I'm creating an application using node js. in this application i already completed user login and registration via passport js. So now i need to provide access to the logged user to change there password. So i'm trying to do this in my own way but when i run this process the changed password doesn't updated and save it to the logged user's mongoose document. I'll provide the code that i used to that process. So i'm requesting you guys please let me know how can i do this in with my program.
This is my POST route for the change password.
app.post('/changePass/:hash', isLoggedIn, function(req, res){
cph.findOne({hash: req.params.hash}).populate('userId', "local.password -_id").exec(function(err, hash){
if(err) throw err;
if(validator.isEmpty(req.body.currentPassword) || validator.isEmpty(req.body.newPassword) || validator.isEmpty(req.body.confirmPassword)){
res.render('admin/settings/pages/cup/cpf', {
user: req.user,
message: 'Fields must be required',
data: hash
});
}
else {
if(!bcrypt.compareSync(req.body.currentPassword, hash.userId.local.password)){
res.render('admin/settings/pages/cup/cpf', {
user: req.user,
message: 'Current password is incurrect',
data: hash
});
}
else {
if(req.body.newPassword != req.body.confirmPassword){
res.render('admin/settings/pages/cup/cpf', {
user: req.user,
message: 'New password and confirm password do not match',
data: hash
});
}
else {
cph.update({$set:{'userId.local.password': bcrypt.hashSync(req.body.confirmPassword, bcrypt.genSaltSync(8), null)}}, function(){
console.log('Success')
});
}
}
}
});
});
This is the mongoose collection that creating a hash to change the password sending as a combined link to the logged user's email.
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var bcrypt = require('bcrypt-nodejs');
var cpHashSchema = Schema({
userId: {
type: Schema.ObjectId,
ref: 'users'
},
hash: {
type: String
}
});
module.exports = mongoose.model('changepasswordHash', cpHashSchema);
This is the user's collection
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var bcrypt = require('bcrypt-nodejs');
var userSchema = Schema({
active: {
type: Boolean,
default: false
},
first: {
type: String
},
last: {
type: String
},
email: {
type: String
},
local: {
username: {
type: String
},
password: {
type: String
}
},
joined: {
type: Date,
default: Date.now
},
usertype: {
type: String,
default: 'user'
}
});
userSchema.methods.generateHash = function(password) {
return bcrypt.hashSync(password, bcrypt.genSaltSync(8), null);
};
userSchema.methods.validPassword = function(password) {
return bcrypt.compareSync(password, this.local.password);
};
module.exports = mongoose.model('users', userSchema);
These are the source code that i'm using to build this application. So guys please help me to complete this application.
thank you
First of all - you trying to update changepasswordHash collection with fields from another table. MongoDB couldn't update related records.
You have to update users collection using userId something like:
users.update({_id: hash.userId._id}, {$set: {'local.password': newPass}}, callbackHere)
Related
I am trying to create controller for resetting user password in Node.JS.
The idea is to fetch the user from DB based on reset password token, do some validation update the relevant field and save it back to the DB.
However, I get an error when trying to save the updated user ("user.save is not a function").
What might be the reason?
I have a user model defined as follows:
const mongoose = require("mongoose");
const validator = require("validator");
const bcrypt = require("bcrypt");
const jwt = require("jsonwebtoken");
const crypto = require("crypto");
const userSchema = new mongoose.Schema({
name: {
type: String,
required: [true, "Please enter valid name"],
maxLength: [30, "Your name cannot exceed 30 characters]"],
},
email: {
type: String,
required: [true, "Please enter valid email"],
unique: true,
validate: [validator.isEmail, "Please enter valid email address"],
},
password: {
type: String,
requires: [true, "Please enter your password"],
minLength: [6, "Your password must be at least 6 characters"],
select: false,
},
avatar: {
public_id: { type: String, required: true },
url: { type: String, required: true },
},
role: { type: String, default: "user" },
createdAt: { type: Date, default: new Date().now },
resetPasswordToken: { type: String },
resetPasswordExpire: { type: Date },
});
userSchema.pre("save", async function (next) {
if (!this.isModified("password")) {
next();
}
this.password = await bcrypt.hash(this.password, 10);
});
// check password matching
userSchema.methods.isPasswordMatched = async function (inputPassword) {
return await bcrypt.compare(inputPassword, this.password);
};
// return JSON Web Token
userSchema.methods.getJwtToken = function () {
return jwt.sign({ id: this.id }, process.env.JWT_SECRET, {
expiresIn: process.env.JWT_EXPIRESIN_TIME,
});
};
// Generate password token
userSchema.methods.getResetPasswordToken = function () {
// Generate Token
const resetToken = crypto.randomBytes(20).toString("hex");
// Hash token
this.resetPasswordToken = crypto
.createHash("sha256")
.update(resetToken)
.digest("hex");
// set expired time
this.resetPasswordExpire = new Date(Date.now() + 30 * 60 * 1000);
return resetToken;
};
module.exports = mongoose.model("User", userSchema);
When I try to reset user password I try the following:
// get the user document from db (make sure token and expiration time are valid)
let user = User.findOne({
resetPasswordToken: resetPasswordToken,
resetPasswordExpire: { $gt: Date.now() },
});
// update password
user.password = req.body.password;
user.resetPasswordToken = undefined;
user.resetPasswordExpire = undefined;
user.save();
sendToken(user, 200, res);
for some reason I get an error:
"errorMsg": "user.save is not a function"
What might be the problem?
