Javascript Question posted in
A very good W3school tutorial can be found here.

Javascript – Bcrypt Compare Password

I’m having problem in comparing the password and yes it is storing the hash of the password correctly when I’m registering.

Database – MongoDB
I’m using node.js version – v18.17.0
bcrypt version – 5.1.1

Here’s my userSchema –

const userSchema = new mongoose.Schema({
    username: { type: String, required: true, unique: true },
    email: { type: String, required: true, unique: true },
    password: { type: String, required: true },
});

userSchema.pre('save', async function (next) {
    try {
        if (!this.isModified('password')) {
            return next();
        }

        const hashedPassword = await bcrypt.hash(this.password, 10);
        this.password = hashedPassword;
        return next();
    } catch (error) {
        ...
    }
})

also here’s my AuthController.js file’s login part –

loginUser: async (req, res) => {
        try {
            const { email, password } = req.body;

            const user = await User.findOne({ email });
            if (!user) {
                return res.status(401).json({ error: 'Invalid email or password.' });
            }

            const trimmedPassword = password.trim();

            console.log('Password received:', password);
            console.log('User password:', user.password);

            const passwordMatch = await bcrypt.compare(trimmedPassword, user.password);
            console.log(passwordMatch);

            if (!passwordMatch) {
                return res.status(401).json({ error: 'Invalid email or password.' });
            }

            // Generate a JWT token
            const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expireIn: '1h' });

            res.json({ token, userId: user._id, username: user.username });
 } catch(error){...}

I’m using postman right now to check it, postman giving me error: ‘Invalid email or password’, and in the terminal i’m getting –

Password received: abcd

User password: $2b$10$3XqxT29oUNX8Sr86i/woPufzHf6s7OjP4yyNdirtGk9Zj0T3MdkAC

false

Tags:

2

Answers


  1. 0 
    loginUser: async (req, res) => {
try {
    const { email, password } = req.body;

    const user = await UserModel.findOne({ email: email });
    if (!user) {
        return res.status(401).json({ error: 'Invalid email or password.' });
    }

    const trimmedPassword = password.trim();
    console.log('Password received:', password);
    console.log('User password:', user.password);

    const passwordMatch = await bcrypt.compare(trimmedPassword, user.password);
    console.log(passwordMatch);

    if (!passwordMatch) {
        return res.status(401).json({ error: 'Invalid email or password.' });
    }

    const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });

    res.json({ token, userId: user._id, username: user.username });
} catch(error) {
    console.error(error);
    res.status(500).json({ error: 'An error occurred during the login process.' });
}

    }

    Login or Signup to reply.
  2. 0

    instead of comparing directly inside AuthController.js you can make sure youre accessing the right user by adding a method directly to User model (also make sure bcrypt is imported):

    userSchema.methods.comparePassword = function (candidatePassword) {
    return bcrypt.compareSync(candidatePassword, this.password);
};

    once you have relevant user inside AuthController.js:

    const isPasswordVerified = user.comparePassword(payload.password);
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search