在 Express 中验证使用 bcrypt 加密的密码
verifying a password encrypted with bcrypt in Express
我有一个验证密码登录的代码,但是当它与错误的密码进行比较时,即使它是正确的,有人能帮我吗
login(req, res) {
const { email, pass } = req.body;
if (!email || !pass) {
return res.status(400).json('incorrect form submission');
}
console.log("email retrieved from req: ", email);
console.log("length of email retrieved from req: ", email.length);
database.select('*').table('login')
.where({ email: email }).then(data => {
const isValid = bcrypt.hashSync(pass, saltRounds);
console.log("oiii") // Console.log esta entrando no IF que não vai
if (data.senha === isValid) {
return database.select('*').from('login')
.where({ email: email })
.then(user => {
res.json(user)
})
.catch(err => res.status(400).json('unable to get user'))
} else {
res.status(400).json('Senha Errada2')
}
})
.catch(err => res.status(400).json('Senha Errada1'))
}
我应该使用bcrypt.compare来比较数据库中的加密密码。
// Load hash from your password DB.
bcrypt.compare(myPlaintextPassword, hash, function(err, result) {
// result == true
});
bcrypt.compare(someOtherPlaintextPassword, hash, function(err, result) {
// result == false
});
我有一个验证密码登录的代码,但是当它与错误的密码进行比较时,即使它是正确的,有人能帮我吗
login(req, res) {
const { email, pass } = req.body;
if (!email || !pass) {
return res.status(400).json('incorrect form submission');
}
console.log("email retrieved from req: ", email);
console.log("length of email retrieved from req: ", email.length);
database.select('*').table('login')
.where({ email: email }).then(data => {
const isValid = bcrypt.hashSync(pass, saltRounds);
console.log("oiii") // Console.log esta entrando no IF que não vai
if (data.senha === isValid) {
return database.select('*').from('login')
.where({ email: email })
.then(user => {
res.json(user)
})
.catch(err => res.status(400).json('unable to get user'))
} else {
res.status(400).json('Senha Errada2')
}
})
.catch(err => res.status(400).json('Senha Errada1'))
}
我应该使用bcrypt.compare来比较数据库中的加密密码。
// Load hash from your password DB.
bcrypt.compare(myPlaintextPassword, hash, function(err, result) {
// result == true
});
bcrypt.compare(someOtherPlaintextPassword, hash, function(err, result) {
// result == false
});