I have a problem in which I can create hashed passwords in node -bcrypt and passport.js, but I cannot use a hashed password.
Im using nodejs, express, mongodb, mongoose, passport js, bcrypt.
What am i trying to do
The ability to log in as usual, but using bcrypt salted paswword, etc.
What I did I know that my routes, api and db work. Since my current setup logs users in and out if I use the usual password string instead of bcrypt.
I also checked my db and the bcrypt / salted password will appear in the password field.
I had an idea to use bcrypt from this article (so using this code): http://devsmash.com/blog/password-authentication-with-mongoose-and-bcrypt
Here is my code:
var express = require('express'), routes = require('./routes'), passport = require('passport'), util = require('util'), flash = require('connect-flash'), LocalStrategy = require('passport-local').Strategy, mongoose = require('mongoose'); mongoose.connect('mongodb://54.254.96.11/bcrypt') var Schema = mongoose.Schema; var ObjectId = Schema.ObjectId; bcrypt = require('bcrypt'), SALT_WORK_FACTOR = 10; var user = new Schema({ username: { type: String, required: true, index: { unique: true } }, password: { type: String, required: true }, email: String }); var user = mongoose.model('user', user); //Bcrypt Code user.pre('save', function(next) { var guest = this; // only hash the password if it has been modified (or is new) if (!guest.isModified('password')) return next(); // generate a salt bcrypt.genSalt(SALT_WORK_FACTOR, function(err, salt) { if (err) return next(err); // hash the password using our new salt bcrypt.hash(guest.password, salt, function(err, hash) { if (err) return next(err); // override the cleartext password with the hashed one guest.password = hash; next(); }); }); }); user.methods.comparePassword = function(candidatePassword, cb) { bcrypt.compare(candidatePassword, this.password, function(err, isMatch) { if (err) return cb(err); cb(null, isMatch); }); }; // passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { user.findById(id, function (err, user) { done(err, user); }); }); passport.use(new LocalStrategy( function(username, password, done) { // asynchronous verification, for effect... process.nextTick(function () { // Find the user by username. If there is no user with the given // username, or the password is not correct, set the user to `false` to // indicate failure and set a flash message. Otherwise, return the // authenticated `user`. user.findOne({ username: username}, function(err, user) { if (err) { return done(err); } if (!user) { return done(null, false, { message: 'Unknown user ' + username }); } if (user.password != password) { return done(null, false, { message: 'Invalid password' }); } return done(null, user); }) }); } )); // Relevant Express Routes app.post('/login', passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }), function(req, res) { res.redirect('/home'); }); app.post('/create', function(req, res, next){ var moot = new user({ "username": req.body.username, "password" : req.body.password, "email" : req.body.email}); moot.save(function (err) { if (!err) { res.redirect('/home'); } else { res.redirect('/'); } }); });