Bcrypt 比较总是在 NodeJS 中返回 TRUE
Bcrypt compare always returning TRUE in NodeJS
我正在制作自己的小 API,并且我已经将以下 POST 请求编码到我的 MongoDB 数据库:
api.post("/account/login", async (req, res) => {
const user = {
username: req.body.username,
password: req.body.password
};
const username = JSON.stringify(user.username);
const hashedPassword = await logincollection.find(user.username).toArray();
const hardCodedPassword = "b$q0iOBFTqqZ3vnp5oqDQUqejdS7UD/ayw4Q4qgi5hs1pfFI.xfipDS"
console.log(hashedPassword)
// Search for matching login credentials
logincollection.find(user, (err, result) => {
try {
if (bcrypt.compare(req.body.password, hardCodedPassword)) {
// Return credentials back to the client
const sendObject = {
username: result.username,
password: result.password
};
console.log(sendObject);
// Return code 200 (success) to the client
res.status(200).send(sendObject);
// Log to console when user logs in
console.log("User " + username + " logged in");
}
} catch(error) {
// If matching credentials were not found, return code 404 (wrong credentials) to the client
res.status(404).send()
}
})
})
我设置了一个有效的硬编码密码,纯粹是为了测试目的。处理此请求时,console.log(sendObject) 将未定义的结果打印到控制台并 bcrypt returns true,无论我输入什么密码。这里有什么问题?
正如@jonrsharpe 所说,bcrypt.compare returns 承诺不是价值。您必须使用回调函数 Promise.then() 或 async/await 来处理异步结果。
// Search for matching login credentials
logincollection.find(user, (err, result) => {
bcrypt.compare(req.body.password, hardCodedPassword)
.then(match => {
if (match) {
// Return credentials back to the client
const sendObject = {
username: result.username,
password: result.password
};
console.log(sendObject);
// Return code 200 (success) to the client
res.status(200).send(sendObject);
// Log to console when user logs in
console.log("User " + username + " logged in");
} else {
// If matching credentials were not found, return code 404 (wrong credentials) to the client
res.status(404).send()
}
})
.catch(error => {
res.status(500).send()
})
})
我正在制作自己的小 API,并且我已经将以下 POST 请求编码到我的 MongoDB 数据库:
api.post("/account/login", async (req, res) => {
const user = {
username: req.body.username,
password: req.body.password
};
const username = JSON.stringify(user.username);
const hashedPassword = await logincollection.find(user.username).toArray();
const hardCodedPassword = "b$q0iOBFTqqZ3vnp5oqDQUqejdS7UD/ayw4Q4qgi5hs1pfFI.xfipDS"
console.log(hashedPassword)
// Search for matching login credentials
logincollection.find(user, (err, result) => {
try {
if (bcrypt.compare(req.body.password, hardCodedPassword)) {
// Return credentials back to the client
const sendObject = {
username: result.username,
password: result.password
};
console.log(sendObject);
// Return code 200 (success) to the client
res.status(200).send(sendObject);
// Log to console when user logs in
console.log("User " + username + " logged in");
}
} catch(error) {
// If matching credentials were not found, return code 404 (wrong credentials) to the client
res.status(404).send()
}
})
})
我设置了一个有效的硬编码密码,纯粹是为了测试目的。处理此请求时,console.log(sendObject) 将未定义的结果打印到控制台并 bcrypt returns true,无论我输入什么密码。这里有什么问题?
正如@jonrsharpe 所说,bcrypt.compare returns 承诺不是价值。您必须使用回调函数 Promise.then() 或 async/await 来处理异步结果。
// Search for matching login credentials
logincollection.find(user, (err, result) => {
bcrypt.compare(req.body.password, hardCodedPassword)
.then(match => {
if (match) {
// Return credentials back to the client
const sendObject = {
username: result.username,
password: result.password
};
console.log(sendObject);
// Return code 200 (success) to the client
res.status(200).send(sendObject);
// Log to console when user logs in
console.log("User " + username + " logged in");
} else {
// If matching credentials were not found, return code 404 (wrong credentials) to the client
res.status(404).send()
}
})
.catch(error => {
res.status(500).send()
})
})