为什么我的密码没有经过哈希处理?
Why are my passwords not being hashed?
使用下面的代码,我可以成功添加一个新用户。但是,当我查看数据库中的用户时,密码是明文形式的。显然我做错了什么。
在let newUser = new User的部分,密码是从请求体传入的。如果没有错误,bcrypt 应该对密码进行散列并将 newUser.password 设置为散列值,对吗?
//ADD USER Submit POST Route
router.post('/register',
[
check('name').isLength({min:1}).trim().withMessage('Name
required'),
check('email').isLength({min:1}).trim().withMessage('Email
required'),
check('email').isEmail().trim().withMessage('Email is not valid'),
check('password').isLength({min:1}).withMessage('Password
required'),
check('password').custom((value,{req, loc, path}) => {
if (value !== req.body.password2) {
// throw error if passwords do not match
throw new Error("Passwords do not match");
} else {
return value;
}
})
],
(req,res,next)=>{
let newUser = new User({
name:req.body.name,
email:req.body.email,
username:req.body.username,
password: req.body.password
});
const errors = validationResult(req);
if (!errors.isEmpty()) {
console.log(errors);
res.render('register',
{
newUser:newUser,
errors: errors.mapped()
});
}
else{
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(newUser.password, salt, function(err, hash) {
if(err) {
console.log(err);
}
newUser.name = req.body.name;
newUser.email = req.body.email;
newUser.username = req.body.username;
newUser.password = hash;
})
})
newUser.save(err=>{
if(err)throw err;
req.flash('success','You are now registered and can log in');
res.redirect('/users/login');
});
}
});
如有任何建议,我们将不胜感激。谢谢!
将您 newUser.save 移到 bcrypt.hash 回调中。 save 首先被命中,并且在 bcrypt 完成并运行回调之前在数据库中创建了一个用户。
同样在 bcrypt.hash 的回调中,您不需要再次执行以下操作:
newUser.name = req.body.name;
newUser.email = req.body.email;
newUser.username = req.body.username;
尝试以下操作:
(req,res,next)=>{
let newUser = new User({
name:req.body.name,
email:req.body.email,
username:req.body.username,
password: req.body.password
});
const errors = validationResult(req);
if (!errors.isEmpty()) {
console.log(errors);
res.render('register',
{
newUser:newUser,
errors: errors.mapped()
});
}
else{
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(newUser.password, salt, function(err, hash) {
if(err) {
console.log(err);
}
newUser.password = hash;
newUser.save(err=>{
if(err)throw err;
req.flash('success','You are now registered and can log in');
res.redirect('/users/login');
});
})
})
}
使用下面的代码,我可以成功添加一个新用户。但是,当我查看数据库中的用户时,密码是明文形式的。显然我做错了什么。
在let newUser = new User的部分,密码是从请求体传入的。如果没有错误,bcrypt 应该对密码进行散列并将 newUser.password 设置为散列值,对吗?
//ADD USER Submit POST Route
router.post('/register',
[
check('name').isLength({min:1}).trim().withMessage('Name
required'),
check('email').isLength({min:1}).trim().withMessage('Email
required'),
check('email').isEmail().trim().withMessage('Email is not valid'),
check('password').isLength({min:1}).withMessage('Password
required'),
check('password').custom((value,{req, loc, path}) => {
if (value !== req.body.password2) {
// throw error if passwords do not match
throw new Error("Passwords do not match");
} else {
return value;
}
})
],
(req,res,next)=>{
let newUser = new User({
name:req.body.name,
email:req.body.email,
username:req.body.username,
password: req.body.password
});
const errors = validationResult(req);
if (!errors.isEmpty()) {
console.log(errors);
res.render('register',
{
newUser:newUser,
errors: errors.mapped()
});
}
else{
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(newUser.password, salt, function(err, hash) {
if(err) {
console.log(err);
}
newUser.name = req.body.name;
newUser.email = req.body.email;
newUser.username = req.body.username;
newUser.password = hash;
})
})
newUser.save(err=>{
if(err)throw err;
req.flash('success','You are now registered and can log in');
res.redirect('/users/login');
});
}
});
如有任何建议,我们将不胜感激。谢谢!
将您 newUser.save 移到 bcrypt.hash 回调中。 save 首先被命中,并且在 bcrypt 完成并运行回调之前在数据库中创建了一个用户。
同样在 bcrypt.hash 的回调中,您不需要再次执行以下操作:
newUser.name = req.body.name;
newUser.email = req.body.email;
newUser.username = req.body.username;
尝试以下操作:
(req,res,next)=>{
let newUser = new User({
name:req.body.name,
email:req.body.email,
username:req.body.username,
password: req.body.password
});
const errors = validationResult(req);
if (!errors.isEmpty()) {
console.log(errors);
res.render('register',
{
newUser:newUser,
errors: errors.mapped()
});
}
else{
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(newUser.password, salt, function(err, hash) {
if(err) {
console.log(err);
}
newUser.password = hash;
newUser.save(err=>{
if(err)throw err;
req.flash('success','You are now registered and can log in');
res.redirect('/users/login');
});
})
})
}