Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Passport-Local Mongoose - Change password?

I use Passport-Local Mongoose to encrypt the account's password. But I don't know how to change the password.

Can you give some document or example to do it? Thank you.

like image 961
Gà Rù Avatar asked Jul 24 '13 08:07

Gà Rù


People also ask

What does Passport local mongoose do?

Passport-Local Mongoose is a Mongoose plugin that simplifies building username and password login with Passport.

What is NPM Passport local?

This module lets you authenticate using a username and password in your Node. js applications. By plugging into Passport, local authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

How do I use Passport local strategy?

The following code is an example that configures and registers the LocalStrategy : var passport = require('passport'); var LocalStrategy = require('passport-local'); var crypto = require('crypto'); passport. use(new LocalStrategy(function verify(username, password, cb) { db. get('SELECT * FROM users WHERE username = ?'

What does Passport authenticate () do?

In this route, passport. authenticate() is middleware which will authenticate the request. By default, when authentication succeeds, the req. user property is set to the authenticated user, a login session is established, and the next function in the stack is called.


3 Answers

Looking at the source there is a function that is added to the schema called setPassword. I believe that after authenticating you can call it to change the password for the user.

schema.methods.setPassword = function (password, cb) {
    if (!password) {
        return cb(new BadRequestError(options.missingPasswordError));
    }

    var self = this;

    crypto.randomBytes(options.saltlen, function(err, buf) {
        if (err) {
            return cb(err);
        }

        var salt = buf.toString('hex');

        crypto.pbkdf2(password, salt, options.iterations, options.keylen, function(err, hashRaw) {
            if (err) {
                return cb(err);
            }

            self.set(options.hashField, new Buffer(hashRaw, 'binary').toString('hex'));
            self.set(options.saltField, salt);

            cb(null, self);
        });
    });
};
like image 123
user1441287 Avatar answered Sep 22 '22 04:09

user1441287


No need to authenticate. Retrieve user from account using findByUsername() method, which was placed on the model by passport-local-mongoose, then run setPassword(), then user.save() in the callback.

userModel.findByUsername(email).then(function(sanitizedUser){
    if (sanitizedUser){
        sanitizedUser.setPassword(newPasswordString, function(){
            sanitizedUser.save();
            res.status(200).json({message: 'password reset successful'});
        });
    } else {
        res.status(500).json({message: 'This user does not exist'});
    }
},function(err){
    console.error(err);
})

I call the user sanitizedUser() because I have configured passport-local-mongoose to not return the password or salt fields using findByUsername() and the passport options in the model.

like image 22
steampowered Avatar answered Sep 18 '22 04:09

steampowered


Good answer, but for ones who come from the MEAN stack (uses passport-local, not passport-local-mongoose):

//in app/models/user.js

/**
 * Virtuals
 */
UserSchema.virtual('password').set(function(password) {
    this._password = password;
    this.salt = this.makeSalt();
    this.hashed_password = this.encryptPassword(password);
}).get(function() {
    return this._password;
});

So this would change the pass:

user.password = '12345678';//and after this setter...
user.save(function(err){ //...save
    if(err)...
});
like image 39
adri14 Avatar answered Sep 20 '22 04:09

adri14