Probably, user is null or undefined, so you should handle the user null condition.
Also findOne and save returns promise, so you need to add await keyword before them.
Also you have a typo in user schema password field, requires should be required .
let user = await User.findOne({
resetPasswordToken: resetPasswordToken,
resetPasswordExpire: { $gt: Date.now() },
});
if (user) {
// update password
user.password = req.body.password;
user.resetPasswordToken = undefined;
user.resetPasswordExpire = undefined;
await user.save();
sendToken(user, 200, res);
} else {
res.status(400).send("No user found");
}
If you get the user null, you need to fix your query in findOne.
use await keyword to get mongoose hydrating the response
let user = await User.findOne({
resetPasswordToken: resetPasswordToken,
resetPasswordExpire: { $gt: Date.now() },
});
// update password
user.password = req.body.password;
user.resetPasswordToken = undefined;
user.resetPasswordExpire = undefined;
user.save();
sendToken(user, 200, res);
or you can do it like this
await User.findOneAndUpdate({
resetPasswordToken: resetPasswordToken,
resetPasswordExpire: { $gt: Date.now() },
},{password : req.body.password, resetPasswordToken : undefined,
resetPasswordExpire : undefined,});
Working on a personal project, one of the functions of the project is to update the user status on what event they are participating.
i wanted to submit a value using a button
<form action="/users/fooddrivebanner" method="POST"><button name="fooddrive" type="submit" value="fooddrive" id="fooddrive">Participate</button></form>
then pass the value to my route and save it inside my database
router.post('/fooddrivebanner', (req,res)=>{
const { fooddrive } = req.body;
const _id = ObjectId(req.session.passport.user._id);
User.findOne({ _id: _id }).then((user)=>{
if (!user) {
req.flash("error_msg", "user not found");
res.redirect("/fooddrivebanner");
}
if (typeof eventparticpating !== "undefined") {
user.eventparticpating = 'fooddrive';
}
user.save(function (err, resolve) {
if(err)
console.log('db error', err)
// saved!
});
})
.catch((err) => console.log(err));
Here is the User model
const mongoose = require('mongoose');
const UserSchema = new mongoose.Schema({
name: {
type: String,
required: true
},
email: {
type: String,
required: true
},
password: {
type: String,
required: true
},
date: {
type: Date,
default: Date.now
},
eventparticpating: {
type: String,
default: 'None At The Moment'
}
});
const User = mongoose.model('User', UserSchema);
module.exports = User;
It showed a console error
TypeError: Cannot set property 'eventparticpating' of null
UPDATE
Edit 1:
I followed Mr Gambino instructions, error Gone yet cannot update the database, how would i be able to adjust and find my user?
Instead of saving within the findOne function,you can do this:
router.post('/fooddrivebanner', async (req,res) => {
const { fooddrive } = req.body;
const _id = ObjectId(req.session.passport.user._id);
await User.findOne({ _id: _id }, (error, user) => {
if (error) {
req.flash("error_msg", "user not found");
res.redirect("/fooddrivebanner");
}
}).updateOne({ eventparticpating: "foodrive" });
});
I hope that answers your question
When registering, my user doesn't get saved to the database. Does anyone know what is going wrong here?
Schema + model:
const mongoose = require('mongoose');
mongoose.connect('mongodb://localhost:27017/testusers', {useNewUrlParser: true});
const Schema = mongoose.Schema;
let userSchema = new Schema({
steamId: String,
username: String,
avatar: String,
tradelink: String,
balance: Number,
});
let userModel = mongoose.model('User', userSchema);
Find and save:
userModel.findOne({ steamId: profile.id } , (err,user) => {
if(!user) {
let newUser = new userModel({steamId:profile._json.steamid, username: profile._json.personaname,avatar: profile._json.avatar, tradelink: '', balance:0});
console.log(newUser);
newUser.save((err,user) =>{
console.log(err);
console.log('created user');
return done(err,user);
});
}
else {
console.log('user exists');
return done(err,user);
}
});
Collection data (empty after save): https://prnt.sc/rmlsc2
Console output:
PS C:****> node app.js
(node:26628) DeprecationWarning: current Server Discovery and Monitoring engine is deprecated, and will be removed in a future version. To use the new Server Discover and Monitoring engine, pass option { useUnifiedTopology: true } to the MongoClient constructor.
