I’m having problem in comparing the password and yes it is storing the hash of the password correctly when I’m registering.
Database – MongoDB
I’m using node.js version – v18.17.0
bcrypt version – 5.1.1
Here’s my userSchema –
const userSchema = new mongoose.Schema({
username: { type: String, required: true, unique: true },
email: { type: String, required: true, unique: true },
password: { type: String, required: true },
});
userSchema.pre('save', async function (next) {
try {
if (!this.isModified('password')) {
return next();
}
const hashedPassword = await bcrypt.hash(this.password, 10);
this.password = hashedPassword;
return next();
} catch (error) {
...
}
})
also here’s my AuthController.js file’s login part –
loginUser: async (req, res) => {
try {
const { email, password } = req.body;
const user = await User.findOne({ email });
if (!user) {
return res.status(401).json({ error: 'Invalid email or password.' });
}
const trimmedPassword = password.trim();
console.log('Password received:', password);
console.log('User password:', user.password);
const passwordMatch = await bcrypt.compare(trimmedPassword, user.password);
console.log(passwordMatch);
if (!passwordMatch) {
return res.status(401).json({ error: 'Invalid email or password.' });
}
// Generate a JWT token
const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expireIn: '1h' });
res.json({ token, userId: user._id, username: user.username });
} catch(error){...}
I’m using postman right now to check it, postman giving me error: ‘Invalid email or password’, and in the terminal i’m getting –
Password received: abcd
User password: $2b$10$3XqxT29oUNX8Sr86i/woPufzHf6s7OjP4yyNdirtGk9Zj0T3MdkAC
false
2
Answers
}
instead of comparing directly inside
AuthController.js
you can make sure youre accessing the right user by adding a method directly to User model (also make sure bcrypt is imported):once you have relevant user inside
AuthController.js
: