2017-05-07 136 views
0

我有一個MEAN應用程序試圖實現GET請求'/ changepassword'。該文件位於'/ users/changepassword'中。我使用Mongoose和bcryptjs進行密碼散列。請看下面我的代碼。更改密碼獲取請求不更改密碼

這是/用戶/ changepassword

// Change Password 
router.post('/changepassword', function(req, res){ 
    var username = req.body.username; 
    var password = req.body.oldPassword; 
    var newPassword = req.body.newPassword; 

    User.getUserByUserName(username, function(err, user){ 
    if(err) throw err; 
    if(user === null){ 
     res.json({success: false, msg: "The given username does not exist."}); 
    }else{ 
     User.comparePassword(password, user.password, function(err, isMatch){ 
     if(err) throw err; 
     if(isMatch) 
     { 
      User.changePassword(user, newPassword,function(err, changedPassword){ 
      if(err) throw err; 
      else{ 
       if(changedPassword === true){ 
       res.json({success: true, msg: "Your password has been changed."}); 
       } 
       else { 
       res.json({success: false, msg: "Your password was unable to be changed."}); 
       } 
      } 
      }); 
     } 
     }); 
    } 
    }); 
}); 

這是貓鼬changepassword功能位於/模型/用戶

module.exports.changePassword = function(user, newPassword, callback){ 
    var query = {username: user.username}; 
    bcrypt.genSalt(10, function(err, salt){ 
    bcrypt.hash(user.password, salt, function(err, hash){ 
    if (err) throw err; 
    else{ 
     user.password = hash; 
     User.findOneAndUpdate(query, { $set: { password: user.password }}, {new: true}, function(err, newUser){ 
     if(err) throw err; 
     else{ 
     bcrypt.compare(newPassword, newUser.password, function(err, isMatch){ 
      if(err) throw err; 
      console.log(isMatch); 
      callback(null, isMatch); 
      }); 
     } 
     }); 
    } 
    }); 
}); 
}; 

下面是/在/模型中使用的所有其他功能的用戶

module.exports.getUserByUserName = function(username, callback){ 
    var query = {username: username}; 
    User.findOne(query, callback); 
}; 

module.exports.comparePassword = function(candidatePassword, hash, callback){ 
    bcrypt.compare(candidatePassword, hash, function(err, isMatch){ 
    if(err) throw err; 
    callback(null, isMatch); 
    }); 
}; 

當我使用郵差,這是我收到的輸出

{ 
    "success": false, 
    "msg": "Your password was unable to be changed." 
} 

任何幫助非常感謝! :)

回答

0

發現什麼是錯的!

module.exports.changePassword = function(user, newPassword, callback){ 
    var query = {username: user.username}; 
    bcrypt.genSalt(10, function(err, salt){ 

// it has to be newPassword instead of user.password 
    bcrypt.hash(user.password, salt, function(err, hash){ 

    if (err) throw err; 
    else{ 
     user.password = hash; 
     User.findOneAndUpdate(query, { $set: { password: user.password }}, {new: true}, function(err, newUser){ 
     if(err) throw err; 
     else{ 
     bcrypt.compare(newPassword, newUser.password, function(err, isMatch){ 
      if(err) throw err; 
      console.log(isMatch); 
      callback(null, isMatch); 
      }); 
     } 
     }); 
    } 
    }); 
}); 
}; 

// CORRECT ONE 
module.exports.changePassword = function(user, newPassword, callback){ 
    var query = {username: user.username}; 
    bcrypt.genSalt(10, function(err, salt){ 
    bcrypt.hash(newPassword, salt, function(err, hash){ 
    if (err) throw err; 
    else{ 
     user.password = hash; 
     User.findOneAndUpdate(query, { $set: { password: user.password }}, {new: true}, function(err, newUser){ 
     if(err) throw err; 
     else{ 
     bcrypt.compare(newPassword, newUser.password, function(err, isMatch){ 
      if(err) throw err; 
      console.log(isMatch); 
      callback(null, isMatch); 
      }); 
     } 
     }); 
    } 
    }); 
}); 
};