我正在构建一个Node.js应用程序,但在登录验证方面遇到了问题.我对bcryptjs使用的是Passport-local策略,但是当用户名在数据库中不存在时,它会正确地识别用户名,即使提供了错误的密码,它也会登录用户.
我可能犯了一个非常愚蠢的错误,但一些指点会很棒!
Passport.js:
const passport = require("passport");
const LocalStrategy = require("passport-local").Strategy;
const bcrypt = require("bcryptjs");
const connection = require("./database");
const User = connection.models.User;
const verifyUser = (username, password, done) => {
User.findOne({ username: username }).then((user) => {
if (user == null) {
return done(null, false, { message: "No user with this username" });
}
try {
if (bcrypt.compare(password, user.password)) {
return done(null, user);
} else {
return done(null, false, { message: "Incorrect password" });
}
} catch (err) {
return done(err);
}
});
};
passport.use(
new LocalStrategy(
{ usernameField: "username", passwordField: "password" },
verifyUser
)
);
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((userId, done) => {
User.findById(userId)
.then((user) => {
done(null, user);
})
.catch((err) => done(err));
});
注册和登录POST请求(auth.js):
router.post("/register", async (req, res, next) => {
const { error } = registerValidation(req.body);
if (error) {
return res.status(400).send({ message: error["details"][0]["message"] }); // Message to be tidied but works
}
const userExists_1 = await User.findOne({ username: req.body.username });
if (userExists_1) {
return res
.status(400)
.send({ message: "An account with the same username already exists" }); // Message to be tidied but works
}
const userExists_2 = await User.findOne({ email: req.body.email });
if (userExists_2) {
return res.status(400).send({
message: "An account is already registered to this email address", // Message to be tidied but works
});
}
try {
const hashedPassword = await bcrypt.hash(req.body.password, 10);
const user = new User({
username: req.body.username,
email: req.body.email,
password: hashedPassword,
});
user.save().then((user) => {
console.log(user);
});
res.redirect("./login");
} catch {
res.redirect("./register");
}
});
// ----------------------------------------------------
router.post(
"/login",
passport.authenticate("local", {
failureRedirect: "/login",
successRedirect: "/home",
failureFlash: true,
})
);