I use Passport-Local Mongoose to encrypt the account's password. But I don't know how to change the password.
Can you give some document or example to do it? Thank you.
Passport-Local Mongoose is a Mongoose plugin that simplifies building username and password login with Passport.
This module lets you authenticate using a username and password in your Node. js applications. By plugging into Passport, local authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
The following code is an example that configures and registers the LocalStrategy : var passport = require('passport'); var LocalStrategy = require('passport-local'); var crypto = require('crypto'); passport. use(new LocalStrategy(function verify(username, password, cb) { db. get('SELECT * FROM users WHERE username = ?'
In this route, passport. authenticate() is middleware which will authenticate the request. By default, when authentication succeeds, the req. user property is set to the authenticated user, a login session is established, and the next function in the stack is called.
Looking at the source there is a function that is added to the schema called setPassword. I believe that after authenticating you can call it to change the password for the user.
schema.methods.setPassword = function (password, cb) {
if (!password) {
return cb(new BadRequestError(options.missingPasswordError));
}
var self = this;
crypto.randomBytes(options.saltlen, function(err, buf) {
if (err) {
return cb(err);
}
var salt = buf.toString('hex');
crypto.pbkdf2(password, salt, options.iterations, options.keylen, function(err, hashRaw) {
if (err) {
return cb(err);
}
self.set(options.hashField, new Buffer(hashRaw, 'binary').toString('hex'));
self.set(options.saltField, salt);
cb(null, self);
});
});
};
No need to authenticate. Retrieve user from account using findByUsername()
method, which was placed on the model by passport-local-mongoose, then run setPassword()
, then user.save()
in the callback.
userModel.findByUsername(email).then(function(sanitizedUser){
if (sanitizedUser){
sanitizedUser.setPassword(newPasswordString, function(){
sanitizedUser.save();
res.status(200).json({message: 'password reset successful'});
});
} else {
res.status(500).json({message: 'This user does not exist'});
}
},function(err){
console.error(err);
})
I call the user sanitizedUser()
because I have configured passport-local-mongoose to not return the password or salt fields using findByUsername()
and the passport options in the model.
Good answer, but for ones who come from the MEAN stack (uses passport-local, not passport-local-mongoose):
//in app/models/user.js
/**
* Virtuals
*/
UserSchema.virtual('password').set(function(password) {
this._password = password;
this.salt = this.makeSalt();
this.hashed_password = this.encryptPassword(password);
}).get(function() {
return this._password;
});
So this would change the pass:
user.password = '12345678';//and after this setter...
user.save(function(err){ //...save
if(err)...
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With