仅在NodeJS和ExpressJS中满足条件后才更新密码

    IT培训 admin 6浏览 0评论

    仅在NodeJS和ExpressJS中满足条件后才更新密码

    我正在尝试创建一个组件,在该组件中,我向用户请求其当前密码和两个需要匹配以更改其密码的iinput。

    到目前为止,我按照以下步骤创建了路线:

    // @route       POST api/profiles/edit-password
// @description Update user password
// @access      Private
// @task        ALMOST DONE - NEEDS TO AVOID PASSWORD UPDATING IF NULL
router.post(
  '/edit-password',
  [
    auth,
    [
      check('old_password', 'Old Password is required')
        .not()
        .isEmpty(),
      check('old_password', 'Old Password does not match')
        .exists(),
      check('password', 'New Password is required')
        .not()
        .isEmpty(),
      check('new_password', 'Confirm Password is required')
        .not()
        .isEmpty()
    ]
  ],
  async (req, res) => {
    const errors = validationResult(req);
    // Check for errors
    if (!errors.isEmpty()) {
      return res.status(400).json({ errors: errors.array() });
    }

    // Destructure
    const {
      old_password,
      password,
      new_password,
    } = req.body;

    // Build profile object
    const profileFields = {};
    profileFields.user = req.user.id;
    if (password === new_password) {
      // Encrypt Password
      passwordEncrypt = password;
      const salt = await bcrypt.genSalt(10);
      profileFields.password = await bcrypt.hash(passwordEncrypt, salt);
    }

    try {

      let formOldPassword = old_password; // req.body.old_password can be used as well.
      let loggedPassword = await User.findById(req.user.id).select('password');

      // Old password input with password stored in DB
      const isMatch = await bcryptpare(formOldPassword, loggedPassword);

      console.log(isMatch ? 'yes' : 'no');

      // In case old password input does not match with password stored in DB, prevent from updating password
      if (!isMatch) {
        return res
          .status(400)
          .json({ errors: [{ msg: 'Invalid credentials' }] });
      }

      let profile = await User.findByIdAndUpdate(req.user.id, profileFields, { new: true });

      return res.json(profile);


    } catch (err) {
      console.error(err.message);
      res.status(500).send('Server error');
    }
  }
);

    我从功能组件中具有的形式传递三个输入,这些输入是:

    • 旧密码
    • 密码
    • new_password

    之后,我将建立一个空对象,该对象将用于更新与用户请求它的用户相对应的值。之后,我要确定一个条件,如果new_password和Confirm_password都匹配,则应该使用哈希对密码进行加密(此处是我假设引起错误的地方;可能是错误的):

    if (password === new_password) {
      // Encrypt Password
      passwordEncrypt = password;
      const salt = await bcrypt.genSalt(10);
      profileFields.password = await bcrypt.hash(passwordEncrypt, salt);
    }

    然后,我移动到数据库以获取与登录用户相对应的密码,并将其存储的密码与从表单提交的数据进行比较:

    let formOldPassword = old_password; // req.body.old_password can be used as well.
let loggedPassword = await User.findById(req.user.id).select('password');

// Old password input with password stored in DB
const isMatch = await bcryptpare(formOldPassword, loggedPassword);

    现在两个输入必须匹配,但如果不匹配,则返回400 http错误。如果到目前为止一切都成功,请更新已登录的用户数据。

    // In case old password input does not match with password stored in DB, prevent from updating password
if (!isMatch) {
  return res
    .status(400)
    .json({ errors: [{ msg: 'Invalid credentials' }] });
}

let profile = await User.findByIdAndUpdate(req.user.id, profileFields, { new: true });

return res.json(profile);

    我在控制台中得到的意外(错误)输出是这个:

    Illegal arguments: string, object

    关于解决此问题的任何想法?

