未加星标

Node.js and Passport Object has no method validPassword

字体大小 | |
[前端(javascript) 所属分类 前端(javascript) | 发布者 店小二03 | 时间 2018 | 作者 红领巾 ] 0人收藏点击收藏

Please note that I'm a total beginner in Node.js so please be patient with me :)

I'm using Node.js + Express 3 + Passport to create a simple authentication(local) just to play around

and what I've reached so far that when a wrong username or password entered user is redirected to an error page

but when the user enters a correct username and password I get this error

node_modules\mongoose\lib\utils.js:435 throw err; ^ TypeError: Object { _id: 50b347decfd61ab9e9e6768f, username: 'saleh', password: '123456' } has no method 'validPassword'

I'm not sure what's wrong there

app.js (I removed the unnecessary code):

var passport = require('passport') , LocalStrategy = require('passport-local').Strategy; app.configure(function(){ app.set('port', process.env.PORT || 3000); app.set('views', __dirname + '/views'); app.set('view engine', 'ejs'); app.use(express.favicon()); app.use(express.logger('dev')); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(passport.initialize()); app.use(passport.session()); app.use(app.router); app.use(express.static(path.join(__dirname, 'public'))); }); var mongoose = require('mongoose'); var db = mongoose.createConnection('localhost', 'authTest'); var authSchema = mongoose.Schema({ username: 'string', password: 'string' }); var User = db.model('users', authSchema); passport.use(new LocalStrategy( function(username, password, done) { User.findOne({ username: username }, function (err, user) { if (err) { return done(err); } if (!user) { return done(null, false, { message: 'Incorrect username.' }); } if (!user.validPassword(password)) { return done(null, false, { message: 'Incorrect password.' }); } return done(null, user); }); } )); passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { User.findById(id, function(err, user) { done(err, user); }); }); app.post('/login', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/login/error', }) );

and now in routes/login.js

var mongoose = require('mongoose'); var db = mongoose.createConnection('localhost', 'authTest'); var authSchema = mongoose.Schema({ username: 'string', password: 'string' }); var User = db.model('users', authSchema); exports.index = function(req, res){ User.find(function (err, list) { res.render('login', { title: 'Usernames and Passwords', users: list,msg:""}); }); };

Thanks for your time.

Problem courtesy of: Muhammad Saleh

Solution

Well, this is kind of obvious, isn't it? You are using

if (!user.validPassword(password)) { return done(null, false, { message: 'Incorrect password.' }); }

but you haven't defined validPassword method. Attach it to your schema:

var authSchema = mongoose.Schema({ username: 'string', password: 'string' }); authSchema.methods.validPassword = function( pwd ) { // EXAMPLE CODE! return ( this.password === pwd ); };

EDITYou've also incorrectly defined the schema. It should be:

var authSchema = mongoose.Schema({ username: String, password: String });

Note that both username and password should be String type objects, not strings "string" , if you know what I mean. :)

Solution courtesy of: freakish

Discussion

Looks like you copied example from passportjs website, where Jared failed to mention how to implement it..

On the passport js github page he has another (simpler) example; he removed validPassword method altogether (line 18):

Example

if (user.password != password) { return cb(null, false); }

That's what I based my app on (using encryption) on top of it.

Discussion courtesy of: kernelpanic

Also being a noob at this, it took me a whole day to figure this one out. I used the history from another one of Jared's example apps and some crypto advice from folks on here.

First off I made a method that generates a salt (a big random number which is stringified), uses the salt and the user's password to create a hash (with the help of the nodejs 'crypto' module), and finally stores both the salt and the hash every time before mongoose saves a new account.

//make hash userSchema.pre('save', function(next) { var user = this; if(!user.isModified('password')) return next(); var rand = (Math.floor(Math.random() * 1000000000)).toString(36); var hash = crypto.createHash('md5').update(user.password + rand).digest("hex"); user.password = hash; user.salt = rand; next(); });

For the verification I simply take the inputted password (at login) and attempt the make the same hash again using the salt. I then compare the stored hash to the new one and return true or false accordingly.

// Password verification userSchema.methods.validPassword = function(password) { var testhash = crypto.createHash('md5').update(password + this.salt).digest("hex"); if(testhash === this.password) { return true; } else { return false; } }

Discussion courtesy of: Rorschach120

This recipe can be found in it's original form on Stack Over Flow .

本文前端(javascript)相关术语:javascript是什么意思 javascript下载 javascript权威指南 javascript基础教程 javascript 正则表达式 javascript设计模式 javascript高级程序设计 精通javascript javascript教程

tags: password,user,app,var,mongoose,username,return,function,done,passport,use
分页:12
转载请注明
本文标题:Node.js and Passport Object has no method validPassword
本站链接:https://www.codesec.net/view/597053.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 前端(javascript) | 评论(0) | 阅读(23)