在不更改密码的情况下更新后端数据库
make an update to backend database without changing password
我有一个应用程序,用户可以在其中跟踪餐车。在用户仪表板上,用户可以更新他们的位置。确认位置更新后,客户端向后端发送 .put 请求。问题是 .put 请求正在更新用户帐户对象的每个值(即 ID、用户名、电子邮件、密码和位置)。
在允许用户更改其位置的输入中,唯一修改的值是位置。但是,我认为还有一个更改密码的错误。密码存储为哈希值。因此,当发出放置请求时,我认为位置更新 onClick 正在传递用户密码的哈希值,然后更改数据库中的密码。当我尝试使用刚刚更改了位置的用户登录时,我收到一条错误消息,提示凭据无效。我该如何解决这个问题?:
这是有问题的操作:
// edit location for diners
export const editLocation = (changes, id) => dispatch => {
dispatch({ type: EDIT_LOCATION_START })
axiosWithAuth()
.put(`https://foodtrucktrackr.herokuapp.com/api/diner/${id}`, changes)
.then(res => {
console.log(res);
dispatch({ type: EDIT_LOCATION_SUCCESS, payload: res.data })
})
}
DinerDash.js(仅压缩到相关行):
const DinerDash = props => {
const [locationEditMode, setLocationEditMode] = useState(false);
const [updatedAccount, setUpdatedAccount] = useState({
id: props.id,
username: props.username,
email: props.email,
password: props.password,
location: ''
})
const changeLocation = e => {
console.log(updatedAccount);
e.preventDefault();
props.editLocation(updatedAccount, props.id);
setLocationEditMode(false);
}
const handleLocationChange = e => {
setUpdatedAccount({
...updatedAccount,
location: e.target.value
})
}
return (
<div>
<h1>This is the diner Dashboard component</h1>
<h2>Welcome, {accountInfo.username}</h2>
<p>
Find trucks near: {props.location}
<ArrowDropDownCircleIcon
className="location-edit-icon"
onClick={() => setLocationEditMode(!locationEditMode)}
/>
</p>
{locationEditMode && <div>
<input placeholder="Enter a new location" onChange={handleLocationChange}/>
<button onClick={changeLocation}>Done</button>
</div>}
<br />
<button onClick={logout}>Logout</button>
</div>
)
}
const mapStateToProps = state => {
return {
id: state.account.id,
username: state.account.username,
email: state.account.email,
password: state.account.password,
location: state.account.location
}
}
来自减速器的代码:
case EDIT_LOCATION_START:
return {
...state,
isLoading: true
}
case EDIT_LOCATION_SUCCESS:
return {
...state,
isLoading: false,
account: {
id: action.payload.id,
username: action.payload.username,
email: action.payload.email,
password: action.payload.password,
location: action.payload.location
}
来自后端的代码:
// how diners edit account
router.put('/:id', (req, res) => {
const { id } = req.params;
let updatedDiner = req.body;
updatedDiner.id = id;
const hash = bcrypt.hashSync(updatedDiner.password, 8);
updatedDiner.password = hash;
diners.editDiner(updatedDiner, id)
.then(updated => {
res.status(200).json(updated);
})
.catch(err => {
console.log(err);
res.status(500).json({ errorMessage: 'An error occured while updating account' });
})
})
尝试发送一个空密码,当密码没有变化时,保留一个单独的密码变量而不是默认密码密钥,在后端检查它是否不为空然后继续。
后端:
router.put('/:id', (req, res) => {
const { id } = req.params;
let updatedDiner = req.body;
updatedDiner.id = id;
if (updatedDiner.password){
const hash = bcrypt.hashSync(updatedDiner.password, 8);
updatedDiner.password = hash;
}
else
{
delete updatedDiner.password
}
diners.editDiner(updatedDiner, id)
.then(updated => {
res.status(200).json(updated);
})
.catch(err => {
console.log(err);
res.status(500).json({ errorMessage: 'An error occured while updating account' });