    回答如下:

    我想问题是您要尝试

    bcryptpare(formOldPassword, loggedPassword);

formOldPassword = req.body.old_password ----> String

loggedPassword = await User.findById(req.user.id).select('password') ---> Hash

    仅在NodeJS和ExpressJS中满足条件后才更新密码

    我正在尝试创建一个组件,在该组件中,我向用户请求其当前密码和两个需要匹配以更改其密码的iinput。

    到目前为止,我按照以下步骤创建了路线:

    // @route       POST api/profiles/edit-password
// @description Update user password
// @access      Private
// @task        ALMOST DONE - NEEDS TO AVOID PASSWORD UPDATING IF NULL
router.post(
  '/edit-password',
  [
    auth,
    [
      check('old_password', 'Old Password is required')
        .not()
        .isEmpty(),
      check('old_password', 'Old Password does not match')
        .exists(),
      check('password', 'New Password is required')
        .not()
        .isEmpty(),
      check('new_password', 'Confirm Password is required')
        .not()
        .isEmpty()
    ]
  ],
  async (req, res) => {
    const errors = validationResult(req);
    // Check for errors
    if (!errors.isEmpty()) {
      return res.status(400).json({ errors: errors.array() });
    }

    // Destructure
    const {
      old_password,
      password,
      new_password,
    } = req.body;

    // Build profile object
    const profileFields = {};
    profileFields.user = req.user.id;
    if (password === new_password) {
      // Encrypt Password
      passwordEncrypt = password;
      const salt = await bcrypt.genSalt(10);
      profileFields.password = await bcrypt.hash(passwordEncrypt, salt);
    }

    try {

      let formOldPassword = old_password; // req.body.old_password can be used as well.
      let loggedPassword = await User.findById(req.user.id).select('password');

      // Old password input with password stored in DB
      const isMatch = await bcryptpare(formOldPassword, loggedPassword);

      console.log(isMatch ? 'yes' : 'no');

      // In case old password input does not match with password stored in DB, prevent from updating password
      if (!isMatch) {
        return res
          .status(400)
          .json({ errors: [{ msg: 'Invalid credentials' }] });
      }

      let profile = await User.findByIdAndUpdate(req.user.id, profileFields, { new: true });

      return res.json(profile);


    } catch (err) {
      console.error(err.message);
      res.status(500).send('Server error');
    }
  }
);

    我从功能组件中具有的形式传递三个输入,这些输入是:

    • 旧密码
    • 密码
    • new_password

    之后,我将建立一个空对象,该对象将用于更新与用户请求它的用户相对应的值。之后,我要确定一个条件,如果new_password和Confirm_password都匹配,则应该使用哈希对密码进行加密(此处是我假设引起错误的地方;可能是错误的):

    if (password === new_password) {
      // Encrypt Password
      passwordEncrypt = password;
      const salt = await bcrypt.genSalt(10);
      profileFields.password = await bcrypt.hash(passwordEncrypt, salt);
    }

    然后,我移动到数据库以获取与登录用户相对应的密码,并将其存储的密码与从表单提交的数据进行比较:

    let formOldPassword = old_password; // req.body.old_password can be used as well.
let loggedPassword = await User.findById(req.user.id).select('password');

// Old password input with password stored in DB
const isMatch = await bcryptpare(formOldPassword, loggedPassword);

    现在两个输入必须匹配,但如果不匹配,则返回400 http错误。如果到目前为止一切都成功,请更新已登录的用户数据。

    // In case old password input does not match with password stored in DB, prevent from updating password
if (!isMatch) {
  return res
    .status(400)
    .json({ errors: [{ msg: 'Invalid credentials' }] });
}

let profile = await User.findByIdAndUpdate(req.user.id, profileFields, { new: true });

return res.json(profile);

    我在控制台中得到的意外(错误)输出是这个:

    Illegal arguments: string, object

    关于解决此问题的任何想法?

    回答如下:

    我想问题是您要尝试

    bcryptpare(formOldPassword, loggedPassword);

formOldPassword = req.body.old_password ----> String

loggedPassword = await User.findById(req.user.id).select('password') ---> Hash

    与本文相关的文章

    发布评论

    评论列表 (0)

    1. 暂无评论