{
_id: 5e7b78aae3903a680486cb13,
steamId: '76561198126366365',
username: 'BaeWolfy',
avatar: 'https://steamcdn-a.akamaihd.net/steamcommunity/public/images/avatars/d3/d36a7d04988b8730a0a75516a7dbfa24ee1a45fc.jpg',
tradelink: '',
balance: 0
}
null
created user
Made a stupid mistake in the connection string I used localhost instead of my atlas cluster connection string. It is working now.
The above query returns a 200 when I try to create a User, but whenever I log into MongoDB there is no collections created. Can anyone help ?
//user model
const userSchema = mongoose.Schema({
name: {
type : String,
required : true,
trim : true
},
email: {
type: String,
required: true,
unique: true,
lowercase: true,
validate: value => {
if(!validator.isEmail(value)){
throw new Error({error : 'Invalid email address'})
}
}
},
password: {
type: String,
required: true,
minLength: 5
},
// a user can have multiple jobs
jobs : [{
type: mongoose.Schema.Types.ObjectId,
ref: 'Job'
}],
tokens: [{
token: {
type: String,
required: true
}
}]
})
const User = mongoose.model('User', userSchema)
module.exports = User
// user functions written
createUser(name, email, password){
return User.create({name: name, email: email, password : password}, (err, docs) => {
if(err){
throw err.message;
}
});
}
//routes.js
// user create
router.post('/users', async(req, res) => {
try{
const {name, email, password } = req.body
const user = userManager.createUser(name, email, password); [1]
res.status(200).json(user)
}
catch(error) {
res.status(400).send({error : error.message})
}
})
The line[1] returns undefined. Why ?
note : all module requirements are fulfilled
After you create the schema you need to create a Model FROM that schema.
Example from MDN:
// Define schema
var Schema = mongoose.Schema;
var SomeModelSchema = new Schema({
a_string: String,
a_date: Date
});
// Compile model from schema
var SomeModel = mongoose.model('SomeModel', SomeModelSchema );
Now after you create the model you can use SomeModel.create
EDIT:
line[1] will always return undefined because you are using callbacks and only way to get value out of callback is either push another callback(I would really discourage that). But best way is to use Promises now mongoose by default supports `Promises. So, basically for promises it will be,
// user functions written
async function createUser(name, email, password){
try {
return await User.create({ name: name, email: email, password: password });
} catch (err) {
throw err.message;
}
}
In the router adda await:
const user = await userManager.createUser(name, email, password);
The problem is you call an asynchronous function synchronously. It returned undefined because the function hasn't been resolved yet.
A solution could be to use promises or async/await.
Example:
async createUser(name, email, password) {
const createdUser = await User.create({name,email,password});
return creaatedUser;
}
Something I ran into was you need to pass in an empty object if your not setting any fields - i.e.
Good: Model.create({})
Bad: Model.create()
I have this Mongoose schema in a Nodejs application:
const mongoose = require('mongoose'),
Schema = mongoose.Schema,
sodium = require('sodium').api;
const UserSchema = new Schema({
username: {
type: String,
required: true,
index: { unique: true }
},
salt: {
type: String,
required: false
},
password: {
type: String,
required: true
}
});
UserSchema.methods.comparePassword = function(candidatePassword, targetUser) {
let saltedCandidate = candidatePassword + targetUser.salt;
if (sodium.crypto_pwhash_str_verify(saltedCandidate, targetUser.password)) {
return true;
};
return false;
};
module.exports = mongoose.model('User', UserSchema);
And I created this routes file.
const _ = require('lodash');
const User = require('../models/user.js'); // yes, this is the correct location
module.exports = function(app) {
app.post('/user/isvalid', function(req, res) {
User.find({ username: req.body.username }, function(err, user) {
if (err) {
res.json({ info: 'that user name or password is invalid. Maybe both.' });
};
if (user) {
if (User.comparePassword(req.body.password, user)) {
// user login
res.json({ info: 'login successful' });
};
// login fail
res.json({ info: 'that user name or password is invalid Maybe both.' });
} else {
res.json({ info: 'that user name or password is invalid. Maybe both.' });
};
});
});
};
I then use Postman to make a call to 127.0.0.1:3001/user/isvalid with an appropriate Body content. The terminal says tell me TypeError: User.comparePassword is not a function and crashes the app.
Since the if (user) bit passes, that indicates to me that I have properly retrieved a document from Mongo and have an instance of the User schema. Why is the method not valid?
eta: the module export I failed to copy/paste originally
This creates instance method:
UserSchema.methods.comparePassword = function(candidatePassword, targetUser) {
// ...
};
If you want a static method use this:
UserSchema.statics.comparePassword = function(candidatePassword, targetUser) {
// ...
};
Static methods are when you want to call it as User.comparePassword().
Instance methods are when you want to call it as someUser.comparePassword() (which in this case would make a lot of sense so that you wouldn't have to pass the user instance explicitly).
See the documentation:
http://mongoosejs.com/docs/guide.html#methods
http://mongoosejs.com/docs/guide.html#statics