Mongoose: How can I access a select:false property in a schema method?

Question

Quick code:

var userSchema = new mongoose.Schema({
    username: String,
    password: {type: String, select: false}
});

userSchema.methods.checkPassword = function(password, done) {
    console.log(password);      // Password to check
    console.log(this.password); // stored password
    ...
};

I don't want the password to be accessible by default, but I need a method to check against a user inputted password before authenticating the user. I know I can do a query to the DB to include these values, but I'm a bit lost on how I could access the hidden property on the schema method itself. this in the method itself is just the returned query, so it seems like it is inaccessible? Should I be doing the checkPassword() function elsewhere?

Answer 1

You can explicitly allow the password field (with {select:"false"}) to be returned in your find call with "+" operator before field e.g.:

User.findOne({}).select("+password") // "+" = allow select hidden field

Answer 2

You can use select to select password in query. This is an example query.

User.findOne().select('password').exec(callback);

And this must be what you want to check password.

userSchema.methods.checkPassword = function(password, done) {
    User.findOne({username: this.username}).select('password').exec(function (err, user) {
        if (user.password == password)
            return true;
        else 
            return false;
    });
}

I hope this might help you.