Bcrypt 不再散列和加盐密码
Bcrypt not hashing and salting passwords anymore
在我当前应用程序的先前版本中,我有一个使用 bcrypt 的工作后端应用程序,它对我的密码进行加盐和哈希处理。在这个版本中,我现在使用的是具有相同路由和控制器的 1 对 1 副本。
一切正常,来自 post 请求的数据保存得很好,但没有散列密码。现在显示空白密码。
我在 windows 10、64 位上工作,我的版本中的两个版本都是 bcrypt,都是本地安装的 3.0.4。我与 mongoDB 和猫鼬一起工作。
我为 使用了最通用的代码版本。如前所述,这在我的旧版本中仍然有效。
有人知道发生了什么变化吗?
这里是代码:
//relevant parts of app.js
const express = require('express');
const path = require('path');
//const favicon = require('serve-favicon');
const logger = require('morgan');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const helmet = require('helmet');
const cors = require('cors');
// connection to mongoose
require('./app_api/models/db');
//route to routes
const users = require('./app_api/routes/users');
//routes (post request)
router
.route('/user/signup')
.post(AuthenticationControllerPolicy.signupPost, ctrlUsers.signupPost);
//fragment of the post controller
const signupPost = function (req, res) {
//Make sure this account already exists
Base.
findOne({
userName: req.body.userName
}, function (user, err) {
//Make sure user doesn 't already exist
if (err) {
return res.status(400).send({ msg: 'The email address you have entered is already associated with another account.' });
} else { //etc..
//Create and save the user
user = new Base({
password: req.body.password
});
user.save(function (err) {
// base model with hashing and salting code
const baseSchema = new mongoose.Schema({
password: { type: String, required: true }
}, options);
const Base = mongoose.model('Base', baseSchema);
// salting and hashing
// hashing and salting before saving
baseSchema.pre('save', function (next) {
let base = this;
// only hash the password if it has been modified (or is new)
if (!base.isModified('password')) return next();
//generate a salt
bcrypt.genSalt(SALT_WORK_FACTOR, function (err, salt) {
if (err) return next(err);
// hash the password using our new salt
bcrypt.hash(base.password, salt, function (err, hash) {
if (err) return next(err);
// override the cleartext password with the hashed one
base.password = hash;
next();
});
});
});
尝试这样的事情。确保 const Base = mongoose.model('Base', baseSchema); 在代码的末尾,因为它负责创建模型并且你已经声明它位于 pre 挂钩之前的顶部,它不会被创建,密码也不会被散列。
// On Save Hook, encrypt password
// Before saving a model, run this function
baseSchema.pre('save', function (next) {
//get access to the user model
const base= this;
// generate a salt then run callback
bcrypt.genSalt(SALT_WORK_FACTOR, function (err, salt) {
if (err) { return next(err); }
// hash (encrypt) our password using the sale
bcrypt.hash(base.password, salt, null, function (err, hash) {
if (err) { return next(err); }
//overwrite plain text password with encrypted password
base.password = hash;
next();
});
});
});
const Base = mongoose.model('Base', baseSchema);
在我当前应用程序的先前版本中,我有一个使用 bcrypt 的工作后端应用程序,它对我的密码进行加盐和哈希处理。在这个版本中,我现在使用的是具有相同路由和控制器的 1 对 1 副本。 一切正常,来自 post 请求的数据保存得很好,但没有散列密码。现在显示空白密码。
我在 windows 10、64 位上工作,我的版本中的两个版本都是 bcrypt,都是本地安装的 3.0.4。我与 mongoDB 和猫鼬一起工作。
我为
有人知道发生了什么变化吗?
这里是代码:
//relevant parts of app.js
const express = require('express');
const path = require('path');
//const favicon = require('serve-favicon');
const logger = require('morgan');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const helmet = require('helmet');
const cors = require('cors');
// connection to mongoose
require('./app_api/models/db');
//route to routes
const users = require('./app_api/routes/users');
//routes (post request)
router
.route('/user/signup')
.post(AuthenticationControllerPolicy.signupPost, ctrlUsers.signupPost);
//fragment of the post controller
const signupPost = function (req, res) {
//Make sure this account already exists
Base.
findOne({
userName: req.body.userName
}, function (user, err) {
//Make sure user doesn 't already exist
if (err) {
return res.status(400).send({ msg: 'The email address you have entered is already associated with another account.' });
} else { //etc..
//Create and save the user
user = new Base({
password: req.body.password
});
user.save(function (err) {
// base model with hashing and salting code
const baseSchema = new mongoose.Schema({
password: { type: String, required: true }
}, options);
const Base = mongoose.model('Base', baseSchema);
// salting and hashing
// hashing and salting before saving
baseSchema.pre('save', function (next) {
let base = this;
// only hash the password if it has been modified (or is new)
if (!base.isModified('password')) return next();
//generate a salt
bcrypt.genSalt(SALT_WORK_FACTOR, function (err, salt) {
if (err) return next(err);
// hash the password using our new salt
bcrypt.hash(base.password, salt, function (err, hash) {
if (err) return next(err);
// override the cleartext password with the hashed one
base.password = hash;
next();
});
});
});
尝试这样的事情。确保 const Base = mongoose.model('Base', baseSchema); 在代码的末尾,因为它负责创建模型并且你已经声明它位于 pre 挂钩之前的顶部,它不会被创建,密码也不会被散列。
// On Save Hook, encrypt password
// Before saving a model, run this function
baseSchema.pre('save', function (next) {
//get access to the user model
const base= this;
// generate a salt then run callback
bcrypt.genSalt(SALT_WORK_FACTOR, function (err, salt) {
if (err) { return next(err); }
// hash (encrypt) our password using the sale
bcrypt.hash(base.password, salt, null, function (err, hash) {
if (err) { return next(err); }
//overwrite plain text password with encrypted password
base.password = hash;
next();
});
});
});
const Base = mongoose.model('Base', baseSchema);