我是第一次制作關于忘記密碼然后重置密碼的 API。我面臨著奇怪的問題。沒有一個錯誤,它給了我密碼更新的成功狀態。問題是我的資料庫密碼沒有更新。
用戶架構:
const UserSchema = new mongoose.Schema({
email: { type: String, required: true, min: 6, max: 255 },
password: { type: String, required: true, min: 4, max: 1024 },
resetLink: { data: String, default: "" },
});
module.exports = mongoose.model("Users", UserSchema);
忘記密碼:(當用戶單擊忘記密碼并寫電子郵件時,會發生這種情況:
router.post("/forgot-password", async (req, res) => {
try {
const { email } = req.body.email;
//check if user is alredy in database
const user = await User.findOne({ email: req.body.email });
if (!user) return res.status(400).send("User doesn't exist");
// create token
const token = jwt.sign({ email: user.email, _id: user._id }, secretKey, {
expiresIn: "15m",
});
// generate resetUrl link using the token and id
const link = `http://localhost:3000/api/users/reset-password/${user._id}/${token}`;
res.send("password reset link has been sent to an email");
// SEND EMAIL
let transporter = nodemailer.createTransport({
host: "*******",
port: 587,
secure: false,
auth: {
user: "*******",
pass: "*******",
},
});
let info = transporter.sendMail({
from: '"Reset password" <*********>', // sender address
to: req.body.email, // list of receivers
subject: "Hello", // Subject line
html: `<p>Visit the: ${link}</p>`,
});
user.updateOne({ resetLink: token });
} catch (err) {
res.status(400).json(err);
}
});
修改密碼程序 首先get方法
router.get("/reset-password/:id/:token", async (req: any, res: any) => {
const { id, token } = req.params;
// Check if ID is valid
const user = await User.findOne({ _id: id });
if (!user)
return res.status(400).send("User doesn't exist");
try {
const verify = jwt.verify(token, secretKey);
res.render("reset-password", { email: user.email });
} catch (err) {
res.status(400).json(err);
}
});
然后發布方法
router.post("/reset-password/:id/:token", async (req: any, res: any) => {
const { id, token } = req.params;
const { password } = req.body.password;
const { password2 } = req.body.password2;
// Validate if user is alredy in database
const user = await User.findOne({ _id: id });
if (!user) return res.status(400).send("User doesn't exist");
try {
const verify = jwt.verify(token, secretKey);
// validate if password 1 and password 2 MATCH -> NOT YET
// Update password
const password = req.body.password2;
bcrypt.genSalt(saltRounds, (err: any, salt: any) => {
if (err) return res.json(err);
bcrypt.hash(password, salt, async (err: any, hash: any) => {
await user.save({ password: hash });
res.send("Password is updated!");
});
});
} catch (err) {
res.status(400).json(err);
}
});
如果有人可以告訴我或給我建議,如果我應該對更好的安全性有所改變,我也會很高興。
更新: 我將使用 Angular 作為前端,所以我什至不確定是否需要更改密碼中的 get 方法(我只是制作 res.render("reset-password", { email: user.email }) ; ) 對這條線的解釋將是完美的
謝謝大家!
uj5u.com熱心網友回復:
嘗試傳遞 password2給hash函式而不是生成新變數并更改設定新密碼的方式。
另外,您應該await使用以下save()功能:
router.post("/reset-password/:id/:token", async (req: any, res: any) => {
const { id, token } = req.params;
const { password, password2 } = req.body;
// Validate if user is alredy in database
const user = await User.findOne({ _id: id });
if (!user) return res.status(400).send("User doesn't exist");
try {
const verify = jwt.verify(token, secretKey);
// validate if password 1 and password 2 MATCH -> NOT YET
// Update password
bcrypt.genSalt(saltRounds, (err: any, salt: any) => {
if (err) return res.json(err);
bcrypt.hash(password2, salt, async (err: any, hash: any) => {
user.password = hash
await user.save()
res.send("Password is updated!");
});
});
} catch (err) {
res.status(400).json(err);
}
});
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/489688.html
下一篇:MongoDB找到最大值