})
})
我有一个应用程序,用户可以在其中跟踪餐车。在用户仪表板上,用户可以更新他们的位置。确认位置更新后,客户端向后端发送 .put 请求。问题是 .put 请求正在更新用户帐户对象的每个值(即 ID、用户名、电子邮件、密码和位置)。
在允许用户更改其位置的输入中,唯一修改的值是位置。但是,我认为还有一个更改密码的错误。密码存储为哈希值。因此,当发出放置请求时,我认为位置更新 onClick 正在传递用户密码的哈希值,然后更改数据库中的密码。当我尝试使用刚刚更改了位置的用户登录时,我收到一条错误消息,提示凭据无效。我该如何解决这个问题?:
这是有问题的操作:
// edit location for diners
export const editLocation = (changes, id) => dispatch => {
dispatch({ type: EDIT_LOCATION_START })
axiosWithAuth()
.put(`https://foodtrucktrackr.herokuapp.com/api/diner/${id}`, changes)
.then(res => {
console.log(res);
dispatch({ type: EDIT_LOCATION_SUCCESS, payload: res.data })
})
}
DinerDash.js(仅压缩到相关行):
const DinerDash = props => {
const [locationEditMode, setLocationEditMode] = useState(false);
const [updatedAccount, setUpdatedAccount] = useState({
id: props.id,
username: props.username,
email: props.email,
password: props.password,
location: ''
})
const changeLocation = e => {
console.log(updatedAccount);
e.preventDefault();
props.editLocation(updatedAccount, props.id);
setLocationEditMode(false);
}
const handleLocationChange = e => {
setUpdatedAccount({
...updatedAccount,
location: e.target.value
})
}
return (
<div>
<h1>This is the diner Dashboard component</h1>
<h2>Welcome, {accountInfo.username}</h2>
<p>
Find trucks near: {props.location}
<ArrowDropDownCircleIcon
className="location-edit-icon"
onClick={() => setLocationEditMode(!locationEditMode)}
/>
</p>
{locationEditMode && <div>
<input placeholder="Enter a new location" onChange={handleLocationChange}/>
<button onClick={changeLocation}>Done</button>
</div>}
<br />
<button onClick={logout}>Logout</button>
</div>
)
}
const mapStateToProps = state => {
return {
id: state.account.id,
username: state.account.username,
email: state.account.email,
password: state.account.password,
location: state.account.location
}
}
来自减速器的代码:
case EDIT_LOCATION_START:
return {
...state,
isLoading: true
}
case EDIT_LOCATION_SUCCESS:
return {
...state,
isLoading: false,
account: {
id: action.payload.id,
username: action.payload.username,
email: action.payload.email,
password: action.payload.password,
location: action.payload.location
}
来自后端的代码:
// how diners edit account
router.put('/:id', (req, res) => {
const { id } = req.params;
let updatedDiner = req.body;
updatedDiner.id = id;
const hash = bcrypt.hashSync(updatedDiner.password, 8);
updatedDiner.password = hash;
diners.editDiner(updatedDiner, id)
.then(updated => {
res.status(200).json(updated);
})
.catch(err => {
console.log(err);
res.status(500).json({ errorMessage: 'An error occured while updating account' });
})
})
尝试发送一个空密码,当密码没有变化时,保留一个单独的密码变量而不是默认密码密钥,在后端检查它是否不为空然后继续。
后端:
router.put('/:id', (req, res) => {
const { id } = req.params;
let updatedDiner = req.body;
updatedDiner.id = id;
if (updatedDiner.password){
const hash = bcrypt.hashSync(updatedDiner.password, 8);
updatedDiner.password = hash;
}
else
{
delete updatedDiner.password
}
diners.editDiner(updatedDiner, id)
.then(updated => {
res.status(200).json(updated);
})
.catch(err => {
console.log(err);
res.status(500).json({ errorMessage: 'An error occured while updating account' });
})
})